Merge #153: Process persistent tempfiles and shell-command-injection-safe attachment filenames

commit d83a15e9c9adf9b2c0ac211016a04330180c469f
parent 1da1e15896c6475f7f490f85f614f3e8414ce79e
Author: Gaute Hope <eg@gaute.vetsj.com>
Date:   Wed,  2 Oct 2013 08:57:31 +0200

Merge #153: Process persistent tempfiles and shell-command-injection-safe attachment filenames

Squashed commit of the following:

commit a631a24aa07647268e5cc6620e98f74a90f41cd9
Author: Gaute Hope 
Date:   Tue Oct 1 15:47:45 2013 +0200

    make sure attachment filename doesn't hold any special chars

commit 6b27400233269f44455604001e0624da43b8823a
Author: Gaute Hope 
Date:   Tue Oct 1 09:13:46 2013 +0200

    Revert "use block in mime-decode"

    This reverts commit b72eca22e78564e288846090dba2b4e1fe14b3a5.

commit b72eca22e78564e288846090dba2b4e1fe14b3a5
Author: Gaute Hope 
Date:   Tue Oct 1 09:07:57 2013 +0200

    use block in mime-decode

commit 2e3f31e436057a182ad9c8be8a42fab879cbd9d6
Author: Gaute Hope 
Date:   Tue Oct 1 09:05:08 2013 +0200

    lambda uses return (which is path)

commit 8bd6c7515d72df24c7bf45072986352481ce33a6
Author: Gaute Hope 
Date:   Fri Sep 27 22:03:05 2013 +0200

    store tempfile objects statically so that tempfiles are cleaned on process end

Diffstat:

lib/sup/message_chunks.rb

++++++++++++++++++++++--------

1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/lib/sup/message_chunks.rb b/lib/sup/message_chunks.rb
@@ -1,5 +1,6 @@
 require 'tempfile'
 require 'rbconfig'
+require 'shellwords'
 
 ## Here we define all the "chunks" that a message is parsed
 ## into. Chunks are used by ThreadViewMode to render a message. Chunks
@@ -100,6 +101,11 @@ EOS
     attr_reader :content_type, :filename, :lines, :raw_content
     bool_reader :quotable
 
+    ## store tempfile objects as class variables so that they
+    ## are not removed when the viewing process returns. they
+    ## should be garbage collected when the class variable is removed.
+    @@view_tempfiles = []
+
     def initialize content_type, filename, encoded_content, sibling_types
       @content_type = content_type.downcase
       @filename = filename
@@ -159,17 +165,25 @@ EOS
     end
 
     def view!
-      path = write_to_disk
-      ret = HookManager.run "mime-view", :content_type => @content_type,
-                                         :filename => path
-      ret || view_default!(path)
+      write_to_disk do |file|
+
+        @@view_tempfiles.push file # make sure the tempfile is not garbage collected before sup stops
+
+        ret = HookManager.run "mime-view", :content_type => @content_type,
+                                           :filename => file.path
+        ret || view_default!(file.path)
+      end
     end
 
     def write_to_disk
-      file = Tempfile.new(["sup", @filename.gsub("/", "_") || "sup-attachment"])
-      file.print @raw_content
-      file.close
-      file.path
+      begin
+        file = Tempfile.new(["sup", Shellwords.escape(@filename.gsub("/", "_")) || "sup-attachment"])
+        file.print @raw_content
+        yield file if block_given?
+        return file.path
+      ensure
+        file.close
+      end
     end
 
     ## used when viewing the attachment as text

sup.git