From: Michael M Slusarz <slusarz@curecanti.org>
Date: Wed, 12 Nov 2008 01:58:21 +0000 (-0700)
Subject: Sanity checking.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=0a0d156533a4b94e8e168a1dc771d62984d9280c;p=horde.git

Sanity checking.

Since it is technically possible to pass in MIME IDs through URL
params, we need to sanity check when stripping parts.
---

diff --git a/imp/lib/Message.php b/imp/lib/Message.php
index 6d3c71c0e..ca6cc2280 100644
--- a/imp/lib/Message.php
+++ b/imp/lib/Message.php
@@ -463,8 +463,19 @@ class IMP_Message
         if (is_null($partid)) {
             $partids = $contents->getDownloadAllList();
         } else {
+            /* Sanity checking: make sure part does not live under a
+             * message/rfc822 part. */
+            $content_map = $message->contentTypeMap();
+            $id = $partid;
+            while (($id = Horde_Mime::mimeIdArithmetic($id)) !== null) {
+                if ($content_map[$id] == 'message/rfc822') {
+                    return PEAR::raiseError(_("Cannot strip a MIME part contained within a message/rfc822 part."));
+                }
+            }
+
             $partids = array($partid);
         }
+
         foreach ($partids as $partid) {
             $oldPart = $message->getPart($partid);
             if (!is_a($oldPart, 'Horde_Mime_Part')) {