Skip to content

AttachmentDownloadService #379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TatevikGr wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

AttachmentDownloadService #379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f65b90f
AttachmentDownloadService
tatevikg1 Feb 9, 2026
14c47a3
Add tests
tatevikg1 Feb 9, 2026
0838e27
After review 0
tatevikg1 Feb 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,11 +86,11 @@
"ext-curl": "*",
"ext-fileinfo": "*",
"setasign/fpdf": "^1.8",
"phpdocumentor/reflection-docblock": "^5.2"
"phpdocumentor/reflection-docblock": "^5.2",
"guzzlehttp/guzzle": "^6.3.0"
},
"require-dev": {
"phpunit/phpunit": "^9.5",
"guzzlehttp/guzzle": "^6.3.0",
"squizlabs/php_codesniffer": "^3.2.0",
"phpstan/phpstan": "^1.10",
"nette/caching": "^3.0.0",
Expand Down
13 changes: 13 additions & 0 deletions src/Domain/Messaging/Exception/AttachmentFileNotFoundException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?php

declare(strict_types=1);

namespace PhpList\Core\Domain\Messaging\Exception;

class AttachmentFileNotFoundException extends \RuntimeException
{
public function __construct()
{
parent::__construct('Attachment file not available');
}
}
18 changes: 18 additions & 0 deletions src/Domain/Messaging/Model/Dto/DownloadableAttachment.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<?php

declare(strict_types=1);

namespace PhpList\Core\Domain\Messaging\Model\Dto;

use Psr\Http\Message\StreamInterface;

final class DownloadableAttachment
{
public function __construct(
public readonly string $filename,
public readonly string $mimeType,
public readonly ?int $size,
public readonly StreamInterface $content,
) {
}
}
3 changes: 1 addition & 2 deletions src/Domain/Messaging/Service/AttachmentAdder.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,7 @@ public function add(Email $email, int $campaignId, OutputFormat $format, bool $f

case OutputFormat::Text:
$hash = $forwarded ? 'forwarded' : $email->getTo()[0]->getAddress();
// todo: add endpoint in rest-api project
$viewUrl = $this->attachmentDownloadUrl . '/?id=' . $att->getId() . '&uid=' . $hash;
$viewUrl = $this->attachmentDownloadUrl . '/' . $att->getId() . '/?uid=' . $hash;
Copy link

@coderabbitai coderabbitai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Consider URL-encoding the uid query parameter value.

$hash can be an email address containing characters like + that have special meaning in query strings. Without urlencode(), a + would be interpreted as a space by the receiving end.

Suggested fix 
-                    $viewUrl = $this->attachmentDownloadUrl . '/' . $att->getId() . '/?uid=' . $hash;
+                    $viewUrl = $this->attachmentDownloadUrl . '/' . $att->getId() . '/?uid=' . urlencode($hash);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
$viewUrl = $this->attachmentDownloadUrl . '/' . $att->getId() . '/?uid=' . $hash;
$viewUrl = $this->attachmentDownloadUrl . '/' . $att->getId() . '/?uid=' . urlencode($hash);
🤖 Prompt for AI Agents 
In `@src/Domain/Messaging/Service/AttachmentAdder.php` at line 61, The constructed
download URL in AttachmentAdder (variable $viewUrl) concatenates $hash directly
into the uid query parameter which can corrupt values like emails containing
'+'; update the URL construction in the AttachmentAdder.php code that builds
$viewUrl (uses $this->attachmentDownloadUrl and $att->getId()) to URL-encode the
uid value (e.g., use urlencode on $hash) so the uid query parameter is safely
transmitted.


$email->text(
$email->getTextBody()
Expand Down
64 changes: 64 additions & 0 deletions src/Domain/Messaging/Service/AttachmentDownloadService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
<?php

declare(strict_types=1);

namespace PhpList\Core\Domain\Messaging\Service;

use GuzzleHttp\Psr7\Utils;
use PhpList\Core\Domain\Messaging\Exception\AttachmentFileNotFoundException;
use PhpList\Core\Domain\Messaging\Model\Attachment;
use PhpList\Core\Domain\Messaging\Model\Dto\DownloadableAttachment;
use Psr\Http\Message\StreamInterface;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\Mime\MimeTypes;

class AttachmentDownloadService
{
public function __construct(
#[Autowire('%phplist.attachment_repository_path%')] private readonly string $attachmentRepositoryPath = '/tmp',
) {
}

public function getDownloadable(Attachment $attachment): DownloadableAttachment
{
$original = $attachment->getFilename();
$filename = basename($original);

if ($filename === '' || $filename !== $original) {
throw new AttachmentFileNotFoundException();
}

$baseDir = realpath($this->attachmentRepositoryPath);
if ($baseDir === false) {
throw new \RuntimeException('Attachment repository path does not exist.');
}

$filePath = $baseDir . DIRECTORY_SEPARATOR . $filename;
$realPath = realpath($filePath);

if ($realPath === false ||
!str_starts_with($realPath, $baseDir . DIRECTORY_SEPARATOR) ||
!is_file($realPath) ||
!is_readable($realPath)
) {
throw new AttachmentFileNotFoundException();
}

$mimeType = $attachment->getMimeType()
?? MimeTypes::getDefault()->guessMimeType($filePath)
?? 'application/octet-stream';

$size = filesize($filePath);
$size = $size === false ? null : $size;
Comment on lines +51 to +52
Copy link

@coderabbitai coderabbitai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

$size can be null but DownloadableAttachment::$size is typed int.

