[opencms-dev] serious bug in commons-email-1.0-mod.jar (class HtmlEmail)
Florian Heinisch
florian.heinisch at 3kraft.com
Tue May 27 10:56:34 CEST 2008
Hi Christian,
so far I did not get any comment concerning the reported bug.
At that time, I needed a quick fix, so I just patched the
org.apache.commons.mail.HtmlEmail class and added the compiled class
the my WEB-INF/classes directory. As I am using Tomcat, the classes in
the WEB-INF/classes directory take precedence over the classes in the
WEB-INF/lib directory.
Please note that the only thing I added was the if clause in line 71:
if(container.getCount() < 2) {
container.addBodyPart(msgText);
}
Following the complete class:
-------------------------------------------------
package org.apache.commons.mail;
import java.net.URL;
import java.util.*;
import javax.activation.DataHandler;
import javax.activation.URLDataSource;
import javax.mail.BodyPart;
import javax.mail.MessagingException;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
// Referenced classes of package org.apache.commons.mail:
// MultiPartEmail, StringUtils, Email
public class HtmlEmail extends MultiPartEmail {
private String text;
private String html;
private List inlineImages;
public HtmlEmail() {
inlineImages = new ArrayList();
}
public HtmlEmail setTextMsg(String text) {
this.text = text;
return this;
}
public HtmlEmail setHtmlMsg(String html) {
this.html = html;
return this;
}
public Email setMsg(String msg) {
setTextMsg(msg);
setHtmlMsg("<html><body><pre>" + msg + "</pre></body></html>");
return this;
}
public String embed(URL url, String name)
throws MessagingException {
MimeBodyPart mbp = new MimeBodyPart();
mbp.setDataHandler(new DataHandler(new URLDataSource(url)));
mbp.setFileName(name);
mbp.setDisposition("inline");
String cid = StringUtils.randomAscii(10);
mbp.addHeader("Content-ID", cid);
inlineImages.add(mbp);
return mbp.getContentID();
}
public void send() throws MessagingException {
MimeMultipart container = getContainer();
container.setSubType("related");
BodyPart msgText = null;
BodyPart msgHtml = null;
if(StringUtils.isNotEmpty(html)) {
msgHtml = getPrimaryBodyPart();
if(charset != null)
msgHtml.setContent(html, "text/html;charset=" +
charset);
else
msgHtml.setContent(html, "text/html");
for(Iterator iter = inlineImages.iterator();
iter.hasNext(); container.addBodyPart((BodyPart)iter.next()));
}
if(StringUtils.isNotEmpty(text)) {
if(msgHtml == null) {
msgText = getPrimaryBodyPart();
} else {
msgText = new MimeBodyPart();
if(container.getCount() < 2) {
container.addBodyPart(msgText);
}
}
if(charset != null)
msgText.setContent(text, "text/plain;charset=" +
charset);
else
msgText.setContent(text, "text/plain");
}
super.send();
}
/**
* @deprecated Method isValid is deprecated
*/
public static final boolean isValid(String foo) {
return StringUtils.isNotEmpty(foo);
}
}
-------------------------------------------------
Many regards,
Florian
On May 27, 2008, at 10:07 AM, Christian Hellinger wrote:
> Hi together,
>
> I'm referencing to the mail of Florian Heinisch, written Mon, 28 Apr
> 2008
> (see below), describing a problem with the newsletter module.
>
> I face the same problem, currently, and I want to know, if there's
> already
> a fix for it.
> To make the matter more complicated, I need the fix for the OpenCms
> 7.0.3
> build, not the actual one (for 7.0.4.).
>
> I think that it doesn't make sense to fix the same issue several
> times.
> So, please, I someone has a fix or is currently working on one,
> notify me.
> In the later case we can perhaps join forces.
>
> Regards
>
> Christian
>
> --------------------------------------
>
> DREGER INFORMATION TECHNOLOGY
>
> J&J DREGER Consulting GmbH & Co. KG
> Carl-Benz-Str. 35
> D - 60386 Frankfurt am Main, Germany
>
> Phone : +49-69-90479-0
> Fax : +49-69-90479-479
>
> Email : christian.hellinger at dreger.de
> WWW : http://www.dreger.de
>
> --------------------------------------
>
> Consulting & Solutions: http://www.d-business.de
> Mobile Solutions Competence Center: http://www.d-business.de/mscc
>
> Business Development: http://www.1j1.com
>
>> Date: Mon, 28 Apr 2008 13:04:59 +0200
>> From: Florian Heinisch <florian.heinisch at 3kraft.com>
>> Subject: [opencms-dev] serious bug in commons-email-1.0-mod.jar
>> (class
> HtmlEmail)
>> To: opencms-dev at opencms.org
>> Message-ID: <C675D885-7A0B-4E76-907F-11DAF90A46F9 at 3kraft.com>
>> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>>
>> Dear OpenCms-Developers,
>>
>> first of all I would like to thank you for your great work.
