Commit 6489f20d authored by Milan Crha's avatar Milan Crha

I#784 - Warn about and limit what can be attached using mailto: URI

Closes #784
parent 5186fe43
...@@ -4761,7 +4761,8 @@ handle_mailto (EMsgComposer *composer, ...@@ -4761,7 +4761,8 @@ handle_mailto (EMsgComposer *composer,
gchar *header, *content, *buf; gchar *header, *content, *buf;
gsize nread, nwritten; gsize nread, nwritten;
const gchar *p; const gchar *p;
gint len, clen; gint len, clen, has_attachments = 0;
gboolean has_blacklisted_attachment = FALSE;
table = e_msg_composer_get_header_table (composer); table = e_msg_composer_get_header_table (composer);
view = e_msg_composer_get_attachment_view (composer); view = e_msg_composer_get_attachment_view (composer);
...@@ -4844,22 +4845,36 @@ handle_mailto (EMsgComposer *composer, ...@@ -4844,22 +4845,36 @@ handle_mailto (EMsgComposer *composer,
} else if (!g_ascii_strcasecmp (header, "attach") || } else if (!g_ascii_strcasecmp (header, "attach") ||
!g_ascii_strcasecmp (header, "attachment")) { !g_ascii_strcasecmp (header, "attachment")) {
EAttachment *attachment; EAttachment *attachment;
GFile *file;
camel_url_decode (content); camel_url_decode (content);
if (file_is_blacklisted (content))
e_alert_submit (
E_ALERT_SINK (e_msg_composer_get_editor (composer)),
content, NULL);
if (g_ascii_strncasecmp (content, "file:", 5) == 0) if (g_ascii_strncasecmp (content, "file:", 5) == 0)
attachment = e_attachment_new_for_uri (content); attachment = e_attachment_new_for_uri (content);
else else
attachment = e_attachment_new_for_path (content); attachment = e_attachment_new_for_path (content);
file = e_attachment_ref_file (attachment);
if (!file || !g_file_peek_path (file) ||
!g_file_test (g_file_peek_path (file), G_FILE_TEST_EXISTS) ||
g_file_test (g_file_peek_path (file), G_FILE_TEST_IS_DIR)) {
/* Do nothing, simply ignore the attachment request */
} else {
if (file_is_blacklisted (content)) {
has_blacklisted_attachment = TRUE;
e_alert_submit (
E_ALERT_SINK (e_msg_composer_get_editor (composer)),
content, NULL);
e_attachment_store_add_attachment (store, attachment); e_attachment_store_add_attachment (store, attachment);
e_attachment_load_async ( e_attachment_load_async (
attachment, (GAsyncReadyCallback) attachment, (GAsyncReadyCallback)
e_attachment_load_handle_error, composer); e_attachment_load_handle_error, composer);
g_object_unref (attachment); g_object_unref (attachment);
g_clear_object (&file);
} else if (!g_ascii_strcasecmp (header, "from")) { } else if (!g_ascii_strcasecmp (header, "from")) {
/* Ignore */ /* Ignore */
} else if (!g_ascii_strcasecmp (header, "reply-to")) { } else if (!g_ascii_strcasecmp (header, "reply-to")) {
...@@ -4883,6 +4898,29 @@ handle_mailto (EMsgComposer *composer, ...@@ -4883,6 +4898,29 @@ handle_mailto (EMsgComposer *composer,
g_free (buf); g_free (buf);
if (has_attachments && !has_blacklisted_attachment) {
const gchar *primary;
gchar *secondary;
primary = g_dngettext (GETTEXT_PACKAGE,
"Review attachment before sending.",
"Review attachments before sending.",
secondary = g_strdup_printf (g_dngettext (GETTEXT_PACKAGE,
"There had been added %d attachment. Make sure it does not contain any sensitive information before sending the message.",
"There had been added %d attachments. Make sure they do not contain any sensitive information before sending the message.",
e_alert_submit (
E_ALERT_SINK (e_msg_composer_get_editor (composer)),
primary, secondary, NULL);
g_free (secondary);
merge_always_cc_and_bcc (table, to, &cc, &bcc); merge_always_cc_and_bcc (table, to, &cc, &bcc);
tov = destination_list_to_vector (to); tov = destination_list_to_vector (to);
<?xml version="1.0"?> <?xml version="1.0"?>
<error-list domain="system"> <error-list domain="system">
<error type="error" id="generic-error"> <error id="generic-error" type="error">
<error id="generic-warning" type="warning">
<primary>{0}</primary> <primary>{0}</primary>
<secondary>{1}</secondary> <secondary>{1}</secondary>
</error> </error>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment