X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fsmtp.php;h=334edd95e769fa81df00812074a7543d8171d1b7;hb=9b79af334efe5e6383a2e482590539dcd18f14c8;hp=5e39ad40e0e936192ed04cb88e0db97778729812;hpb=17ce84673639e19c0d01cd6b59caea1732b1433f;p=squirrelmail.git
diff --git a/functions/smtp.php b/functions/smtp.php
index 5e39ad40..334edd95 100644
--- a/functions/smtp.php
+++ b/functions/smtp.php
@@ -1,4 +1,4 @@
-
+ 0)
$sign = "+";
else
@@ -106,10 +116,11 @@
}
/* Print all the needed RFC822 headers */
- function write822Header ($fp, $t, $c, $b, $subject) {
+ function write822Header ($fp, $t, $c, $b, $subject, $more_headers) {
global $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT;
- global $data_dir, $username, $domain, $version, $useSendmail;
- global $default_charset;
+ global $data_dir, $username, $popuser, $domain, $version, $useSendmail;
+ global $default_charset, $HTTP_VIA, $HTTP_X_FORWARDED_FOR;
+ global $REMOTE_HOST;
// Storing the header to make sure the header is the same
// everytime the header is printed.
@@ -122,29 +133,44 @@
$reply_to = getPref($data_dir, $username, "reply_to");
$from = getPref($data_dir, $username, "full_name");
$from_addr = getPref($data_dir, $username, "email_address");
-
+
if ($from_addr == "")
- $from_addr = "$username@$domain";
+ $from_addr = $popuser."@".$domain;
$to_list = getLineOfAddrs($to);
$cc_list = getLineOfAddrs($cc);
$bcc_list = getLineOfAddrs($bcc);
+ /* Encoding 8-bit characters and making from line */
+ $subject = sqStripSlashes(encodeHeader($subject));
if ($from == "")
$from = "<$from_addr>";
else
- $from = $from . " <$from_addr>";
+ $from = "\"" . encodeHeader($from) . "\" <$from_addr>";
/* This creates an RFC 822 date */
$date = date("D, j M Y H:i:s ", mktime()) . timezone();
/* Create a message-id */
$message_id = "<" . $REMOTE_PORT . "." . $REMOTE_ADDR . ".";
- $message_id .= time() . "@" . $SERVER_NAME .">";
+ $message_id .= time() . ".squirrel@" . $SERVER_NAME .">";
/* Make an RFC822 Received: line */
- $header = "Received: from $REMOTE_ADDR by $SERVER_NAME with HTTP; ";
- $header .= "$date\n";
+ if (isset($REMOTE_HOST))
+ $received_from = "$REMOTE_HOST ([$REMOTE_ADDR])";
+ else
+ $received_from = $REMOTE_ADDR;
+
+ if (isset($HTTP_VIA) || isset ($HTTP_X_FORWARDED_FOR)) {
+ if ($HTTP_X_FORWARDED_FOR == "")
+ $HTTP_X_FORWARDED_FOR = "unknown";
+ $received_from .= " (proxying for $HTTP_X_FORWARDED_FOR)";
+ }
+
+ $header = "Received: from $received_from\r\n";
+ $header .= " (SquirrelMail authenticated user $username)\r\n";
+ $header .= " by $SERVER_NAME with HTTP;\r\n";
+ $header .= " $date\r\n";
/* Insert the rest of the header fields */
$header .= "Message-ID: $message_id\r\n";
@@ -152,7 +178,15 @@
$header .= "Subject: $subject\r\n";
$header .= "From: $from\r\n";
$header .= "To: $to_list \r\n"; // Who it's TO
-
+
+ /* Insert headers from the $more_headers array */
+ if(is_array($more_headers)) {
+ reset($more_headers);
+ while(list($h_name, $h_val) = each($more_headers)) {
+ $header .= sprintf("%s: %s\r\n", $h_name, $h_val);
+ }
+ }
+
if ($cc_list) {
$header .= "Cc: $cc_list\r\n"; // Who the CCs are
}
@@ -170,7 +204,7 @@
$header .= "X-Mailer: SquirrelMail (version $version)\r\n"; // Identify SquirrelMail
// Do the MIME-stuff
- $header .= "MIME-Version: 1.0\n";
+ $header .= "MIME-Version: 1.0\r\n";
if (isMultipart()) {
$header .= "Content-Type: multipart/mixed; boundary=\"";
@@ -209,15 +243,15 @@
$body .= "Content-Type: text/plain\r\n";
$body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
- $body .= stripslashes($passedBody) . "\r\n";
+ $body .= sqStripSlashes($passedBody) . "\r\n";
fputs ($fp, $body);
- $attachmentlenght = attachFiles($fp);
