* @return string $header
*/
function prepareRFC822_Header($rfc822_header, $reply_rfc822_header, &$raw_length) {
- global $domain, $version, $username, $encode_header_key, $edit_identity, $hide_auth_header;
+ global $domain, $version, $username, $encode_header_key,
+ $edit_identity, $hide_auth_header;
/* if server var SERVER_NAME not available, use $domain */
if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER)) {
* unless you understand all possible forging issues or your
* webmail installation does not prevent changes in user's email address.
* See SquirrelMail bug tracker #847107 for more details about it.
+ *
+ * Add $hide_squirrelmail_header as a candidate for config_local.php
+ * to allow completely hiding SquirrelMail participation in message
+ * processing; This is dangerous, especially if users can modify their
+ * account information, as it makes mapping a sent message back to the
+ * original sender almost impossible.
*/
- if (isset($encode_header_key) &&
+ $show_sm_header = ( defined('hide_squirrelmail_header') ? ! hide_squirrelmail_header : 1 );
+
+ if ( $show_sm_header ) {
+ if (isset($encode_header_key) &&
trim($encode_header_key)!='') {
// use encoded headers, if encryption key is set and not empty
$header[] = 'X-Squirrel-UserHash: '.OneTimePadEncrypt($username,base64_encode($encode_header_key)).$rn;
$header[] = 'X-Squirrel-FromHash: '.OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key)).$rn;
if (isset($HTTP_X_FORWARDED_FOR))
$header[] = 'X-Squirrel-ProxyHash:'.OneTimePadEncrypt($this->ip2hex($HTTP_X_FORWARDED_FOR),base64_encode($encode_header_key)).$rn;
- } else {
+ } else {
// use default received headers
$header[] = "Received: from $received_from" . $rn;
if ($edit_identity || ! isset($hide_auth_header) || ! $hide_auth_header)
$header[] = " (SquirrelMail authenticated user $username)" . $rn;
$header[] = " by $SERVER_NAME with HTTP;" . $rn;
$header[] = " $date" . $rn;
+ }
}
/* Insert the rest of the header fields */
$header[] = 'Message-ID: '. $message_id . $rn;
- if (is_object($reply_rfc822_header) &&
+ if (is_object($reply_rfc822_header) &&
isset($reply_rfc822_header->message_id) &&
$reply_rfc822_header->message_id) {
$rep_message_id = $reply_rfc822_header->message_id;
$header[] = 'Subject: '.encodeHeader($rfc822_header->subject) . $rn;
$header[] = 'From: '. $rfc822_header->getAddr_s('from',",$rn ",true) . $rn;
- // folding address list [From|To|Cc|Bcc] happens by using ",$rn<space>" as delimiter
+ // folding address list [From|To|Cc|Bcc] happens by using ",$rn<space>"
+ // as delimiter
// Do not use foldLine for that.
// RFC2822 if from contains more then 1 address
* Function is used to convert ipv4 and ipv6 addresses to hex strings.
* It removes all delimiter symbols from ip addresses, converts decimal
* ipv4 numbers to hex and pads strings in order to present full length
- * address. ipv4 addresses are represented as 8 byte strings, ipv6 addresses
+ * address. ipv4 addresses are represented as 8 byte strings, ipv6 addresses
* are represented as 32 byte string.
*
* If function fails to detect address format, it returns unprocessed string.
return $ret;
}
}
-?>
\ No newline at end of file
+
+?>
projects / squirrelmail.git / blobdiff