$smtp_php = true;
+ // This should most probably go to some initialization...
+ if (ereg("^([^@%/]+)[@%/](.+)$", $username, $usernamedata)) {
+ $popuser = $usernamedata[1];
+ $domain = $usernamedata[2];
+ unset($usernamedata);
+ } else {
+ $popuser = $username;
+ }
+ // We need domain for smtp
+ if (!$domain)
+ $domain = getenv("HOSTNAME");
+
// Returns true only if this message is multipart
function isMultipart () {
global $attachments;
$filetype = "application/octet-stream";
$header = "--".mimeBoundary()."\r\n";
- $header .= "Content-Type: $filetype\r\n";
+ $header .= "Content-Type: $filetype;name=\"$remotename\"\r\n";
$header .= "Content-Disposition: attachment; filename=\"$remotename\"\r\n";
$header .= "Content-Transfer-Encoding: base64\r\n\r\n";
fputs ($fp, $header);
// Return a nice MIME-boundary
function mimeBoundary () {
- global $version, $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT;
-
static $mimeBoundaryString;
if ($mimeBoundaryString == "") {
- $temp = "SquirrelMail".$version.$REMOTE_ADDR.$SERVER_NAME.
- $REMOTE_PORT;
- $mimeBoundaryString = "=-_+".substr(md5($temp),1,20);
+ $mimeBoundaryString = GenerateRandomString(70, '\'()+,-./:=?_', 7);
}
return $mimeBoundaryString;
/* Time offset for correct timezone */
function timezone () {
+ global $invert_time;
+
$diff_second = date("Z");
+ if ($invert_time)
+ $diff_second = - $diff_second;
if ($diff_second > 0)
$sign = "+";
else
/* Print all the needed RFC822 headers */
function write822Header ($fp, $t, $c, $b, $subject, $more_headers) {
global $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT;
- global $data_dir, $username, $domain, $version, $useSendmail;
+ global $data_dir, $username, $popuser, $domain, $version, $useSendmail;
global $default_charset, $HTTP_VIA, $HTTP_X_FORWARDED_FOR;
global $REMOTE_HOST;
$reply_to = getPref($data_dir, $username, "reply_to");
$from = getPref($data_dir, $username, "full_name");
$from_addr = getPref($data_dir, $username, "email_address");
-
+
if ($from_addr == "")
- $from_addr = "$username@$domain";
+ $from_addr = $popuser."@".$domain;
$to_list = getLineOfAddrs($to);
$cc_list = getLineOfAddrs($cc);
$bcc_list = getLineOfAddrs($bcc);
-
+
/* Encoding 8-bit characters and making from line */
- $subject = encodeHeader($subject);
+ $subject = sqStripSlashes(encodeHeader($subject));
if ($from == "")
$from = "<$from_addr>";
else
- $from = encodeHeader($from) . " <$from_addr>";
+ $from = "\"" . encodeHeader($from) . "\" <$from_addr>";
/* This creates an RFC 822 date */
$date = date("D, j M Y H:i:s ", mktime()) . timezone();
$body .= "Content-Type: text/plain\r\n";
$body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
- $body .= stripslashes($passedBody) . "\r\n";
+ $body .= sqStripSlashes($passedBody) . "\r\n\r\n";
fputs ($fp, $body);
$attachmentlength = attachFiles($fp);
$postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n";
fputs ($fp, $postbody);
} else {
- $body = stripslashes($passedBody) . "\r\n";
+ $body = sqStripSlashes($passedBody) . "\r\n";
fputs ($fp, $body);
$postbody = "\r\n";
fputs ($fp, $postbody);
// Send mail using the sendmail command
function sendSendmail($t, $c, $b, $subject, $body, $more_headers) {
- global $sendmail_path, $username, $domain;
+ global $sendmail_path, $popuser, $username, $domain;
+
+ // Build envelope sender address. Make sure it doesn't contain
+ // spaces or other "weird" chars that would allow a user to
+ // exploit the shell/pipe it is used in.