+ $attachmentlength = attachFiles($fp);
$postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n";
fputs ($fp, $postbody);
} else {
- $body = stripslashes($passedBody) . "\r\n";
+ $body = sqStripSlashes($passedBody) . "\r\n";
fputs ($fp, $body);
$postbody = "\r\n";
fputs ($fp, $postbody);
@@ -227,18 +261,26 @@
}
// Send mail using the sendmail command
- function sendSendmail($t, $c, $b, $subject, $body) {
- global $sendmail_path, $username, $domain;
+ function sendSendmail($t, $c, $b, $subject, $body, $more_headers) {
+ global $sendmail_path, $popuser, $username, $domain;
+
+ // Build envelope sender address. Make sure it doesn't contain
+ // spaces or other "weird" chars that would allow a user to
+ // exploit the shell/pipe it is used in.
+ $envelopefrom = "$popuser@$domain";
+ $envelopefrom = ereg_replace("[[:blank:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:space:]]","", $envelopefrom);
+ $envelopefrom = ereg_replace("[[:cntrl:]]","", $envelopefrom);
// open pipe to sendmail
- $fp = popen (escapeshellcmd("$sendmail_path -t -f$username@$domain"), "w");
+ $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), "w");
- $headerlength = write822Header ($fp, $t, $c, $b, $subject);
+ $headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers);
$bodylength = writeBody($fp, $body);
pclose($fp);
- return ($headerlength + $bodylenght);
+ return ($headerlength + $bodylength);
}
function smtpReadData($smtpConnection) {
@@ -252,17 +294,17 @@
}
}
- function sendSMTP($t, $c, $b, $subject, $body) {
- global $username, $domain, $version, $smtpServerAddress, $smtpPort,
- $data_dir;
+ function sendSMTP($t, $c, $b, $subject, $body, $more_headers) {
+ global $username, $popuser, $domain, $version, $smtpServerAddress, $smtpPort,
+ $data_dir, $color;
$to = parseAddrs($t);
$cc = parseAddrs($c);
$bcc = parseAddrs($b);
$from_addr = getPref($data_dir, $username, "email_address");
- if ($from_addr == "")
- $from_addr = "$username@$domain";
+ if (!$from_addr)
+ $from_addr = "$popuser@$domain";
$smtpConnection = fsockopen($smtpServerAddress, $smtpPort, $errorNumber, $errorString);
if (!$smtpConnection) {
@@ -270,53 +312,54 @@
echo "$errorNumber : $errorString
";
exit;
}
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
$to_list = getLineOfAddrs($to);
$cc_list = getLineOfAddrs($cc);
/** Lets introduce ourselves */
fputs($smtpConnection, "HELO $domain\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
/** Ok, who is sending the message? */
fputs($smtpConnection, "MAIL FROM:<$from_addr>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
/** send who the recipients are */
for ($i = 0; $i < count($to); $i++) {
fputs($smtpConnection, "RCPT TO:<$to[$i]>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
}
for ($i = 0; $i < count($cc); $i++) {
fputs($smtpConnection, "RCPT TO:<$cc[$i]>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
}
for ($i = 0; $i < count($bcc); $i++) {
fputs($smtpConnection, "RCPT TO:<$bcc[$i]>\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
}
/** Lets start sending the actual message */
fputs($smtpConnection, "DATA\r\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ errorCheck($tmp, $smtpConnection);
// Send the message
- $headerlength = write822Header ($smtpConnection, $t, $c, $b, $subject);
+ $headerlength = write822Header ($smtpConnection, $t, $c, $b, $subject, $more_headers);
$bodylength = writeBody($smtpConnection, $body);
fputs($smtpConnection, ".\r\n"); // end the DATA part
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- $num = errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ $num = errorCheck($tmp, $smtpConnection);
if ($num != 250) {
- echo "