*
* This implements all functions that do general IMAP functions.
*
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright 1999-2017 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
$message = $message[$tag];
$response = $response[$tag];
return $read[$tag];
+//FIXME: obey $handle_errors below!
} else {
global $squirrelmail_language, $color;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
+//FIXME: NO HTML IN CORE!
"</b></font>\n";
error_box($string);
return false;
$message = $message[$tag];
if (!empty($read[$tag])) {
+ /* sqimap_read_data should be called for one response
+ but since it just calls sqimap_retrieve_imap_response
+ which handles multiple responses we need to check for
+ that and merge the $read[$tag] array IF they are
+ separated and IF it was a FETCH response. */
+
+ if (isset($read[$tag][1]) && is_array($read[$tag][1]) && isset($read[$tag][1][0])
+ && preg_match('/^\* \d+ FETCH/', $read[$tag][1][0])) {
+ $result = array();
+ foreach($read[$tag] as $index => $value) {
+ $result = array_merge($result, $read[$tag]["$index"]);
+ }
+ return $result;
+ }
+
return $read[$tag][0];
} else {
return $read[$tag];
}
+//FIXME: obey $handle_errors below!
} else {
global $squirrelmail_language, $color;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
+//FIXME: NO HTML IN CORE!
"</b></font>\n";
error_box($string);
return false;
&$response, &$message, $query = '') {
global $color, $oTemplate, $squirrelmail_language;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: Bad function call.") .
+//FIXME: NO HTML IN CORE!
"</b><br />\n" .
_("Reason:") . ' '.
'There is a plugin installed which make use of the <br />' .
'Please adapt the installed plugin and let it use<br />'.
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
- htmlspecialchars($query) . '<br />' . "</font><br />\n";
+//FIXME: NO HTML IN CORE!
+ sm_encode_html_special_chars($query) . '<br />' . "</font><br />\n";
error_box($string);
$oTemplate->display('footer.tpl');
exit;
global $color, $squirrelmail_language;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<font color=\"$color[2]\"><b>\n" . $title . "</b><br />\n";
$cmd = explode(' ',$query);
$cmd= strtolower($cmd[0]);
if ($query != '' && $cmd != 'login')
- $string .= _("Query:") . ' ' . htmlspecialchars($query) . '<br />';
+ $string .= _("Query:") . ' ' . sm_encode_html_special_chars($query) . '<br />';
if ($message_title != '')
$string .= $message_title;
if ($message != '')
- $string .= htmlspecialchars($message);
+ $string .= sm_encode_html_special_chars($message);
+//FIXME: NO HTML IN CORE!
$string .= "</font><br />\n";
if ($link != '')
$string .= $link;
we prohibid that literal responses appear in the
outer loop so we can trust the untagged and
tagged info provided by $read */
+ $read_literal = false;
if ($s === "}\r\n") {
$j = strrpos($read,'{');
$iLit = substr($read,$j+1,-3);
if ($read === false) { /* error */
break 4; /* while while switch while */
}
- $fetch_data[] = $read;
+ $s = substr($read,-3);
+ $read_literal = true;
+ continue;
} else {
$fetch_data[] = $read;
}
/* check for next untagged reponse and break */
if ($read{0} == '*') break 2;
$s = substr($read,-3);
- } while ($s === "}\r\n");
+ } while ($s === "}\r\n" || $read_literal);
$s = substr($read,-3);
} while ($read{0} !== '*' &&
substr($read,0,strlen($tag)) !== $tag);
$query = '';
}
sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:"),$sResponse);
+//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
} else if ($handle_errors) {
case 'NO':
/* ignore this error from M$ exchange, it is not fatal (aka bug) */
if (strstr($message[$tag], 'command resulted in') === false) {
+ sqsession_register('NO', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: Could not complete request."), $query, _("Reason Given:") . ' ', $message[$tag]);
echo '</body></html>';
exit;
}
break;
case 'BAD':
+ sqsession_register('BAD', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: Bad or malformed request."), $query, _("Server responded:") . ' ', $message[$tag]);
+//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
case 'BYE':
+ sqsession_register('BYE', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:") . ' ', $message[$tag]);
+//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
default:
+ sqsession_register('UNKNOWN', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: Unknown IMAP response."), $query, _("Server responded:") . ' ', $message[$tag]);
/* the error is displayed but because we don't know the reponse we
return the result anyway */
* @param int port port number to connect to
* @param integer $tls whether to use plain text(0), TLS(1) or STARTTLS(2) when connecting.
* Argument was boolean before 1.5.1.
