Fix missing CSRF token in message download (#6621)

pull/6622/head
Mario Harjac 6 years ago
parent 641a67fe75
commit 136175e445

@ -609,6 +609,7 @@ function rcmail_message_body($attrib)
$safe_mode = $MESSAGE->is_safe || intval($_GET['_safe']); $safe_mode = $MESSAGE->is_safe || intval($_GET['_safe']);
$out = ''; $out = '';
$part_no = 0; $part_no = 0;
$token = $RCMAIL->get_request_token();
$header_attrib = array(); $header_attrib = array();
foreach ($attrib as $attr => $value) { foreach ($attrib as $attr => $value) {
@ -647,7 +648,7 @@ function rcmail_message_body($attrib)
// #1487424: we need up to 10x more memory than the body // #1487424: we need up to 10x more memory than the body
else if (!rcube_utils::mem_check($part->size * 10)) { else if (!rcube_utils::mem_check($part->size * 10)) {
$out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' ' $out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_token='.$token.'&_part='.$part->mime_id
.'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download'))); .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
continue; continue;
} }
@ -698,7 +699,7 @@ function rcmail_message_body($attrib)
// #1487424: we need up to 10x more memory than the body // #1487424: we need up to 10x more memory than the body
if (!rcube_utils::mem_check(strlen($MESSAGE->body) * 10)) { if (!rcube_utils::mem_check(strlen($MESSAGE->body) * 10)) {
$out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' ' $out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part=0' . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_token='.$token.'&_part=0'
.'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download'))); .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
} }
else { else {

Loading…
Cancel
Save