Forum OpenACS Q&A: Possible bug in ACS Mail Lite

Collapse
Posted by Antonio Pisano on
Hello,

since a while I have encountered a problem with a particular Mail provider when sending emails with attachments from an OpenAcs application. Attachments are not opened, and the recipient's mail clients complains about some safety reason for this.

I had no issues when sending directly from PC, so I have confronted the source of a sending from ACS Mail Lite and one from my client. I will skip to the relevant part:

- ACS Mail Lite
...
Content-Type: application/pdf;
name=""
...

- Thunderbird
...
Content-Type: application/pdf;
name="email_attachment_invoice-276628-1799717.pdf"
...

So there was no "name" assigned to the attachment. I have gone into packages/acs-mail-lite/tcl/acs-mail-lite-procs.tcl and, from line 426, I have tried to replace this part

db_foreach get_file_info {} {
lappend tokens [mime::initialize \
-param [list name "[ad_quotehtml $title]"] \
-header [list "Content-Disposition" "attachment; filename=\"$name\""] \
-header [list Content-Description $title] \
-canonical $mime_type \
-file "[cr_fs_path]$filename"]
}

with this

db_foreach get_file_info {} {
lappend tokens [mime::initialize \
-param [list name "[ad_quotehtml $title]"] \
-header [list "Content-Disposition" "attachment; filename=\"$name\""] \
-header [list Content-Description $title] \
-canonical "$mime_type; name=\"$name\"" \
-file "[cr_fs_path]$filename"]
}

Then I have sent again the email to my choosy provider. He was happy this time.

I have experienced this bug with every customer (around a dozen) using this particular provider (http://posta.libero.it). If it is ok I can commit the fix to the cvs.

Best regards.

Collapse
Posted by Gustaf Neumann on
If i see this correctly, the "name" attribute of the content-type predates the content-disposition (with parameter "filename"), and some "old clients" need this.

This reference [1] (ned freed) mentions that is is fine to set both the name and the filename parameters, and since thunderbird makes this as well, it should be fine when OpenACS does it also. However, i see no relation to "safety reasons".

From my point of view, please go ahead to commit the change. Hopefully, the content of $name is sanitized.

[1] http://www.imc.org/ietf-smtp/mail-archive/msg05023.html

Collapse
Posted by Antonio Pisano on
Went deeper into the issue: 'name' parameter of content-type header is taken from 'title' column of cr_revisions. My application created attachments into content-repository with empty 'title' column, and so I had an empty name in content-type.

I have changed the code on my end so title is set and this should fix the problem without committing anything. Anyway, putting a one-liner to avoid empty names into content-type shouldn't hurt.

All this said, I really don't know what Libero provider is so worried about...

Collapse
Posted by Antonio Pisano on
Had some thinking...

the only reason I am passing through file-storage to send attachments is that ACS Mail Lite currently needs a file to reside into the file-storage to send it as an attachment (as far as I know).

At the time I just wanted the feature up and running, so I didn't care, but you can tell yourself this approach is far from being optimal: I have to save my attachment into the file-storage, send the email, then delete it... and all of this needs to happen in a transaction in order to be safe.

It won't take forever to extend Mail Lite so it can also send attachments taken from a regular file on the server, and this would be very convenient for me.

I will propose you my change to see what you think