>> I am posting the first time to this dev list. Prior to writing this
>> post, I searched through the mail list archive and could not find any
>> related issues. If I did miss something by searching the mail list
>> archive and consequently post some redundant stuff here, please
>> forbear with me :)
>>
>> I am using OpenCms 7.0.3 with the OAMP Newsletter module 1.0.
>> Using the Newsletter module, I was sending newsletters in HTML format
>> and realised that the larger the mailing list, the larger (in terms
>> of
>> file size) the mails generated by the Newsletter module got.
>> After some testing, I saw that for every subscriber in the mailing
>> list the plaintext bodypart of the mail was attached once more. This
>> is, the first subscriber gets the only "correct" mail: one bodypart
>> containing the HTML mail and one bodypart containing the plaintext
>> mail. The second subscriber gets the one bodypart containing the HTML
>> mail and TWO (!!) bodyparts each containing the plaintext mail, the
>> third subscriber gets the mail containing one bodypart containin the
>> HTML mail and THREE bodyparts each containing the plaintext mail and
>> so on and so on.
>> So the 1000th subscriper gets the mail containing one bodypart with
>> the HTML mail and 1000 bodyparts each containing the plaintext mail.
>> As you can imagine, the mails are getting way to big.
>>
>> Consequently, I had a closer look at the source code and I was quite
>> puzzled what I detected. I saw that you are using a patched version
>> of
>> the Apache Commons Email 1.0 library. IMHO, it seems as a bad design
>> decision patching standard third party libraries rather than using
>> those libraries with an adapter or whatsoever.
>> After decompiling the patched commons email code (I could not find
>> any
>> source code for this library) I found the bug in the class
>> org.apache.commons.mail.HtmlEmail in the method send():
>> By calling
>> MimeMultipart container = getContainer();
>> you get a reference to the existing MimeMulitpart object and you do
>> not create a new one (I think you should use createMimeMultipart()
>> but this method is not implemented in your library). Consequently,
>> with the following code you are adding a new bodyport with the
>> plaintext mail for every subscriber, although the bodypart with
>> plaintext mail already exists in the MimeMultipart object:
>> if(msgHtml == null)
>> {
>> msgText = getPrimaryBodyPart();
>> } else
>> {
>> msgText = new MimeBodyPart();
>> container.addBodyPart(msgText);
>> }
>>
>> Did anyone of you already encounter this issue?
>> I think it would be a good idea to replace commons-email-1.0-mod.jar
>> with the standard commons email library. If you need any help to do
>> so, I would like to offer you my help to refactor the OpenCms code
>> that makes use of the commons-email-1.0-mod.jar.
>>
>> Many regards,
>>
>> Florian
>
> --------------------------------------
> Sitz / Registergericht: Frankfurt am Main / Amtsgericht Frankfurt am
> Main
> Registernummer: HRA 42705
> Geschaeftsfuehrer: Jens Dreger, Joerg Dreger
> USt.ID: DE244892265
> --------------------------------------
> Komplementaer-GmbH: J&J DREGER Verwaltungs GmbH, Carl-Benz-Str. 35,
> 60386 Frankfurt am Main
> Sitz / Registergericht: Frankfurt am Main / Amtsgericht Frankfurt am
> Main
> Registernummer: HRB 73891
> Geschaeftsfuehrer: Jens Dreger, Joerg Dreger
> --------------------------------------
> Diese E-Mail inklusive aller Anhaenge koennte vertrauliche und/oder
> rechtlich geschuetzte Informationen
> enthalten. Wenn Sie nicht der beabsichtigte Adressat sind, der diese
> E-Mail irrtuemlich erhalten hat,
> informieren Sie bitte sofort den Absender und vernichten Sie alle
> Kopien dieser E-Mail von Ihrem System.
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail
> sind nicht gestattet.
>
> This e-mail and any attachment (both hereinafter called as e-mail)
> may contain confidential and/or privileged
> information. If you are not the intended recipient or have received
> this e-mail in error please notify the sender
> immediately and destroy all copies of this e-mail from your system.
> Any unauthorised copying, disclosure or
> distribution of the material in this e-mail is strictly forbidden.
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please
> visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list