admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0304d757712e84c7d0a82b8ffb5dbaaad7b4e2c8
Facilitor/UTILS/mail_receive/EventHandlers.js
Jos Groot Lipman 0304d75771 FSN#24372 Bijlagen met 'Foute' extensies via whitelist ipv. blacklist 
svn path=/Website/trunk/; revision=18562
2013-07-31 07:31:25 +00:00

217 lines
7.5 KiB
JavaScript
Raw Blame History

// Hieronder worden XXXX/XXXX/UDL's gezocht
var facilPath = 'd:/apps/Facilitor/FPlace5i/cust/';
var cust = 'XXXX';
safe = { // extracted from shared.inc
quoted_sql: function (tekst, maxlen) // maxlen is optioneel
{
if (tekst == null)
return "NULL";
if (!maxlen)
maxlen = 4000;
tekst = tekst.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]+/g, "?");
tekst = tekst.substr(0, maxlen);
return "'" + tekst.replace(/\'/g,"''") + "'"; // " syntax highlight correctie
},
filename: function (naam) // geen 'lage' karakters en geen (back)slashes, *,%,<,>
{
return naam.replace(/[\x00-\x1F|\/|\\|\*|\%\<\>\"\:\?\|]+/g, "_"); // " syntax highlight correctie
}
}
function stripHtml(html)
{
// verwijder html-tags
html = html.replace(/(<([^>]+)>)/ig,"");
//verwijder leading spaces and tabs
html = html.replace(/^[ \t]+/gm,"");
// verwijder lege regels
html = html.replace(/[(\n\r)]+/g,"\n\r");
// zet een regel die begint met : maar achter de vorige
html = html.replace(/(\n\r:)/g,":");
return html;
}
function CreateFullPath(sPath)
{
var fso = new ActiveXObject("Scripting.FileSystemObject");
while(!fso.FolderExists(sPath))
{
var sParent = sPath;
while (!fso.FolderExists(sParent))
{
sChild = sParent;
sParent = fso.GetParentFolderName(sChild);
}
oFolder = fso.CreateFolder(sChild)
}
}
function OnAcceptMessage(oClient, oMessage)
{
var fromAddr = oMessage.FromAddress;
// var toAddr = oMessage.Recipients.Item(0).Address; // dit zal alles@.... zijn
var toAddr = oMessage.Recipients.Item(0).OriginalAddress; // heeft geen last van de catchall
EventLog.write('to: '+toAddr);
var user = toAddr.split("@")[0];
var domain = toAddr.split("@")[1];
var cust = domain.split(".")[0].substring(0, 4); // TODO: Hoe/ Onderscheid voor acceptatie omgevingen?
EventLog.write('from: '+fromAddr);
EventLog.write('domain: '+domain);
EventLog.write('cust: '+cust);
var udlpath = facilPath+cust + "/Oracle.udl";
var fso = new ActiveXObject("Scripting.FileSystemObject");
if (!fso.FileExists(udlpath))
{
EventLog.write("customer udl niet gevonden: " + udlpath);
Result.Message = "Database-fout";
Result.Value = 2; // reject
return;
}
// Verbinden met DB
// TODO: try/catch?
