Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)

pull/6072/head
Aleksander Machniak 7 years ago
parent ae35ccd2af
commit 4829e2849f

@ -24,6 +24,7 @@ RELEASE 1.3.1
- Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
- Fix potential XSS vulnerability with malformed HTML message markup
- Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
- Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)
RELEASE 1.3.0
-------------

@ -153,7 +153,7 @@ class enigma_driver_gnupg extends enigma_driver
$this->gpg->addDecryptKey($key, $password);
}
$result = $this->gpg->decryptAndVerify($text);
$result = $this->gpg->decryptAndVerify($text, true);
if (!empty($result['signatures'])) {
$signature = $this->parse_signature($result['signatures'][0]);
@ -463,7 +463,7 @@ class enigma_driver_gnupg extends enigma_driver
{
$data = new enigma_signature();
$data->id = $sig->getId();
$data->id = $sig->getId() ?: $sig->getKeyId();
$data->valid = $sig->isValid();
$data->fingerprint = $sig->getKeyFingerprint();
$data->created = $sig->getCreationDate();

@ -919,7 +919,10 @@ class enigma_ui
$attrib['id'] = 'enigma-message';
if ($sig instanceof enigma_signature) {
$sender = ($sig->name ? $sig->name . ' ' : '') . '<' . $sig->email . '>';
$sender = $sig->name ?: '';
if ($sig->email) {
$sender .= ' <' . $sig->email . '>';
}
if ($sig->valid === enigma_error::UNVERIFIED) {
$attrib['class'] = 'enigmawarning';
@ -934,8 +937,14 @@ class enigma_ui
}
else {
$attrib['class'] = 'enigmawarning';
if ($sender) {
$msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('siginvalid')));
}
else {
$msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($sig->id),
$this->enigma->gettext('signokey')));
}
}
}
else if ($sig && $sig->getCode() == enigma_error::KEYNOTFOUND) {
$attrib['class'] = 'enigmawarning';

Loading…
Cancel
Save