I need some help to download email attachments from S3 bucket, email formats are MIME files. How can I read this email file and download attachment? Any good source is appreciated too
Content-Type: application/octet-stream;
name="3c1bd1393c7543cd9f38c1ff26d474ab.snappy.parquet"
Content-Disposition: attachment;
filename="3c1bd1393c7543cd9f38c1ff26d474ab.snappy.parquet"
Content-Transfer-Encoding: base64
Content-ID: <f_l6z42itv0>
X-Attachment-Id: f_l6z42itv0
after upgrading to 9.5.17 i get in the reports the following security messages:
Server Response on static files:
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.html.wrong
unexpected content-type text/html
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.1.svg.wrong
unexpected content-type image/svg+xml
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.php.wrong
unexpected content PHP content
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.php.txt
unexpected content PHP content
what does this mean?
I inspected the folder /typo3temp/assets/ - there is no folder 43cd7f07.tmp
Thanks!
The error messages you are receiving are part of a security feature that has been integrated into recent TYPO3 v9.5.17 and v10.4.2 releases, see https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html
Basically it means that your current server system
is evaluating files like test.php.txt (.php not at the end of the filename) still as PHP content - this can cause a security vulnerability in case somebody manages to upload a similar file (which might be considered as text/plain file, but is actually executable PHP code)
potentially remote code execution
is serving files like test.html.wrong (.html not at the end of the filename) still as text/html which triggers the browser to execute HTML tags and potential dangerous <script> tags
potentially cross-site scripting
Call for action
In case this is a live and in production server, you should adjust your web server configuration.
The fix is to limit those web server mime-type mapping only to those files having e.g. .html at the very end, like shown in this example for the Apache HTTP web server
<FilesMatch ".+\.html?$">
AddType text/html .html .htm
</FilesMatch>
Find more details and explanation in the TYPO3 security guidelines for server admins at https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/Security/GuidelinesAdministrators/Index.html#file-extension-handling
Update May 17th, 2020
https://gist.github.com/ohader/11d737de95895f8ca16495a8b7001c45 contains examples how to adjust an .htaccess file in case settings cannot be changed on a (shared) hosting environment.
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
<FilesMatch ".+\.php$">
# IMPORTANT: `php-fcgid` is using in THIS example
# Most probably is different for each individual configuration
SetHandler php-fcgid
# SetHandler php-script
# SetHandler application/x-httpd-php
</FilesMatch>
</IfModule>
Current handler identifier php-fcgid was identified for the example above using a phpinfo(); and searching for $_SERVER[REDIRECT_HANDLER]:
$_SERVER['REDIRECT_HANDLER'] php-fcgid
For shared hosting it can be quite hard to find out the correct handler for php.
some specialty for 1&1 Ionos, might be even special to this particular shared hosting package:
shared hosting with php 7.3 (confirmed in phpinfo), but $_SERVER['REDIRECT_HANDLER'] gives "x-mapp-php5" (not sure why, could be that the hosting is running for many years and was upgraded to php 7 and they somehow alias it for whatever reason)
The working solution for me was:
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php
</FilesMatch>
</IfModule>
I had to remove both the handler/type and add them again within the filesmatch.
Took me quite a while to get this working, hope this helps.
For host-europe $_SERVER['REDIRECT_HANDLER'] was empty, php7.4:
<IfModule mod_mime.c>
....
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
# only this handler seems to work
AddType application/x-httpd-php .php
AddHandler application/x-httpd-php .php
</FilesMatch>
</IfModule>
The following solution was recommended to me by the support team of ALL-INKL.COM.
I had to contact them, because the remove statements (RemoveHandler .php) did not work.
<FilesMatch "\.(php[0-9,x]*|phtml)\.">
SetHandler text/plain
</FilesMatch>
Thanks to the ALL-INKL.COM-Support-Team
Here is some Domainfactory speciality.
Mind the ForceType directive (set your specific PHP version there). If not used, its webserver would still use mimetype-sniffing.
To be used on the bottom of the newest .htaccess template (10.4, 9.5) which includes the strict handling for .svg[z]/.htm[l] already
# DomainFactory-special:
# 1) remove mimetype-sniffing anything for PHP
# 2) force PHP 7.3 mimetype on .php files
<IfModule mod_mime.c>
RemoveType .php
<FilesMatch ".+\.php$">
ForceType application/x-httpd-php73
</FilesMatch>
</IfModule>
This works for JWEILAND, WEBGO and PHP:
<IfModule mod_mime.c>
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
AddType application/x-httpd-php .php
AddHandler application/x-httpd-php .php
</FilesMatch>
</IfModule>
I am migrating from an old HP-UX box to a new Rhat box. Our ERP emailer program saves the email (including MIME headers) as "Email_msg_port.html" and the attachment in the user's home dir. No problem so far.
The emailer then issues the following command:
(cat Email_msg_8.html ; base64 /home/johnsmith/APMS9010.txt) | sendmail -t
The email itself is fine, but the attachment is always empty (though it says it is about 300 bytes).
My MIME header looks like this:
MIME-Version: 1.1
From: myEmail#myCompany.com
To: myEmail#myCompany.com
Subject: APMS9010.1 - Download Top Vendor Purchase - LIVE.DATA
Content-Type: multipart/mixed; boundary="_boundarystring"
This is a multi-part message in MIME format.
--_boundarystring
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: binary
Content-Disposition: inline
Content-Base: "http://myCompany.com/";
I have tried Content-Transfer-Encoding: binary (and 7bit)
Is my MIME stuff wrong, the base64 command wrong, both, or something else?
Thanks
I have installed the mod_deflate on centos. In virtual host file I have added the following
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
DeflateFilterNote Input input_info
DeflateFilterNote Output output_info
DeflateFilterNote Ratio ratio_info
LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
CustomLog /var/log/httpd/deflate_log deflate
its show the compression in log also but not showing improvement in pageloading time.
Please guide for the same.
if its still not working a possible reasone will be you have not included this
LoadModule deflate_module modules/mod_deflate.so
in apache
httpd.conf
I have a .mobileconfig file in one URL. I am sending the Http post from xcode(When a button is clicked), the http post contains the .mobileconfig url. Can i download that file when the button is clicked ?
When it comes to serving up this file. It needs to be served up with a MIME Content-Type of application/x-apple-aspen-config. You may be able to do this by adding a line to your server's configuration or .htaccess file in the folder with:
<IfModule mod_mime.c>
AddType application/x-apple-aspen-config .mobileconfig
</IfModule>
If serving the file from within PHP, you may do something like:
header('Content-type: application/x-apple-aspen-config; charset=utf-8');
header('Content-Disposition: attachment; filename="company.mobileconfig"');
echo $mobileconfig;
Small correction: that is not "chatset", it is Charset. Be sure which charset you want:
header('Content-type: application/x-apple-aspen-config; Charset=utf-8');
header('Content-Disposition: attachment; filename="company.mobileconfig"');
echo $mobileconfig;