[dev] MIME::Viewer driver that just pass HTML thru ?

Etienne Goyer etienne.goyer at linuxquebec.com
Mon Nov 10 12:51:22 PST 2003 

On Mon, Nov 10, 2003 at 02:29:27PM -0500, Chuck Hagenbuch wrote:
> Quoting Etienne Goyer <etienne.goyer at linuxquebec.com>:
> 
> > My question is : is there a good reason for not doing such a thing ?
> 
> Security.

Ok, I see and it make a lot of sense for HTML email attachment.  But in 
this case (accessing personnal web page via Gollem for management), it's
not really warranted since it is only writable by the user.  Here is a
new Gollem::MIME::Viewer::html driver and patch to
gollem/config/mime_drivers.php.dist to make HTML file clickable and
viewable as-is in Gollem.

Thanks !

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne.goyer at linuxquebec.com
-------------- next part --------------
<?php
/**
 * The Gollem_MIME_Viewer_html class pass the file content as-is.  This
 * may represent a security risk under some circumstance (ie. the file
 * location is world-writable).

 * $Id$
 *
 * Copyright 2003 Etienne Goyer, LQT Systems <etienne.goyer at ilinuxquebec.com>
 *
 * See the enclosed file COPYING for license information (GPL). If you
 * did not receive this file, see http://www.fsf.org/copyleft/gpl.html.
 *
 * @author  Etienne Goyer <etienne.goyer at linuxquebec.com>
 * @version 1
 * @since   Gollem 0.0.1
 * @package horde.mime.viewer
 */
class Gollem_MIME_Viewer_html extends MIME_Viewer {

}
-------------- next part --------------
--- mime_drivers.php.dist.orig       Tue Aug  6 13:10:33 2002
+++ mime_drivers.php.dist    Mon Nov 10 15:44:59 2003
@@ -8,7 +8,7 @@
  * Right now, the choices are:
  *
  */
-$mime_drivers_map['gollem']['registered'] = array('plain', 'images');
+$mime_drivers_map['gollem']['registered'] = array('plain', 'images', 'html');

 /**
  * If you want to specifically override any MIME type to be handled by
@@ -51,3 +51,16 @@
     'image/*');
 $mime_drivers['gollem']['images']['icons'] = array(
     'default' => 'image.gif');
+
+/**
+ * HTML  driver settings examples
+ * Since this driver pass HTML file as-is, it may represent a security
+ * risk, ie. when the file location is world-writable.  Consider the
+ * implication before using this section.
+ */
+$mime_drivers['gollem']['html']['inline'] = true;
+$mime_drivers['gollem']['html']['handles'] = array(
+    'text/html');
+$mime_drivers['gollem']['html']['icons'] = array(
+    'text/html' => 'html.gif');
+

More information about the dev mailing list