+ * @param array $stream_options Stream context options, see config_local.php
+ * for more details (OPTIONAL)
* @return imap-stream resource identifier
* @since 1.5.0 (usable only in 1.5.1 or later)
*/
-function sqimap_create_stream($server,$port,$tls=0) {
+function sqimap_create_stream($server,$port,$tls=0,$stream_options=array()) {
global $squirrelmail_language;
if (strstr($server,':') && ! preg_match("/^\[.*\]$/",$server)) {
$server = '['.$server.']';
}
+ // NB: Using "ssl://" ensures the highest possible TLS version
+ // will be negotiated with the server (whereas "tls://" only
+ // uses TLS version 1.0)
+ //
if ($tls == 1) {
if ((check_php_version(4,3)) and (extension_loaded('openssl'))) {
- /* Use TLS by prefixing "tls://" to the hostname */
- $server = 'tls://' . $server;
+ if (function_exists('stream_socket_client')) {
+ $server_address = 'ssl://' . $server . ':' . $port;
+ $ssl_context = @stream_context_create($stream_options);
+ $connect_timeout = ini_get('default_socket_timeout');
+ // null timeout is broken
+ if ($connect_timeout == 0)
+ $connect_timeout = 15;
+ $imap_stream = @stream_socket_client($server_address, $error_number, $error_string, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context);
+ } else {
+ $imap_stream = @fsockopen('ssl://' . $server, $port, $error_number, $error_string, 15);
+ }
} else {
require_once(SM_PATH . 'functions/display_messages.php');
logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
_("Please contact your system administrator and report this error."),
sprintf(_("Error connecting to IMAP server: %s."), $server));
}
+ } else {
+ $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
}
- $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
/* Do some error correction */
if (!$imap_stream) {
set_up_language($squirrelmail_language, true);
require_once(SM_PATH . 'functions/display_messages.php');
logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
+//FIXME: NO HTML IN CORE!
"<br />\r\n$error_number : $error_string<br />\r\n",
sprintf(_("Error connecting to IMAP server: %s."), $server) );
exit;
/**
* Logs the user into the IMAP server. If $hide is set, no error messages
- * will be displayed. This function returns the IMAP connection handle.
+ * will be displayed (if set to 1, just exits, if set to 2, returns FALSE).
+ * This function returns the IMAP connection handle.
* @param string $username user name
* @param string $password password encrypted with onetimepad. Since 1.5.2
* function can use internal password functions, if parameter is set to
* boolean false.
* @param string $imap_server_address address of imap server
* @param integer $imap_port port of imap server
- * @param boolean $hide controls display connection errors
- * @return stream
+ * @param int $hide controls display connection errors:
+ * 0 = do not hide
+ * 1 = show no errors (just exit)
+ * 2 = show no errors (return FALSE)
+ * 3 = show no errors (return error string)
+ * @param array $stream_options Stream context options, see config_local.php
+ * for more details (OPTIONAL)
+ * @return mixed The IMAP connection stream, or if the connection fails,
+ * FALSE if $hide is set to 2 or an error string if $hide
+ * is set to 3.
*/
-function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
+function sqimap_login ($username, $password, $imap_server_address,
+ $imap_port, $hide, $stream_options=array()) {
global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
- $imap_auth_mech, $sqimap_capabilities;
+ $imap_auth_mech, $sqimap_capabilities, $display_imap_login_error;
// Note/TODO: This hack grabs the $authz argument from the session. In the short future,
// a new argument in function sqimap_login() will be used instead.
if(!empty($authz)) {
/* authz plugin - specific:
- * Get proxy login parameters from authz plugin configuration. If they
+ * Get proxy login parameters from authz plugin configuration. If they
* exist, they will override the current ones.
* This is useful if we want to use different SASL authentication mechanism
* and/or different TLS settings for proxy logins. */
- global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls;
+ global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls;
$imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech;
$use_imap_tls = !empty($authz_use_imap_tls)? $authz_use_imap_tls : $use_imap_tls;
$imap_port = !empty($authz_use_imap_tls)? $authz_imapPort_tls : $imap_port;
$host = $imap_server_address;
$imap_server_address = sqimap_get_user_server($imap_server_address, $username);
- $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
+ $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls,$stream_options);
if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
// We're using some sort of authentication OTHER than plain or login
/* If the connection was not successful, lets see why */
if ($response != 'OK') {
- if (!$hide) {
+ if (!$hide || $hide == 3) {
+//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here
if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
- $message = htmlspecialchars($message);
+ $message = sm_encode_html_special_chars($message);
set_up_language($squirrelmail_language, true);
if ($response == 'BAD') {
+ if ($hide == 3) return sprintf(_("Bad request: %s"), $message);
$string = sprintf (_("Bad request: %s")."<br />\r\n", $message);
} else {
+ if ($hide == 3) return sprintf(_("Unknown error: %s"), $message);
$string = sprintf (_("Unknown error: %s") . "<br />\n", $message);
}
if (isset($read) && is_array($read)) {
$string .= '<br />' . _("Read data:") . "<br />\n";
foreach ($read as $line) {
- $string .= htmlspecialchars($line) . "<br />\n";
+ $string .= sm_encode_html_special_chars($line) . "<br />\n";
}
}
error_box($string);
set_up_language($squirrelmail_language, true);
sqsession_destroy();
- sqsetcookieflush();
+
/* terminate the session nicely */
sqimap_logout($imap_stream);
- logout_error( _("Unknown user or password incorrect.") );
+
+ // determine what error message to use
+ //
+ $fail_msg = _("Unknown user or password incorrect.");
+ if ($display_imap_login_error) {
+ // See if there is an error message from the server
+ // Skip any rfc5530 response code: '[something]' at the
+ // start of the message
+ if (!empty($message)
+ && $message{0} == '['
+ && ($end = strstr($message, ']'))
+ && $end != ']') {
+ $message = substr($end, 1);
+ }
+ // Remove surrounding spaces and if there
+ // is anything left, display that as the
+ // error message:
+ $message = trim($message);
+ if (strlen($message))
+ $fail_msg = _($message);
+ }
+
+ if ($hide == 3) return $fail_msg;
+ logout_error($fail_msg);
exit;
}
} else {
+ if ($hide == 2) return FALSE;
exit;
}
}
/* Do some caching here */
if (!$sqimap_delimiter) {
- if (sqimap_capability($imap_stream, 'NAMESPACE')) {
+ if (sqimap_capability($imap_stream, 'NAMESPACE')
/*
* According to something that I can't find, this is supposed to work on all systems
* OS: This won't work in Courier IMAP.
