Show share_upload.html syntax highlighted
% # vim:set syntax=mason:
<%args>
$cancel => 0
$key => 0
$password => ''
$message => ''
</%args>
<%init>
$m->redirect(build_url("$base/mail/index.html")) if($config->get('large_file_limit',0) == 0);
my $user = Apache2::SiteControl->getCurrentUser($r);
my $username = $user->getUsername;
my $mx = $user->getAttribute('mx');
my ($password_hash, $filename_hash);
my $prefs = new AlphaMail::Preferences($user->getUsername(),
$user->getAttribute('mx'), $config);
my $number = $prefs->get('sharing_number');
my $agree = $prefs->get('sharing_agree');
my $copyright = $prefs->get('sharing_copyright');
my $expire = $prefs->get('sharing_expire');
$password =~ s/\"//g;
if(!$number || !$copyright || !$agree || !$expire) {
$m->redirect(build_url("$base/mail/index.html", {message => "SECURITY VIOLATION. Attempt to bypass Sharing Security!"}));
}
if(!$password || $password !~ m/^..*$/) {
$m->redirect(build_url("$base/mail/share_options.html", { agree => $agree, copyright => $copyright, number => $number, expire => $expire, message => "The password must be set to something!"}));
}
eval {
use Apache2::Upload;
use Apache2::Request;
my $req = Apache2::Request->new($r);
my $upload = $req->upload('file');
my $filename = Encode::decode_utf8($upload->filename);
my $size = $upload->size;
if($size > $config->get('large_file_limit')) {
$message = "The file you uploaded is $size bytes, which exceeds the system limit.";
die "File size limit exceeded.";
}
$filename =~ s!^.*[/\\]([^\\/]*)$!$1!;
$filename =~ s/^\.+//g;
$filename = encode_utf8mimewords($filename);
if($filename =~ m/^\s*$/) {
$message = "The file's name is incompatible with this system. Please rename the file to something alphanumeric and try again.";
die "Bad filename.";
}
my $dir = $config->get('large_file_dir', '/tmp');
my $openssl = $config->get('openssl', '/usr/bin/openssl');
# Create the control file
$password_hash = md5_hex($password);
$filename_hash = md5_hex($filename);
if(!open(DATA, ">$dir/$filename_hash.rec")) {
$message = "I could not create a control file for you. Contact support.";
die "Could not create control file: $dir/$filename_hash.rec";
}
print DATA "downloads: 0\nowner: $username\@$mx\nfilename: $filename\npassword: $password_hash\n";
close DATA;
my $infile = $upload->tempname;
my $out = qx(nice -n 20 $openssl enc -cast5-cbc -k "$password" -in $infile -out $dir/$filename_hash 2>&1);
$logger->debug("Openssl output: $out");
if(!defined($out)) {
$message = "I could not create an encrypted version of that file. It is possible that the file sharing space is full.";
die "Could not create share file";
}
};
if($@) {
$logger->error("$message: $@");
$m->redirect(build_url("$base/mail/share_options.html", { message => $message}));
}
my $urlhostname = $r->server->server_hostname;
my $urlport = $r->server->port;
my $base_url = "https://$urlhostname";
$base_url .= ":$urlport" if($urlport != 443);
$base_url .= $base . "/filevault.html";
my $url = build_url($base_url, { file => $filename_hash });
$message = <<EOM;
I have a large file I want to share with you, but it was too big to email.
Please copy the following URL (without the angle brackets around it) into a
browser in order to download it:
<$url>
or go to:
$base_url
and use $filename_hash for the file key.
EOM
if($key) {
$message .= "You will need to type in the following password to download the file: $password\n";
} else {
$message .= "You will need a password to download the file.\nFor security reasons, I will get that to you by some other means.\n";
}
$message .= "\nThe file will expire in " .
$config->get('large_file_expiration', 14) . " days.\n";
my $msg = new AlphaMail::Message($user, $config);
$msg->setBody($message);
$msg->setBody($message); # TODO: Fix this so we can include a signature at bottom reliably.
$msg->save();
$m->redirect(build_url("$base/mail/compose.html"));
</%init>
<%once>
use AlphaMail::MailTool qw(encode_utf8mimewords);
use AlphaMail::HTMLHelper qw(build_url);
use Digest::MD5 qw(md5_hex);
our $logger = Log::Log4perl->get_logger('alphamail');
our $base = $config->get('base_uri');
</%once>
See more files for this project here