var Oracle = new ActiveXObject("ADODB.Connection");
Oracle.Open("File Name="+udlpath);
EventLog.write('verbonden met Oracle');
var sql = "BEGIN fac.initsession(NULL); END;";
var oRs = Oracle.Execute(sql);
sql = "SELECT fac_email_setting_action,"
+ " fac_email_setting_expire,"
+ " fac_email_setting_from,"
+ " fac_email_setting_attachpath"
+ " FROM fac_email_setting"
+ " WHERE upper(fac_email_setting_user) = upper("+safe.quoted_sql(user)+")";
var oRs = Oracle.Execute(sql);
if (oRs.Eof)
{
EventLog.write("E-mail user niet ontvankelijk: " + user);
Result.Message = "Database-fout";
Result.Value = 2; // reject
return;
}
EventLog.write("E-mail user ontvankelijk: " + user);
var action = oRs("fac_email_setting_action").Value; // Package aanroep
if (oRs("fac_email_setting_expire").Value != null)
{
var expire = new Date(oRs("fac_email_setting_expire").Value);
if (expire.getTime() < (new Date).getTime())
{
EventLog.write("Te laat: " + expire);
Result.Message = "Te laat";
Result.Value = 2; // reject
return;
}
}
var from = oRs("fac_email_setting_from").Value;
if (from)
{
if (String(from).toUpperCase() != String(fromAddr).toUpperCase())
{
EventLog.write("Foute afzender: " + from + " is niet " + fromAddr);
Result.Message = "Foute afzender";
Result.Value = 2; // reject
return;
}
}
var path = oRs("fac_email_setting_attachpath").Value;
oRs.Close();
// verwijder entries in de FAC_RESULT table zodat de action nieuwe resultaten kan schrijving
sql = "DELETE fac_result WHERE fac_result_sessionid = 'hMailServer'";
Oracle.Execute(sql);
if (action) // Bij.v "fac.processemail" of "uwva.closeorder-sample"
{
if (oMessage.Body == "")
{
v_body = "Mail body is leeg. HTML inhoud:\n" + stripHtml(oMessage.htmlBody);
}
else
{
v_body = oMessage.Body;
}
sql = "BEGIN " + action + " (" + safe.quoted_sql(fromAddr)+","
+ safe.quoted_sql(toAddr)+","
+ safe.quoted_sql(oMessage.Subject)+","
+ safe.quoted_sql(v_body)+","
+ "'');"
+ "END;";
Oracle.Execute(sql);
// TODO: Is er ook een resultaat om terug te melden? Melding-key bijvoorbeeld?
}
sql = "SELECT fac_result_waarde"
+ " FROM fac_result"
+ " WHERE fac_result_naam = 'errormsg'"
+ " AND fac_result_sessionid = 'hMailServer'";
var oRs = Oracle.Execute(sql);
if (!oRs.Eof)
{
EventLog.write(oRs("fac_result_waarde").Value);
Result.Message = oRs("fac_result_waarde").Value;
Result.Value = 2; // reject
return;
}
else
{
if (path && oMessage.Attachments.Count > 0)
{
sql = "SELECT fac_result_waarde"
+ " FROM fac_result"
+ " WHERE fac_result_naam = 'kenmerkpath'"
+ " AND fac_result_sessionid = 'hMailServer'";
var oRs1 = Oracle.Execute(sql);
if (!oRs1.Eof)
{
path = path + oRs1("fac_result_waarde").Value;
}
oRs1.Close();
// Veilige extensies
sql = "SELECT COALESCE(fac_setting_pvalue, fac_setting_default)"
+ " FROM fac_setting"
+ " WHERE fac_setting_name = 'flexallowedext'";
var oRs1 = Oracle.Execute(sql);
var flexAllowedExt = oRs1("fac_result_waarde").Value;
oRs1.Close();
CreateFullPath(path);
for (i=0; i < oMessage.Attachments.Count; i++)
{
filenm = "" + safe.filename(oMessage.Attachments.Item(i).fileName);
if (filenm == 'tmpl_logo.gif')
{ // Waarschijnlijk een FACILITOR bon gereply'd
EventLog.write("Bijlage " + filenm + " genegeerd.");
}
else if (!new RegExp(flexAllowedExt, "ig").test(filenm))
{
// TODO: Misschien ook terugkoppelen aan zender?
EventLog.write("Onveilig bestand: " + filenm + " is niet opgeslagen.");
}
else
{
EventLog.write(filenm + ' bijlage (' + oMessage.Attachments.Item(i).Size + ' bytes) naar ' + path);
filePath = path + filenm;
oMessage.Attachments.Item(i).SaveAs(filePath);
}
}
// TODO: Is er ook een resultaat om terug te melden? 'Geslaagd' bijvoorbeeld?
// Of: tracking: fromAddr + ' stuurt per e-mail ' + oMessage.Attachments.Item(i).fileName
}
}
oRs.Close();
EventLog.write("Klaar....");
}
View Git Blame Copy Permalink