* OS: According to rfc2342 response from NAMESPACE command is:
* OS: * NAMESPACE (PERSONAL NAMESPACES) (OTHER_USERS NAMESPACE) (SHARED NAMESPACES)
* OS: We want to lookup all personal NAMESPACES...
- *
+ *
* TODO: remove this in favour of the information from sqimap_get_namespace()
*/
- $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b);
- if (eregi('\\* NAMESPACE +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL)', $read[0], $data)) {
- if (eregi('^\\( *\\((.*)\\) *\\)', $data[1], $data2)) {
- $pn = $data2[1];
- }
- $pna = explode(')(', $pn);
- while (list($k, $v) = each($pna)) {
- $lst = explode('"', $v);
- if (isset($lst[3])) {
- $pn[$lst[1]] = $lst[3];
- } else {
- $pn[$lst[1]] = '';
- }
+ && ($read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b))
+ && preg_match('/\* NAMESPACE +(\( *\(.+\) *\)|NIL) +(\( *\(.+\) *\)|NIL) +(\( *\(.+\) *\)|NIL)/i', $read[0], $data)
+ && preg_match('/^\( *\((.*)\) *\)/', $data[1], $data2)) {
+ $pn = $data2[1];
+ $pna = explode(')(', $pn);
+ $delnew = array();
+ while (list($k, $v) = each($pna)) {
+ $lst = explode('"', $v);
+ if (isset($lst[3])) {
+ $delnew[$lst[1]] = $lst[3];
+ } else {
+ $delnew[$lst[1]] = '';
}
}
- $sqimap_delimiter = $pn[0];
+ $sqimap_delimiter = array_shift($delnew);
} else {
fputs ($imap_stream, ". LIST \"INBOX\" \"\"\r\n");
$read = sqimap_read_data($imap_stream, '.', true, $a, $b);
$read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b);
return sqimap_parse_namespace($read[0]);
}
-
+
/**
* Parses a NAMESPACE response and returns an array with the available
* personal, users and shared namespaces.
$ns_strings = array(1=>'personal', 2=>'users', 3=>'shared');
$namespace = array();
- if(ereg('NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)', $input, $regs) !== false) {
+ if (preg_match('/NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)/', $input, $regs)) {
for($i=1; $i<=3; $i++) {
if($regs[$i] == 'NIL') {
$namespace[$ns_strings[$i]] = array();
*/
function sqimap_encode_mailbox_name($what)
{
- if (ereg("[\"\\\r\n]", $what))
+ if (preg_match('/["\\\r\n]/', $what))
return '{' . strlen($what) . "}\r\n" . $what; /* 4.3 literal form */
return '"' . $what . '"'; /* 4.3 quoted string form */
}
if (!empty($hook_status)) {
$hook_status['MAILBOX']=$mailbox;
$hook_status['CALLER']='sqimap_status_messages';
- do_hook_function('folder_status',$hook_status);
+ do_hook('folder_status', $hook_status);
}
return $status;
}
if ($sRsp == 'NO' || $sRsp == 'BAD') {
// for the moment disabled. Enable after 1.5.1 release.
// Notices could give valueable information about the mailbox
- // sqm_trigger_imap_error('SQM_IMAP_APPEND_NOTICE',$imapquery,$sRsp,$sMsg);
+ // Update: seems this was forgotten, but now it is finally enabled
+ sqm_trigger_imap_error('SQM_IMAP_APPEND_NOTICE',$imapquery,$sRsp,$sMsg);
}
$bDone = false;
case $imapsid:
* @since 1.3.0
*/
function map_yp_alias($username) {
- $yp = `ypmatch $username aliases`;
+ $safe_username = escapeshellarg($username);
+ $yp = `ypmatch $safe_username aliases`;
return chop(substr($yp, strlen($username)+1));
}