-# Copyright (C) 2013, Eric Wong <normalperson@yhbt.net> and all contributors
+# Copyright (C) 2013-2015 all contributors <meta@public-inbox.org>
# License: AGPLv3 or later (https://www.gnu.org/licenses/agpl-3.0.txt)
#
# This only exposes one function: run
use Email::Filter;
use IPC::Run;
our $VERSION = '0.0.1';
+use constant NO_HTML => '*** We only accept plain-text email, no HTML ***';
# start with the same defaults as mailman
-our $BAD_EXT = qr/\.(?:exe|bat|cmd|com|pif|scr|vbs|cpl)\z/i;
+our $BAD_EXT = qr/\.(exe|bat|cmd|com|pif|scr|vbs|cpl|zip)\s*\z/i;
our $MIME_HTML = qr!\btext/html\b!i;
our $MIME_TEXT_ANY = qr!\btext/[a-z0-9\+\._-]+\b!i;
# this is highly opinionated delivery
# returns 0 only if there is nothing to deliver
sub run {
- my ($class, $mime) = @_;
+ my ($class, $mime, $filter) = @_;
my $content_type = $mime->header('Content-Type') || 'text/plain';
if ($content_type =~ m!\btext/plain\b!i) {
return 1; # yay, nothing to do
} elsif ($content_type =~ $MIME_HTML) {
+ $filter->reject(NO_HTML) if $filter;
# HTML-only, non-multipart
my $body = $mime->body;
my $ct_parsed = parse_content_type($content_type);
replace_body($mime, $body);
return 1;
} elsif ($content_type =~ m!\bmultipart/!i) {
- return strip_multipart($mime, $content_type);
+ return strip_multipart($mime, $content_type, $filter);
} else {
replace_body($mime, "$content_type message scrubbed");
return 0;
# this is to correct user errors and not expected to cover all corner cases
# if users don't want to hit this, they should be sending text/plain messages
# unfortunately, too many people send HTML mail and we'll attempt to convert
-# it to something safer, smaller and harder-to-track.
+# it to something safer, smaller and harder-to-spy-on-users-with.
sub strip_multipart {
- my ($mime, $content_type) = @_;
+ my ($mime, $content_type, $filter) = @_;
my (@html, @keep);
my $rejected = 0;
# some extensions are just bad, reject them outright
my $fn = $part->filename;
if (defined($fn) && $fn =~ $BAD_EXT) {
+ $filter->reject("Bad file type: $1") if $filter;
$rejected++;
return;
}
if ($part_type =~ m!\btext/plain\b!i) {
push @keep, $part;
} elsif ($part_type =~ $MIME_HTML) {
+ $filter->reject(NO_HTML) if $filter;
push @html, $part;
} elsif ($part_type =~ $MIME_TEXT_ANY) {
# Give other text attachments the benefit of the doubt,
push @keep, $part;
} elsif ($part_type eq '' ||
- $part_type =~ m!\Aapplication/octet-stream\z!i) {
+ $part_type =~ m!\bapplication/octet-stream\b!i) {
# unfortunately, some mailers don't set correct types,
# let messages of unknown type through but do not
# change the sender-specified type
if (recheck_type_ok($part)) {
push @keep, $part;
+ } elsif ($filter) {
+ $filter->reject('no attachments')
} else {
$rejected++;
}
- } elsif ($part_type =~ m!\Aapplication/pgp-signature\z!i) {
+ } elsif ($part_type =~ m!\bapplication/pgp-signature\b!i) {
# PGP signatures are not huge, we may keep them.
# They can only be valid if it's the last element,
# so we keep them iff the message is unmodified:
push @keep, $part;
}
} else {
+ $filter->reject('no attachments') if $filter;
# reject everything else, including non-PGP signatures
$rejected++;
}
$mime->header_set('Content-Type', $part->content_type);
$mime->body_set($part->body_raw);
my $cte = $part->header('Content-Transfer-Encoding');
- if (defined($cte) && length($cte)) {
+ if (defined($cte) && $cte ne '') {
$mime->header_set('Content-Transfer-Encoding', $cte);
}
mark_changed($mime);