Fix missing CSRF token in message download (#6621)

pull/6622/head
Mario Harjac 6 years ago
parent 641a67fe75
commit 136175e445

@ -609,6 +609,7 @@ function rcmail_message_body($attrib)
$safe_mode = $MESSAGE->is_safe || intval($_GET['_safe']);
$out = '';
$part_no = 0;
$token = $RCMAIL->get_request_token();
$header_attrib = array();
foreach ($attrib as $attr => $value) {
@ -647,7 +648,7 @@ function rcmail_message_body($attrib)
// #1487424: we need up to 10x more memory than the body
else if (!rcube_utils::mem_check($part->size * 10)) {
$out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_token='.$token.'&_part='.$part->mime_id
.'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
continue;
}
@ -698,7 +699,7 @@ function rcmail_message_body($attrib)
// #1487424: we need up to 10x more memory than the body
if (!rcube_utils::mem_check(strlen($MESSAGE->body) * 10)) {
$out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part=0'
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_token='.$token.'&_part=0'
.'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
}
else {

Loading…
Cancel
Save