# -- # Copyright (C) 2001-2017 OTRS AG, http://otrs.com/ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (AGPL). If you # did not receive this file, see http://www.gnu.org/licenses/agpl.txt. # -- package Kernel::Modules::AgentTicketAttachment; ## nofilter(TidyAll::Plugin::OTRS::Perl::Print) use strict; use warnings; use Kernel::System::FileTemp; sub new { my ( $Type, %Param ) = @_; # allocate new hash for object my $Self = {%Param}; bless( $Self, $Type ); # check needed objects for (qw(ParamObject DBObject TicketObject LayoutObject LogObject EncodeObject ConfigObject)) { if ( !$Self->{$_} ) { $Self->{LayoutObject}->FatalError( Message => "Got no $_!" ); } } # get ArticleID $Self->{ArticleID} = $Self->{ParamObject}->GetParam( Param => 'ArticleID' ); $Self->{FileID} = $Self->{ParamObject}->GetParam( Param => 'FileID' ); $Self->{Viewer} = $Self->{ParamObject}->GetParam( Param => 'Viewer' ) || 0; $Self->{LoadExternalImages} = $Self->{ParamObject}->GetParam( Param => 'LoadExternalImages' ) || 0; return $Self; } sub Run { my ( $Self, %Param ) = @_; # check params if ( !$Self->{FileID} || !$Self->{ArticleID} ) { $Self->{LogObject}->Log( Message => 'FileID and ArticleID are needed!', Priority => 'error', ); return $Self->{LayoutObject}->ErrorScreen(); } # check permissions my %Article = $Self->{TicketObject}->ArticleGet( ArticleID => $Self->{ArticleID}, DynamicFields => 0, UserID => $Self->{UserID}, ); if ( !$Article{TicketID} ) { $Self->{LogObject}->Log( Message => "No TicketID for ArticleID ($Self->{ArticleID})!", Priority => 'error', ); return $Self->{LayoutObject}->ErrorScreen(); } # check permissions my $Access = $Self->{TicketObject}->TicketPermission( Type => 'ro', TicketID => $Article{TicketID}, UserID => $Self->{UserID} ); if ( !$Access ) { return $Self->{LayoutObject}->NoPermission( WithHeader => 'yes' ); } # get a attachment my %Data = $Self->{TicketObject}->ArticleAttachment( ArticleID => $Self->{ArticleID}, FileID => $Self->{FileID}, UserID => $Self->{UserID}, ); if ( !%Data ) { $Self->{LogObject}->Log( Message => "No such attacment ($Self->{FileID})! May be an attack!!!", Priority => 'error', ); return $Self->{LayoutObject}->ErrorScreen(); } # find viewer for ContentType my $Viewer = ''; if ( $Self->{Viewer} && $Self->{ConfigObject}->Get('MIME-Viewer') ) { for ( sort keys %{ $Self->{ConfigObject}->Get('MIME-Viewer') } ) { if ( $Data{ContentType} =~ /^$_/i ) { $Viewer = $Self->{ConfigObject}->Get('MIME-Viewer')->{$_}; $Viewer =~ s/\/$Self->{ConfigObject}->{$1}/g; } } } # show with viewer if ( $Self->{Viewer} && $Viewer ) { # write tmp file my $FileTempObject = Kernel::System::FileTemp->new( %{$Self} ); my ( $FH, $Filename ) = $FileTempObject->TempFile(); if ( open( my $ViewerDataFH, '>', $Filename ) ) { ## no critic print $ViewerDataFH $Data{Content}; close $ViewerDataFH; } else { # log error $Self->{LogObject}->Log( Priority => 'error', Message => "Cant write $Filename: $!", ); return $Self->{LayoutObject}->ErrorScreen(); } # use viewer my $Content = ''; if ( open( my $ViewerFH, "-|", "$Viewer $Filename" ) ) { ## no critic while (<$ViewerFH>) { $Content .= $_; } close $ViewerFH; } else { return $Self->{LayoutObject}->FatalError( Message => "Can't open: $Viewer $Filename: $!", ); } # return new page return $Self->{LayoutObject}->Attachment( %Data, ContentType => 'text/html', Content => $Content, Type => 'inline', Sandbox => 1, ); } # view attachment for html email if ( $Self->{Subaction} eq 'HTMLView' ) { # set download type to inline $Self->{ConfigObject}->Set( Key => 'AttachmentDownloadType', Value => 'inline' ); # just return for non-html attachment (e. g. images) if ( $Data{ContentType} !~ /text\/html/i ) { return $Self->{LayoutObject}->Attachment( %Data, Sandbox => 1, ); } # set filename for inline viewing $Data{Filename} = "Ticket-$Article{TicketNumber}-ArticleID-$Article{ArticleID}.html"; # safety check only on customer article if ( !$Self->{LoadExternalImages} && $Article{SenderType} ne 'customer' ) { $Self->{LoadExternalImages} = 1; } # generate base url my $URL = 'Action=AgentTicketAttachment;Subaction=HTMLView' . ";ArticleID=$Self->{ArticleID};FileID="; # replace links to inline images in html content my %AtmBox = $Self->{TicketObject}->ArticleAttachmentIndex( ArticleID => $Self->{ArticleID}, UserID => $Self->{UserID}, ); # reformat rich text document to have correct charset and links to # inline documents %Data = $Self->{LayoutObject}->RichTextDocumentServe( Data => \%Data, URL => $URL, Attachments => \%AtmBox, LoadExternalImages => $Self->{LoadExternalImages}, ); # if there is unexpectedly pgp decrypted content in the html email (OE), # we will use the article body (plain text) from the database as fall back # see bug#9672 if ( $Data{Content} =~ m{ ^ .* -----BEGIN [ ] PGP [ ] MESSAGE----- .* $ # grep PGP begin tag .+ # PGP parts may be nested in html ^ .* -----END [ ] PGP [ ] MESSAGE----- .* $ # grep PGP end tag }xms ) { # html quoting $Article{Body} = $Self->{LayoutObject}->Ascii2Html( NewLine => $Self->{ConfigObject}->Get('DefaultViewNewLine'), Text => $Article{Body}, VMax => $Self->{ConfigObject}->Get('DefaultViewLines') || 5000, HTMLResultMode => 1, LinkFeature => 1, ); # use the article body as content, because pgp was definitly descrypted if possible $Data{Content} = $Article{Body}; } # return html attachment return $Self->{LayoutObject}->Attachment( %Data, Sandbox => 1, ); } # download it AttachmentDownloadType is configured return $Self->{LayoutObject}->Attachment( %Data, Sandbox => 1, ); } 1;