|
|
|
|
@ -369,17 +369,36 @@ class enigma_engine
|
|
|
|
|
*/
|
|
|
|
|
function part_structure($p, $body = null)
|
|
|
|
|
{
|
|
|
|
|
static $got_content = false;
|
|
|
|
|
|
|
|
|
|
// Prevent from "decryption oracle" [CVE-2019-10740] (#6638)
|
|
|
|
|
// On mail compose (edit/reply/forward) we support encrypted content only
|
|
|
|
|
// in the first "content part" of the message.
|
|
|
|
|
if ($got_content && $this->rc->task == 'mail' && $this->rc->action == 'compose') {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Don't be tempted to support encryption in text/html parts
|
|
|
|
|
// Because of EFAIL vulnerability we should never support this (#6289)
|
|
|
|
|
|
|
|
|
|
if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') {
|
|
|
|
|
$this->parse_plain($p, $body);
|
|
|
|
|
$got_content = true;
|
|
|
|
|
}
|
|
|
|
|
else if ($p['mimetype'] == 'multipart/signed') {
|
|
|
|
|
$this->parse_signed($p, $body);
|
|
|
|
|
$got_content = true;
|
|
|
|
|
}
|
|
|
|
|
else if ($p['mimetype'] == 'multipart/encrypted') {
|
|
|
|
|
$this->parse_encrypted($p);
|
|
|
|
|
$got_content = true;
|
|
|
|
|
}
|
|
|
|
|
else if ($p['mimetype'] == 'application/pkcs7-mime') {
|
|
|
|
|
$this->parse_encrypted($p);
|
|
|
|
|
$got_content = true;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$got_content = $p['structure']->type === 'content';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $p;
|
|
|
|
|
|
Aleksander Machniak
6 years ago