This is the root cause of the type mismatch flagged on the DTO. Either coalesce here or fix the DTO type.

Quick fix: coalesce to 0 
-        $size = $size === false ? null : $size;
+        $size = $size === false ? 0 : $size;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
$size = filesize($filePath);
$size = $size === false ? null : $size;
$size = filesize($filePath);
$size = $size === false ? 0 : $size;
🤖 Prompt for AI Agents 
In `@src/Domain/Messaging/Service/AttachmentDownloadService.php` around lines 40 -
41, The filesize() call can return false, but DownloadableAttachment::$size is
typed int, so coalesce or convert the result before assigning to the DTO; in
AttachmentDownloadService replace the current $size assignment (the $size =
filesize($filePath); $size = $size === false ? null : $size;) with a safe int
value (e.g. coalesce to 0 or cast to int) so DownloadableAttachment::$size
always receives an int, or alternatively change DownloadableAttachment::$size to
?int if nulls are intended.


/** @var StreamInterface $stream */
$stream = Utils::streamFor(Utils::tryFopen($filePath, 'rb'));

return new DownloadableAttachment(
filename: $filename,
mimeType: $mimeType,
size: $size,
content: $stream,
);
}
}
2 changes: 1 addition & 1 deletion tests/Unit/Domain/Messaging/Service/AttachmentAdderTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ public function testTextModePrependsNoticeAndLinks(): void
);
$this->assertStringContainsString('Doc description', $body);
$this->assertStringContainsString('Location', $body);
$this->assertStringContainsString('https://dl.example/?id=42&uid=user@example.com', $body);
$this->assertStringContainsString('https://dl.example/42/?uid=user@example.com', $body);
}

public function testHtmlUsesRepositoryFileIfExists(): void
Expand Down
101 changes: 101 additions & 0 deletions tests/Unit/Domain/Messaging/Service/AttachmentDownloadServiceTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
<?php

declare(strict_types=1);

namespace PhpList\Core\Tests\Unit\Domain\Messaging\Service;

use PhpList\Core\Domain\Messaging\Exception\AttachmentFileNotFoundException;
use PhpList\Core\Domain\Messaging\Model\Attachment;
use PhpList\Core\Domain\Messaging\Service\AttachmentDownloadService;
use PHPUnit\Framework\TestCase;

final class AttachmentDownloadServiceTest extends TestCase
{
private string $tempDir;

protected function setUp(): void
{
$this->tempDir = sys_get_temp_dir() . '/phplist-att-dl-' . bin2hex(random_bytes(5));
if (!is_dir($this->tempDir)) {
mkdir($this->tempDir, 0777, true);
}
}

protected function tearDown(): void
{
// cleanup temp directory
if (is_dir($this->tempDir)) {
$files = scandir($this->tempDir) ?: [];
foreach ($files as $f) {
if ($f === '.' || $f === '..') {
continue;
}
unlink($this->tempDir . '/' . $f);
}
rmdir($this->tempDir);
}
}

public function testThrowsWhenFilenameIsEmpty(): void
{
$service = new AttachmentDownloadService($this->tempDir);

$attachment = $this->createMock(Attachment::class);
$attachment->method('getFilename')->willReturn('');

$this->expectException(AttachmentFileNotFoundException::class);
$service->getDownloadable($attachment);
}

public function testThrowsWhenFileDoesNotExist(): void
{
$service = new AttachmentDownloadService($this->tempDir);

$attachment = $this->createMock(Attachment::class);
$attachment->method('getFilename')->willReturn('missing-file.pdf');

$this->expectException(AttachmentFileNotFoundException::class);
$service->getDownloadable($attachment);
}

public function testReturnsDownloadableWithExplicitMimeType(): void
{
$service = new AttachmentDownloadService($this->tempDir);

$filename = 'doc.pdf';
$content = '%PDF-1.4\n';
file_put_contents($this->tempDir . '/' . $filename, $content);

$attachment = $this->createMock(Attachment::class);
$attachment->method('getFilename')->willReturn($filename);
$attachment->method('getMimeType')->willReturn('application/pdf');

$dl = $service->getDownloadable($attachment);

$this->assertSame($filename, $dl->filename);
$this->assertSame('application/pdf', $dl->mimeType);
$this->assertSame(strlen($content), $dl->size);
$this->assertSame($content, (string)$dl->content);
}

public function testGuessesMimeTypeAndProvidesStream(): void
{
$service = new AttachmentDownloadService($this->tempDir);

$filename = 'note.txt';
$content = "Hello, world!\n";
file_put_contents($this->tempDir . '/' . $filename, $content);

$attachment = $this->createMock(Attachment::class);
$attachment->method('getFilename')->willReturn($filename);
$attachment->method('getMimeType')->willReturn(null);

$dl = $service->getDownloadable($attachment);

$this->assertSame($filename, $dl->filename);
// Symfony MimeTypes should detect text/plain for .txt
$this->assertSame('text/plain', $dl->mimeType);
$this->assertSame(strlen($content), $dl->size);
$this->assertSame($content, (string)$dl->content);
}
}
Loading