X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=plugins%2Fmail_fetch%2Ffunctions.php;h=a9b889eec4958da08d23ca8bc91648912c4bc21f;hb=701e7beed3baca980039f978c6d536dd91cae775;hp=96d15fa296dd4098f9edd6c49e8a13e9f9ac2b62;hpb=f7357fd2b864649790b7bd43810681ace971761c;p=squirrelmail.git diff --git a/plugins/mail_fetch/functions.php b/plugins/mail_fetch/functions.php index 96d15fa2..a9b889ee 100644 --- a/plugins/mail_fetch/functions.php +++ b/plugins/mail_fetch/functions.php @@ -9,7 +9,7 @@ * and josh@superfork.com (extracted from php manual) * Adapted for MailFetch by Philippe Mingo * - * @copyright © 1999-2009 The SquirrelMail Project Team + * @copyright 1999-2014 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins @@ -22,7 +22,8 @@ include_once (SM_PATH . 'plugins/mail_fetch/constants.php'); include_once (SM_PATH . 'plugins/mail_fetch/class.mail_fetch.php'); /** declare plugin globals */ -global $mail_fetch_allow_unsubscribed; +global $mail_fetch_allow_unsubscribed, $mail_fetch_allowable_ports, + $mail_fetch_block_server_pattern; /** * Add link to menu at top of content pane @@ -138,7 +139,7 @@ function mail_fetch_login_function() { $aMsgStat = $pop3->command_stat(); if (is_bool($aMsgStat)) { - $outMsg .= _("Can't get mailbox status:") . ' ' . htmlspecialchars($pop3->error); + $outMsg .= _("Can't get mailbox status:") . ' ' . sm_encode_html_special_chars($pop3->error); continue; } @@ -151,7 +152,7 @@ function mail_fetch_login_function() { if ($mailfetch_lmos == 'on') { $msglist = $pop3->command_uidl(); if (is_bool($msglist)) { - $outMsg .= _("Server does not support UIDL.") . ' '.htmlspecialchars($pop3->error); + $outMsg .= _("Server does not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error); // User asked to leave messages on server, but we can't do that. $pop3->command_quit(); continue; @@ -190,7 +191,7 @@ function mail_fetch_login_function() { $Message = $pop3->command_retr($i); if (is_bool($Message)) { - $outMsg .= _("Warning:") . ' ' . htmlspecialchars($pop3->error); + $outMsg .= _("Warning:") . ' ' . sm_encode_html_special_chars($pop3->error); continue; } @@ -211,7 +212,7 @@ function mail_fetch_login_function() { $response=(implode('',$response)); $message=(implode('',$message)); if ($response != 'OK') { - $outMsg .= _("Error Appending Mail!")." ".htmlspecialchars($message); + $outMsg .= _("Error Appending Message!")." ".sm_encode_html_special_chars($message); if ($mailfetch_lmos == 'on') { setPref($data_dir,$username,"mailfetch_uidl_$i_loop", $msglist[$i-1]); @@ -227,7 +228,7 @@ function mail_fetch_login_function() { } } else { echo "$Line"; - $outMsg .= _("Error Appending Mail!"); + $outMsg .= _("Error Appending Message!"); } } @@ -311,18 +312,21 @@ function mail_fetch_folderact_function($args) { // end of hooked functions /** - * hex2bin - document me + * hex2bin - convert a hexadecimal string into binary + * Exists since PHP 5.4. */ -function hex2bin( $data ) { +if ( ! function_exists('hex2bin') ) { + function hex2bin( $data ) { - /* Original code by josh@superfork.com */ + /* Original code by josh@superfork.com */ - $len = strlen($data); - $newdata = ''; - for( $i=0; $i < $len; $i += 2 ) { - $newdata .= pack( "C", hexdec( substr( $data, $i, 2) ) ); + $len = strlen($data); + $newdata = ''; + for( $i=0; $i < $len; $i += 2 ) { + $newdata .= pack( "C", hexdec( substr( $data, $i, 2) ) ); + } + return $newdata; } - return $newdata; } function mf_keyED( $txt ) { @@ -417,3 +421,68 @@ function mail_fetch_check_noselect($imap_stream,$imap_folder) { } return false; } + +/** + * Validate a requested POP3 port number + * + * Allowable port numbers are configured in config.php + * (see config_example.php for an example and more + * rules about how the list of allowable port numbers + * can be specified) + * + * @param int $requested_port The port number given by the user + * + * @return string An error string is returned if the port + * number is not allowable, otherwise an + * empty string is returned. + * + */ +function validate_mail_fetch_port_number($requested_port) { + global $mail_fetch_allowable_ports; + if (empty($mail_fetch_allowable_ports)) + $mail_fetch_allowable_ports = array(110, 995); + + if (in_array('ALL', $mail_fetch_allowable_ports)) + return ''; + + if (!in_array($requested_port, $mail_fetch_allowable_ports)) { + sq_change_text_domain('mail_fetch'); + $error = _("Sorry, that port number is not allowed"); + sq_change_text_domain('squirrelmail'); + return $error; + } + + return ''; +} + +/** + * Validate a requested POP3 server address + * + * Blocked server addresses are configured in config.php + * (see config_example.php for more details) + * + * @param int $requested_address The server address given by the user + * + * @return string An error string is returned if the server + * address is not allowable, otherwise an + * empty string is returned. + * + */ +function validate_mail_fetch_server_address($requested_address) { + global $mail_fetch_block_server_pattern; + if (empty($mail_fetch_block_server_pattern)) + $mail_fetch_block_server_pattern = '/(^10\.)|(^192\.)|(^127\.)|(^localhost)/'; + + if ($mail_fetch_block_server_pattern == 'UNRESTRICTED') + return ''; + + if (preg_match($mail_fetch_block_server_pattern, $requested_address)) { + sq_change_text_domain('mail_fetch'); + $error = _("Sorry, that server address is not allowed"); + sq_change_text_domain('squirrelmail'); + return $error; + } + + return ''; +} +