From 1581fff9669e7c10c98fd70639c115d6a0d3c4c2 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Thu, 20 Jan 2022 18:36:47 +0100 Subject: [PATCH 1/4] Bad Content-ID formatting handling in DetectAttachment filter fixed Znuny throws `Use of uninitialized value $ImageID in quotemeta at [...]DetectAttachment.pm line 65` error when importing e-mail message with inline image with Content-ID header value without <>. Such formatting is not allowed by RFC https://datatracker.ietf.org/doc/html/rfc2392#section-2 but is accepted Znuny in https://github.com/znuny/Znuny/blob/rel-6_0/Kernel/System/Ticket/Article/Backend/MIMEBase/ArticleStorageFS.pm#L372 so it should tolerate it also in DetectAttachment.pm. This mod fixes it. I also reverts 61cfc740dd3b7b93f81bf8917312eb6c39359c81 because HTML tags and attributes are case insensitive: https://github.com/znuny/Znuny/commit/61cfc740dd3b7b93f81bf8917312eb6c39359c81#commitcomment-110812670 Related: https://datatracker.ietf.org/doc/html/rfc2392#section-2 Fixes: 61cfc740dd3b7b93f81bf8917312eb6c39359c81 Author-Change-Id: IB#1114877 --- CHANGES.md | 3 ++ .../PostMaster/Filter/DetectAttachment.pm | 14 +++++- scripts/test/PostMaster/Attachments.t | 34 +++++++++++++ .../test/sample/PostMaster/InlineImage1.box | 50 +++++++++++++++++++ 4 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 scripts/test/sample/PostMaster/InlineImage1.box diff --git a/CHANGES.md b/CHANGES.md index e84cd1797d8..4b93710dee1 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,6 @@ +# 6.5.2 ????-??-?? + - 2023-04-27 Bad Content-ID formatting handling in DetectAttachment filter fixed. + # 6.5.1 2023-03-09 - 2023-02-28 Added options tickets-created-before-date and tickets-created-before-days to console command Admin::Article::StorageSwitch. - 2023-02-28 Fixed encoding of postmaster filter name in AdminPostMasterFilter. diff --git a/Kernel/System/PostMaster/Filter/DetectAttachment.pm b/Kernel/System/PostMaster/Filter/DetectAttachment.pm index 93d28518e95..2de47af8deb 100644 --- a/Kernel/System/PostMaster/Filter/DetectAttachment.pm +++ b/Kernel/System/PostMaster/Filter/DetectAttachment.pm @@ -1,6 +1,7 @@ # -- # Copyright (C) 2001-2021 OTRS AG, https://otrs.com/ # Copyright (C) 2021 Znuny GmbH, https://znuny.org/ +# Copyright (C) 2022-2023 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you @@ -61,8 +62,17 @@ sub Run { ) { my ($ImageID) = ( $Attachment->{ContentID} =~ m{^<(.*)>$}ixms ); - if ( grep { $_->{Content} =~ m{}xms } @Attachments ) { - $AttachmentInline = 1; + + # Tolerate ContentID without surrounding <>. + if (! defined $ImageID) { + $ImageID = $Attachment->{ContentID}; + } + + # Inline image must not have empty ContentID (<>). + if (length $ImageID) { + if ( grep { $_->{Content} =~ m{}ixms } @Attachments ) { + $AttachmentInline = 1; + } } } diff --git a/scripts/test/PostMaster/Attachments.t b/scripts/test/PostMaster/Attachments.t index 05a5133e892..58940f52ff0 100644 --- a/scripts/test/PostMaster/Attachments.t +++ b/scripts/test/PostMaster/Attachments.t @@ -132,6 +132,12 @@ my $EmailInlineImage = $MainObject->FileRead( Result => 'ARRAY', ); +# Read email content that contains inline image with bad Content-ID formatting. +my $EmailInlineImageBadContentIDFormatting = $MainObject->FileRead( + Location => $ConfigObject->Get('Home') . '/scripts/test/sample/PostMaster/InlineImage1.box', + Result => 'ARRAY', +); + # Workaround due used email have not a From value unshift @{$EmailAttachment}, 'From: Sender '; @@ -229,6 +235,34 @@ my @Tests = ( }, Email => $EmailInlineImage, }, + { + Name => '#4 - With Inline Images and bad Content-ID formatting', + Match => [ + { + Key => 'X-OTRS-AttachmentExists', + Value => 'yes', + }, + { + Key => 'X-OTRS-AttachmentCount', + Value => 1, + } + ], + Set => [ + { + Key => 'X-OTRS-DynamicField-TicketFreeText1', + Value => 'This should not be set', + }, + { + Key => 'X-OTRS-DynamicField-TicketFreeText2', + Value => 'This should not be set', + }, + ], + Check => { + DynamicField_TicketFreeText1 => undef, + DynamicField_TicketFreeText2 => undef, + }, + Email => $EmailInlineImageBadContentIDFormatting, + }, ); $Kernel::OM->ObjectsDiscard( Objects => ['Kernel::System::PostMaster::Filter'] ); diff --git a/scripts/test/sample/PostMaster/InlineImage1.box b/scripts/test/sample/PostMaster/InlineImage1.box new file mode 100644 index 00000000000..d03e892e9e1 --- /dev/null +++ b/scripts/test/sample/PostMaster/InlineImage1.box @@ -0,0 +1,50 @@ +From: test +Subject: test +To: test1 +Message-ID: +Date: Fri, 28 Jul 2017 12:25:43 +0200 +MIME-Version: 1.0 +Content-Type: multipart/alternative; + boundary="------------09D1E0375BAA13EBAAD61733" +Content-Language: pl + +This is a multi-part message in MIME format. +--------------09D1E0375BAA13EBAAD61733 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: 7bit + +test img: + + +--------------09D1E0375BAA13EBAAD61733 +Content-Type: multipart/related; + boundary="------------040237935DECF5A5EBB29292" + + +--------------040237935DECF5A5EBB29292 +Content-Type: text/html; charset=utf-8 +Content-Transfer-Encoding: 7bit + + + + + + +

