Merge pull request #422 from nabinhait/hotfix

Scrub urls of email attachments

public/js/legacy/print_format.js

@@ -384,7 +384,7 @@ $.extend(_p, {
 			lh = cstr(wn.boot.letter_heads[cur_frm.doc.letter_head]);
 		} else if (cp.letter_head) {
 			lh = cp.letter_head;
-		}		
+		}
 		return lh;
 	},
 	

webnotes/utils/__init__.py

@@ -4,11 +4,11 @@
 # util __init__.py
 
 from __future__ import unicode_literals
-from webnotes import conf
+import re
+import urllib
 
 import webnotes
 
-
 no_value_fields = ['Section Break', 'Column Break', 'HTML', 'Table', 'FlexTable',
 	'Button', 'Image', 'Graph']
 default_fields = ['doctype', 'name', 'owner', 'creation', 'modified', 'modified_by',
@@ -59,14 +59,13 @@ def extract_email_id(email):
 def validate_email_add(email_str):
 	"""Validates the email string"""
 	email = extract_email_id(email_str)
-	import re
 	return re.match("[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?", email.lower())
 
 def get_request_site_address(full_address=False):
 	"""get app url from request"""
 	import os
 	
-	host_name = conf.host_name
+	host_name = webnotes.conf.host_name
 
 	if not host_name:
 		if webnotes.request:
@@ -285,7 +284,6 @@ def dict_to_str(args, sep='&'):
 	"""
 	Converts a dictionary to URL
 	"""
-	import urllib
 	t = []
 	for k in args.keys():
 		t.append(str(k)+'='+urllib.quote(str(args[k] or '')))
@@ -679,7 +677,6 @@ def strip_html(text):
 	"""
 		removes anything enclosed in and including <>
 	"""
-	import re
 	return re.compile(r'<.*?>').sub('', text)
 	
 def escape_html(text):
@@ -826,10 +823,10 @@ def get_base_path():
 	
 def get_site_base_path(sites_dir=None, hostname=None):
 	if not sites_dir:
-		sites_dir = conf.sites_dir
+		sites_dir = webnotes.conf.sites_dir
 	
 	if not hostname:
-		hostname = conf.site
+		hostname = webnotes.conf.site
 		
 	if not (sites_dir and hostname):
 		return get_base_path()
@@ -856,7 +853,6 @@ def get_url(uri=None):
 				url = "http://" + subdomain
 				
 	if uri:
-		import urllib
 		url = urllib.basejoin(url, uri)
 	
 	return url
@@ -921,10 +917,23 @@ def get_disk_usage():
 		return 0
 	err, out = execute_in_shell("du -hsm {files_path}".format(files_path=files_path))
 	return cint(out.split("\n")[-2].split("\t")[0])
-
-def expand_partial_links(html):
-	import re
+	
+def scrub_urls(html):
+	html = expand_relative_urls(html)
+	html = quote_urls(html)
+	return html
+	
+def expand_relative_urls(html):
+	# expand relative urls
 	url = get_url()
 	if not url.endswith("/"): url += "/"
 	return re.sub('(href|src){1}([\s]*=[\s]*[\'"]?)((?!http)[^\'" >]+)([\'"]?)', 
 		'\g<1>\g<2>{}\g<3>\g<4>'.format(url), html)
+		
+def quote_urls(html):
+	def _quote_url(match):
+		groups = list(match.groups())
+		groups[2] = urllib.quote(groups[2], safe="/:")
+		return "".join(groups)
+	return re.sub('(href|src){1}([\s]*=[\s]*[\'"]?)((?:http)[^\'">]+)([\'"]?)',
+		_quote_url, html)

webnotes/utils/email_lib/smtp.py

@@ -10,7 +10,7 @@ Allows easy adding of Attachments of "File" objects
 import webnotes	
 from webnotes import conf
 from webnotes import msgprint
-from webnotes.utils import cint, expand_partial_links
+from webnotes.utils import cint, scrub_urls
 import email.utils
 
 class OutgoingEmailError(webnotes.ValidationError): pass
@@ -56,7 +56,7 @@ class EMail:
 	def set_html(self, message, text_content = None, footer=None):
 		"""Attach message in the html portion of multipart/alternative"""
 		message = message + self.get_footer(footer)
-		message = expand_partial_links(message)
+		message = scrub_urls(message)
 
 		# this is the first html part of a multi-part message, 
 		# convert to text well