+ $envelopefrom = "$popuser@$domain";
+ $envelopefrom = ereg_replace("[[:blank:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:space:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:cntrl:]]","", $envelopefrom);
// open pipe to sendmail
- $fp = popen (escapeshellcmd("$sendmail_path -t -f$username@$domain"), "w");
+ $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), "w");
$headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers);
$bodylength = writeBody($fp, $body);
}
function sendSMTP($t, $c, $b, $subject, $body, $more_headers) {
- global $username, $domain, $version, $smtpServerAddress, $smtpPort,
+ global $username, $popuser, $domain, $version, $smtpServerAddress, $smtpPort,
$data_dir, $color;
$to = parseAddrs($t);
$bcc = parseAddrs($b);
$from_addr = getPref($data_dir, $username, "email_address");
- if ($from_addr == "")
- $from_addr = "$username@$domain";
+ if (!$from_addr)
+ $from_addr = "$popuser@$domain";
$smtpConnection = fsockopen($smtpServerAddress, $smtpPort, $errorNumber, $errorString);
if (!$smtpConnection) {
echo "$errorNumber : $errorString<br>";
exit;
}
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
$to_list = getLineOfAddrs($to);
$cc_list = getLineOfAddrs($cc);
/** Lets introduce ourselves */
fputs($smtpConnection, "HELO $domain\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
/** Ok, who is sending the message? */
fputs($smtpConnection, "MAIL FROM:<$from_addr>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
/** send who the recipients are */
for ($i = 0; $i < count($to); $i++) {
fputs($smtpConnection, "RCPT TO:<$to[$i]>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
}
for ($i = 0; $i < count($cc); $i++) {
fputs($smtpConnection, "RCPT TO:<$cc[$i]>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
}
for ($i = 0; $i < count($bcc); $i++) {
fputs($smtpConnection, "RCPT TO:<$bcc[$i]>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
}
/** Lets start sending the actual message */
fputs($smtpConnection, "DATA\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
// Send the message
$headerlength = write822Header ($smtpConnection, $t, $c, $b, $subject, $more_headers);
$bodylength = writeBody($smtpConnection, $body);
fputs($smtpConnection, ".\r\n"); // end the DATA part
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- $num = errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ $num = errorCheck($tmp, $smtpConnection);
if ($num != 250) {
+ $tmp = nl2br(htmlspecialchars($tmp));
echo "ERROR<BR>Message not sent!<BR>Reason given: $tmp<BR></BODY></HTML>";
}
}
- function errorCheck($line) {
+ function errorCheck($line, $smtpConnection) {
+ global $page_header_php;
global $color;
+ if (!isset($page_header_php)) {
+ include "../functions/page_header.php";
+ }
+
+ // Read new lines on a multiline response
+ $lines = $line;
+ while(ereg("^[0-9]+-", $line)) {
+ $line = fgets($smtpConnection, 1024);
+ $lines .= $line;
+ }
+
// Status: 0 = fatal
// 5 = ok
case 554: $message = "Transaction failed";
$status = 0;
break;
- default: $message = "Unknown response: $line";
+ default: $message = "Unknown response: ". nl2br(htmlspecialchars($lines));
$status = 0;
$error_num = "001";
break;
}
if ($status == 0) {
- echo "<HTML><BODY BGCOLOR=#ffffff>";
+ displayPageHeader($color, "None");
echo "<TT>";
- echo "<BR><B>ERROR</B><BR><BR>";
+ echo "<br><b><font color=\"$color[1]\">ERROR</font></b><br><br>";
echo " <B>Error Number: </B>$err_num<BR>";
echo " <B>Reason: </B>$message<BR>";
- echo "<B>Server Response: </B>$line<BR>";
+ $lines = nl2br(htmlspecialchars($lines));
+ echo "<B>Server Response: </B>$lines<BR>";
echo "<BR>MAIL NOT SENT";
echo "</TT></BODY></HTML>";
exit;
sqimap_mailbox_select ($imap_stream, $mailbox);
sqimap_messages_flag ($imap_stream, $reply_id, $reply_id, "Answered");
- // Insert In-Reply-To and References headers if the
- // message-id of the message we reply to is set (longer than "<>")
- // The References header should really be the old Referenced header
- // with the message ID appended, but it can be only the message ID too.
- $hdr = sqimap_get_small_header ($imap_stream, $reply_id, false);
- if(strlen($hdr->message_id) > 2) {
- $more_headers["In-Reply-To"] = $hdr->message_id;
- $more_headers["References"] = $hdr->message_id;
- }
+ // Insert In-Reply-To and References headers if the
+ // message-id of the message we reply to is set (longer than "<>")
+ // The References header should really be the old Referenced header
+ // with the message ID appended, but it can be only the message ID too.
+ $hdr = sqimap_get_small_header ($imap_stream, $reply_id, false);
+ if(strlen($hdr->message_id) > 2) {
+ $more_headers["In-Reply-To"] = $hdr->message_id;
+ $more_headers["References"] = $hdr->message_id;
+ }
+ sqimap_mailbox_close($imap_stream);
}
-
- if ($useSendmail==true) {
+
+ // this is to catch all plain \n instances and
+ // replace them with \r\n.
+ $body = ereg_replace("\r\n", "\n", $body);
+ $body = ereg_replace("\n", "\r\n", $body);
+
+ if ($useSendmail) {
$length = sendSendmail($t, $c, $b, $subject, $body, $more_headers);
} else {
$length = sendSMTP($t, $c, $b, $subject, $body, $more_headers);
if (sqimap_mailbox_exists ($imap_stream, $sent_folder)) {
sqimap_append ($imap_stream, $sent_folder, $length);
write822Header ($imap_stream, $t, $c, $b, $subject, $more_headers);
- writeBody ($imap_stream, $body);
+ writeBody ($imap_stream, $body);
sqimap_append_done ($imap_stream);
- }
-
+ }
+ sqimap_logout($imap_stream);
// Delete the files uploaded for attaching (if any).
deleteAttachments();
}
+
?>