$bcc_list = getLineOfAddrs($bcc);
/* Encoding 8-bit characters and making from line */
- $subject = stripslashes(encodeHeader($subject));
+ $subject = sqStripSlashes(encodeHeader($subject));
if ($from == "")
$from = "<$from_addr>";
else
$body .= "Content-Type: text/plain\r\n";
$body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
- $body .= stripslashes($passedBody) . "\r\n";
+ $body .= sqStripSlashes($passedBody) . "\r\n";
fputs ($fp, $body);
$attachmentlength = attachFiles($fp);
$postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n";
fputs ($fp, $postbody);
} else {
- $body = stripslashes($passedBody) . "\r\n";
+ $body = sqStripSlashes($passedBody) . "\r\n";
fputs ($fp, $body);
$postbody = "\r\n";
fputs ($fp, $postbody);
function sendSendmail($t, $c, $b, $subject, $body, $more_headers) {
global $sendmail_path, $username, $domain;
+ // Build envelope sender address. Make sure it doesn't contain
+ // spaces or other "weird" chars that would allow a user to
+ // exploit the shell/pipe it is used in.
+ $envelopefrom = "$username@$domain";
+ $envelopefrom = ereg_replace("[[:blank:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:space:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:cntrl:]]","", $envelopefrom);
+
// open pipe to sendmail
- $fp = popen (escapeshellcmd("$sendmail_path -t -f$username@$domain"), "w");
+ $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), "w");
$headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers);
$bodylength = writeBody($fp, $body);
$bcc = parseAddrs($b);
$from_addr = getPref($data_dir, $username, "email_address");
- if ($from_addr == "")
- $from_addr = "$username@$domain";
+
+ /*
+ * A patch from Bill Thousand <billyt@claritytech.com>
+ *
+ * "I don't know if anyone else needs this or not, but it totally makes squirrelmail usable for us.
+ * This quick patch checks the username and from address for the domain information. We use
+ * a virtual domain patch for our imap server that allows multiple domains by using username@domain.com
+ * as the login username."
+ */
+ if ($from_addr == "") {
+ if (strstr($username, "@")) {
+ $from_addr = $username;
+ $address_pieces = explode("@",$username);
+ $domain = $address_pieces[1];
+ } else {
+ $from_addr = "$username@$domain";
+ }
+ } else {
+ // If the From Address is specified, use the domain in the from
+ // address if it's there.
+ if (strstr($from_addr, "@")) {
+ $address_pieces = explode("@", $from_addr);
+ $domain = $address_pieces[1];
+ }
+ }
+ /*
+ * End patch from Bill Thousand
+ */
+
$smtpConnection = fsockopen($smtpServerAddress, $smtpPort, $errorNumber, $errorString);
if (!$smtpConnection) {
sqimap_mailbox_select ($imap_stream, $mailbox);
sqimap_messages_flag ($imap_stream, $reply_id, $reply_id, "Answered");
- // Insert In-Reply-To and References headers if the
- // message-id of the message we reply to is set (longer than "<>")
- // The References header should really be the old Referenced header
- // with the message ID appended, but it can be only the message ID too.
- $hdr = sqimap_get_small_header ($imap_stream, $reply_id, false);
- if(strlen($hdr->message_id) > 2) {
- $more_headers["In-Reply-To"] = $hdr->message_id;
- $more_headers["References"] = $hdr->message_id;
- }
+ // Insert In-Reply-To and References headers if the
+ // message-id of the message we reply to is set (longer than "<>")
+ // The References header should really be the old Referenced header
+ // with the message ID appended, but it can be only the message ID too.
+ $hdr = sqimap_get_small_header ($imap_stream, $reply_id, false);
+ if(strlen($hdr->message_id) > 2) {
+ $more_headers["In-Reply-To"] = $hdr->message_id;
+ $more_headers["References"] = $hdr->message_id;
+ }
+ sqimap_mailbox_close($imap_stream);
}
if ($useSendmail==true) {