test img:

+ + + +--------------040237935DECF5A5EBB29292 +Content-Type: image/png; + name="test.png" +Content-Transfer-Encoding: base64 +Content-ID: image1@test.com +Content-Disposition: attachment; + filename="test.png" + +iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeAQMAAAAB/jzhAAAAA1BMVEVV5ytwjk3qAAAADElE +QVQI12NgGIwAAACWAAFiFg3SAAAAAElFTkSuQmCC +--------------040237935DECF5A5EBB29292-- + +--------------09D1E0375BAA13EBAAD61733-- From 44ad0ea7b5bad98f0c4aac6e9c824f6634895877 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Thu, 27 Apr 2023 12:38:33 +0200 Subject: [PATCH 2/4] Missing copyright added Fixes: 1581fff9669e7c10c98fd70639c115d6a0d3c4c2 Author-Change-Id: IB#1114877 --- scripts/test/PostMaster/Attachments.t | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/test/PostMaster/Attachments.t b/scripts/test/PostMaster/Attachments.t index 58940f52ff0..109e327c297 100644 --- a/scripts/test/PostMaster/Attachments.t +++ b/scripts/test/PostMaster/Attachments.t @@ -1,6 +1,7 @@ # -- # Copyright (C) 2001-2021 OTRS AG, https://otrs.com/ # Copyright (C) 2021 Znuny GmbH, https://znuny.org/ +# Copyright (C) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you From 98d2ba7cb97aebe11d0cead93fb5e3e731b106ff Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Thu, 27 Apr 2023 12:40:26 +0200 Subject: [PATCH 3/4] Code policy fixes Author-Change-Id: IB#1114877 --- Kernel/System/PostMaster/Filter/DetectAttachment.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Kernel/System/PostMaster/Filter/DetectAttachment.pm b/Kernel/System/PostMaster/Filter/DetectAttachment.pm index 2de47af8deb..6ca0b57bee4 100644 --- a/Kernel/System/PostMaster/Filter/DetectAttachment.pm +++ b/Kernel/System/PostMaster/Filter/DetectAttachment.pm @@ -64,12 +64,12 @@ sub Run { my ($ImageID) = ( $Attachment->{ContentID} =~ m{^<(.*)>$}ixms ); # Tolerate ContentID without surrounding <>. - if (! defined $ImageID) { + if ( !defined $ImageID ) { $ImageID = $Attachment->{ContentID}; } # Inline image must not have empty ContentID (<>). - if (length $ImageID) { + if ( length $ImageID ) { if ( grep { $_->{Content} =~ m{}ixms } @Attachments ) { $AttachmentInline = 1; } From e4db4b2f115a2904401bb0bba656c613ca3cecda Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Thu, 27 Apr 2023 12:59:56 +0200 Subject: [PATCH 4/4] Changelog and copyright removed Author-Change-Id: IB#1114877 --- CHANGES.md | 3 --- Kernel/System/PostMaster/Filter/DetectAttachment.pm | 1 - scripts/test/PostMaster/Attachments.t | 1 - 3 files changed, 5 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 4b93710dee1..e84cd1797d8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,6 +1,3 @@ -# 6.5.2 ????-??-?? - - 2023-04-27 Bad Content-ID formatting handling in DetectAttachment filter fixed. - # 6.5.1 2023-03-09 - 2023-02-28 Added options tickets-created-before-date and tickets-created-before-days to console command Admin::Article::StorageSwitch. - 2023-02-28 Fixed encoding of postmaster filter name in AdminPostMasterFilter. diff --git a/Kernel/System/PostMaster/Filter/DetectAttachment.pm b/Kernel/System/PostMaster/Filter/DetectAttachment.pm index 6ca0b57bee4..8bd78402526 100644 --- a/Kernel/System/PostMaster/Filter/DetectAttachment.pm +++ b/Kernel/System/PostMaster/Filter/DetectAttachment.pm @@ -1,7 +1,6 @@ # -- # Copyright (C) 2001-2021 OTRS AG, https://otrs.com/ # Copyright (C) 2021 Znuny GmbH, https://znuny.org/ -# Copyright (C) 2022-2023 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you diff --git a/scripts/test/PostMaster/Attachments.t b/scripts/test/PostMaster/Attachments.t index 109e327c297..58940f52ff0 100644 --- a/scripts/test/PostMaster/Attachments.t +++ b/scripts/test/PostMaster/Attachments.t @@ -1,7 +1,6 @@ # -- # Copyright (C) 2001-2021 OTRS AG, https://otrs.com/ # Copyright (C) 2021 Znuny GmbH, https://znuny.org/ -# Copyright (C) 2022 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you