Skip to content

Commit

Permalink
[mms] Add permission to limit the maximum body size of a composed mes…
Browse files Browse the repository at this point in the history 
…sage.
  • Loading branch information
@slusarz
slusarz committed Dec 30, 2013
1 parent 234a0c8 commit 28ff620
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 13 deletions.
1 change: 1 addition & 0 deletions imp/docs/CHANGES
View file
Expand Up @@ -2,6 +2,7 @@
v6.2.0-git
----------

[mms] Add permission to limit the maximum body size of a composed message.
[mms] Show placeholder image when dropping onto HTML editor while the image is
uploaded to the server.
[mms] Add rate limiting to new mail notification alerts to prevent flooding of
Expand Down
6 changes: 6 additions & 0 deletions imp/docs/UPGRADING
View file
Expand Up @@ -65,6 +65,12 @@ MIME Viewer Options (mime_drivers.php)
The 'pgp_inline' config parameter has been added to the plaintext driver.


Permissions
-----------

The 'max_bodysize' permission has been added.


Preferences (prefs.php)
-----------------------

Expand Down
10 changes: 9 additions & 1 deletion imp/lib/Compose.php
View file
Expand Up @@ -721,8 +721,15 @@ public function buildAndSendMessage(
}
}

$encrypt = empty($opts['encrypt']) ? 0 : $opts['encrypt'];
/* Check body size of message. */
$imp_imap = $injector->getInstance('IMP_Factory_Imap')->create();
if (!$imp_imap->accessCompose(IMP_Imap::ACCESS_COMPOSE_BODYSIZE, strlen($body))) {
Horde::permissionDeniedError('imp', 'max_bodysize');
throw new IMP_Compose_Exception(sprintf(
_("Your message body has exceeded the limit by body size by %d characters."),
(strlen($body) - $imp_imap->max_compose_bodysize)
));
}

$from = new Horde_Mail_Rfc822_Address($header['from']);
if (is_null($from->host)) {
Expand All @@ -732,6 +739,7 @@ public function buildAndSendMessage(
/* Prepare the array of messages to send out. May be more
* than one if we are encrypting for multiple recipients or
* are storing an encrypted message locally. */
$encrypt = empty($opts['encrypt']) ? 0 : $opts['encrypt'];
$send_msgs = array();
$msg_options = array(
'encrypt' => $encrypt,
Expand Down
47 changes: 35 additions & 12 deletions imp/lib/Imap.php
View file
Expand Up @@ -25,6 +25,8 @@
* @property-read Horde_Imap_Client_Base $client_ob The IMAP client object.
* @property-read IMP_Imap_Config $config Base backend config settings.
* @property-read boolean $init Has the IMAP object been initialized?
* @property-read integer $max_compose_bodysize The maximum size (in bytes)
* of the compose message body.
* @property-read integer $max_compose_recipients The maximum number of
* recipients to send to per
* compose message.
Expand All @@ -46,6 +48,7 @@ class IMP_Imap implements Serializable
const ACCESS_TRASH = 5;
const ACCESS_CREATEMBOX = 6;
const ACCESS_CREATEMBOX_MAX = 7;
const ACCESS_COMPOSE_BODYSIZE = 13;
const ACCESS_COMPOSE_RECIPIENTS = 8;
const ACCESS_COMPOSE_TIMELIMIT = 9;
const ACCESS_ACL = 10;
Expand Down Expand Up @@ -128,6 +131,7 @@ public function __get($key)
case 'init':
return isset($this->_ob);

case 'max_compose_bodysize':
case 'max_compose_recipients':
case 'max_compose_timelimit':
$perm = $GLOBALS['injector']->getInstance('Horde_Perms')->getPermissions('imp:' . str_replace('max_compose', 'max', $key), $GLOBALS['registry']->getAuth());
Expand Down Expand Up @@ -397,27 +401,46 @@ public function access($right)
/**
* Checks compose access rights for a server.
*
* @param integer $right Access right.
* @param integer $email_count The number of e-mail recipients.
* @param integer $right Access right.
* @param integer $data Data required to check the rights:
* <pre>
* - ACCESS_COMPOSE_BODYSIZE
* The size of the body data.
*
* - ACCESS_COMPOSE_RECIPIENTS
* - ACCESS_COMPOSE_TIMELIMIT
* The number of e-mail recipients.
* </pre>
*
* @return boolean Is the access allowed?
*/
public function accessCompose($right, $email_count)
public function accessCompose($right, $data)
{
switch ($right) {
case self::ACCESS_COMPOSE_BODYSIZE:
$perm_name = 'max_bodysize';
break;

case self::ACCESS_COMPOSE_RECIPIENTS:
$perm_name = 'max_recipients';
break;

case self::ACCESS_COMPOSE_TIMELIMIT:
return $GLOBALS['injector']->getInstance('Horde_Core_Perms')->hasAppPermission(
($right == self::ACCESS_COMPOSE_RECIPIENTS) ? 'max_recipients' : 'max_timelimit',
array(
'opts' => array(
'value' => $email_count
)
)
);
$perm_name = 'max_timelimit';
break;

default:
return false;
}

return false;
return $GLOBALS['injector']->getInstance('Horde_Core_Perms')->hasAppPermission(
$perm_name,
array(
'opts' => array(
'value' => $data
)
)
);
}

/**
Expand Down
10 changes: 10 additions & 0 deletions imp/lib/Perms.php
View file
Expand Up @@ -50,6 +50,16 @@ public function __construct()
'title' => _("Allow mailbox creation?"),
'type' => 'boolean'
),
'max_bodysize' => array(
'global' => true,
'handle' => function($allowed, $opts) {
return isset($opts['value'])
? (intval($allowed[0]) >= $opts['value'])
: $allowed;
},
'title' => _("Maximum size (bytes) of compose body"),
'type' => 'int'
),
'max_recipients' => array(
'global' => true,
'handle' => function($allowed, $opts) {
Expand Down
1 change: 1 addition & 0 deletions imp/package.xml
View file
Expand Up @@ -33,6 +33,7 @@
</stability>
<license uri="http://www.horde.org/licenses/gpl">GPL-2.0</license>
<notes>
* [mms] Add permission to limit the maximum body size of a composed message.
* [mms] Show placeholder image when dropping onto HTML editor while the image is uploaded to the server.
* [mms] Add rate limiting to new mail notification alerts to prevent flooding of the remote mail server (Request #12705).
* [mms] Browser stored preferences are now prefixed by user information.
Expand Down

0 comments on commit 28ff620

Please sign in to comment.