From 0a0d156533a4b94e8e168a1dc771d62984d9280c Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Tue, 11 Nov 2008 18:58:21 -0700
Subject: [PATCH] Sanity checking.

Since it is technically possible to pass in MIME IDs through URL
params, we need to sanity check when stripping parts.
---
 imp/lib/Message.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/imp/lib/Message.php b/imp/lib/Message.php
index 6d3c71c0e..ca6cc2280 100644
--- a/imp/lib/Message.php
+++ b/imp/lib/Message.php
@@ -463,8 +463,19 @@ class IMP_Message
         if (is_null($partid)) {
             $partids = $contents->getDownloadAllList();
         } else {
+            /* Sanity checking: make sure part does not live under a
+             * message/rfc822 part. */
+            $content_map = $message->contentTypeMap();
+            $id = $partid;
+            while (($id = Horde_Mime::mimeIdArithmetic($id)) !== null) {
+                if ($content_map[$id] == 'message/rfc822') {
+                    return PEAR::raiseError(_("Cannot strip a MIME part contained within a message/rfc822 part."));
+                }
+            }
+
             $partids = array($partid);
         }
+
         foreach ($partids as $partid) {
             $oldPart = $message->getPart($partid);
             if (!is_a($oldPart, 'Horde_Mime_Part')) {
-- 
2.11.0