No ext_urls

[public-inbox.git] / lib / PublicInbox / WwwAttach.pm

diff --git a/lib/PublicInbox/WwwAttach.pm b/lib/PublicInbox/WwwAttach.pm
index 09c66d0239cb40a5a3942f957154b4ec54fc1097..87844bf3f0e466a1b686f4e54eb0a9a6d5dd60ad 100644 (file)
--- a/lib/PublicInbox/WwwAttach.pm
+++ b/lib/PublicInbox/WwwAttach.pm
@@ -1,27 +1,27 @@
-# Copyright (C) 2016-2020 all contributors <meta@public-inbox.org>
+# Copyright (C) all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 
 # For retrieving attachments from messages in the WWW interface
 package PublicInbox::WwwAttach; # internal package
 use strict;
+use v5.10.1;
 use parent qw(PublicInbox::GzipFilter);
-use bytes (); # only for bytes::length
-use PublicInbox::EmlContentFoo qw(parse_content_type);
 use PublicInbox::Eml;
 
 sub referer_match ($) {
        my ($ctx) = @_;
        my $env = $ctx->{env};
-       my $referer = $env->{HTTP_REFERER} // '';
+       return 1 if $env->{REQUEST_METHOD} eq 'POST';
+       my $referer = lc($env->{HTTP_REFERER} // '');
        return 1 if $referer eq ''; # no referer is always OK for wget/curl
 
        # prevent deep-linking from other domains on some browsers (Firefox)
-       # n.b.: $ctx->{-inbox}->base_url($env) with INBOX_URL won't work
+       # n.b.: $ctx->{ibx}->base_url($env) with INBOX_URL won't work
        # with dillo, we can only match "$url_scheme://$HTTP_HOST/" without
        # path components
-       my $base_url = $env->{'psgi.url_scheme'} . '://' .
+       my $base_url = lc($env->{'psgi.url_scheme'} . '://' .
                        ($env->{HTTP_HOST} //
-                        "$env->{SERVER_NAME}:$env->{SERVER_PORT}") . '/';
+                        "$env->{SERVER_NAME}:$env->{SERVER_PORT}") . '/');
        index($referer, $base_url) == 0;
 }
 
@@ -31,9 +31,7 @@ sub get_attach_i { # ->each_part callback
        return if $idx ne $ctx->{idx}; # [0-9]+(?:\.[0-9]+)+
        my $res = $ctx->{res};
        $res->[0] = 200;
-       my $ct = $part->content_type;
-       $ct = parse_content_type($ct) if $ct;
-
+       my $ct = $part->ct;
        if ($ct && (($ct->{type} || '') eq 'text')) {
                # display all text as text/plain:
                my $cset = $ct->{attributes}->{charset};
@@ -49,11 +47,16 @@ sub get_attach_i { # ->each_part callback
                        $part = $part->body;
                } else {
                        $res->[0] = 403;
-                       $res->[1]->[1] = 'text/plain';
-                       $part = "Deep-linking prevented\n";
+                       $res->[1]->[1] = 'text/html';
+                       $part = <<"";
+<html><head><title>download
+attachment</title><body><pre>Deep-linking prevented</pre><form
+method=post\naction=""><input type=submit value="Download attachment"
+/></form></body></html>
+
                }
        }
-       push @{$res->[1]}, 'Content-Length', bytes::length($part);
+       push @{$res->[1]}, 'Content-Length', length($part);
        $res->[2]->[0] = $part;
 }
 
@@ -88,15 +91,15 @@ sub get_attach ($$$) {
        $ctx->{idx} = $idx;
        bless $ctx, __PACKAGE__;
        my $eml;
-       if ($ctx->{smsg} = $ctx->{-inbox}->smsg_by_mid($ctx->{mid})) {
+       if ($ctx->{smsg} = $ctx->{ibx}->smsg_by_mid($ctx->{mid})) {
                return sub { # public-inbox-httpd-only
                        $ctx->{wcb} = $_[0];
                        scan_attach($ctx);
                } if $ctx->{env}->{'pi-httpd.async'};
                # generic PSGI:
-               $eml = $ctx->{-inbox}->smsg_eml($ctx->{smsg});
-       } elsif (!$ctx->{-inbox}->over) {
-               if (my $bref = $ctx->{-inbox}->msg_by_mid($ctx->{mid})) {
+               $eml = $ctx->{ibx}->smsg_eml($ctx->{smsg});
+       } elsif (!$ctx->{ibx}->over) {
+               if (my $bref = $ctx->{ibx}->msg_by_mid($ctx->{mid})) {
                        $eml = PublicInbox::Eml->new($bref);
                }
        }