1 From 6489f20d6905cc797e2b2581c415e558c457caa7 Mon Sep 17 00:00:00 2001
2 From: Milan Crha <mcrha@redhat.com>
3 Date: Wed, 12 Feb 2020 18:59:52 +0100
4 Subject: [PATCH] I#784 - Warn about and limit what can be attached using
7 Closes https://gitlab.gnome.org/GNOME/evolution/issues/784
9 src/composer/e-msg-composer.c | 58 +++++++++++++++++++++++++++++------
10 src/e-util/e-system.error.xml | 7 ++++-
11 2 files changed, 54 insertions(+), 11 deletions(-)
13 diff --git a/src/composer/e-msg-composer.c b/src/composer/e-msg-composer.c
14 index e4c9ac095e..cd3168d882 100644
15 --- a/src/composer/e-msg-composer.c
16 +++ b/src/composer/e-msg-composer.c
17 @@ -4761,7 +4761,8 @@ handle_mailto (EMsgComposer *composer,
18 gchar *header, *content, *buf;
19 gsize nread, nwritten;
22 + gint len, clen, has_attachments = 0;
23 + gboolean has_blacklisted_attachment = FALSE;
25 table = e_msg_composer_get_header_table (composer);
26 view = e_msg_composer_get_attachment_view (composer);
27 @@ -4844,22 +4845,36 @@ handle_mailto (EMsgComposer *composer,
28 } else if (!g_ascii_strcasecmp (header, "attach") ||
29 !g_ascii_strcasecmp (header, "attachment")) {
30 EAttachment *attachment;
33 camel_url_decode (content);
34 - if (file_is_blacklisted (content))
36 - E_ALERT_SINK (e_msg_composer_get_editor (composer)),
37 - "mail:blacklisted-file",
39 if (g_ascii_strncasecmp (content, "file:", 5) == 0)
40 attachment = e_attachment_new_for_uri (content);
42 attachment = e_attachment_new_for_path (content);
43 - e_attachment_store_add_attachment (store, attachment);
44 - e_attachment_load_async (
45 - attachment, (GAsyncReadyCallback)
46 - e_attachment_load_handle_error, composer);
47 + file = e_attachment_ref_file (attachment);
48 + if (!file || !g_file_peek_path (file) ||
49 + !g_file_test (g_file_peek_path (file), G_FILE_TEST_EXISTS) ||
50 + g_file_test (g_file_peek_path (file), G_FILE_TEST_IS_DIR)) {
51 + /* Do nothing, simply ignore the attachment request */
55 + if (file_is_blacklisted (content)) {
56 + has_blacklisted_attachment = TRUE;
58 + E_ALERT_SINK (e_msg_composer_get_editor (composer)),
59 + "mail:blacklisted-file",
63 + e_attachment_store_add_attachment (store, attachment);
64 + e_attachment_load_async (
65 + attachment, (GAsyncReadyCallback)
66 + e_attachment_load_handle_error, composer);
68 g_object_unref (attachment);
69 + g_clear_object (&file);
70 } else if (!g_ascii_strcasecmp (header, "from")) {
72 } else if (!g_ascii_strcasecmp (header, "reply-to")) {
73 @@ -4883,6 +4898,29 @@ handle_mailto (EMsgComposer *composer,
77 + if (has_attachments && !has_blacklisted_attachment) {
78 + const gchar *primary;
81 + primary = g_dngettext (GETTEXT_PACKAGE,
82 + "Review attachment before sending.",
83 + "Review attachments before sending.",
86 + secondary = g_strdup_printf (g_dngettext (GETTEXT_PACKAGE,
87 + "There had been added %d attachment. Make sure it does not contain any sensitive information before sending the message.",
88 + "There had been added %d attachments. Make sure they do not contain any sensitive information before sending the message.",
93 + E_ALERT_SINK (e_msg_composer_get_editor (composer)),
94 + "system:generic-warning",
95 + primary, secondary, NULL);
100 merge_always_cc_and_bcc (table, to, &cc, &bcc);
102 tov = destination_list_to_vector (to);
103 diff --git a/src/e-util/e-system.error.xml b/src/e-util/e-system.error.xml
104 index ddcf989fda..02facb7d26 100644
105 --- a/src/e-util/e-system.error.xml
106 +++ b/src/e-util/e-system.error.xml
108 <?xml version="1.0"?>
109 <error-list domain="system">
110 - <error type="error" id="generic-error">
111 + <error id="generic-error" type="error">
112 + <primary>{0}</primary>
113 + <secondary>{1}</secondary>
116 + <error id="generic-warning" type="warning">
117 <primary>{0}</primary>
118 <secondary>{1}</secondary>