X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fsmtp.php;h=52d554bb63e8e007e96d09a80dce7dda909e36e8;hb=e9eca7fe297c8c9f87471791d607a2581cf5a807;hp=68f4048f7ef784c428b7966e783b4ccbf5a5b0ec;hpb=d1b8b679eba88eed4ccb6bbfc7f5ed0b6f549c7b;p=squirrelmail.git diff --git a/functions/smtp.php b/functions/smtp.php index 68f4048f..52d554bb 100644 --- a/functions/smtp.php +++ b/functions/smtp.php @@ -1,11 +1,31 @@ - +lookup($array[$i]); + $ret = ""; + if (isset($result['email'])) { + if (isset($result['name'])) { + $ret = '"'.$result['name'].'" '; + } + $ret .= '<'.$result['email'].'>'; + $array[$i] = $ret; + } + else + { + if (strpos($array[$i], '@') === false) + $array[$i] .= '@' . $domain; + $array[$i] = '<' . $array[$i] . '>'; + } + } + return $array; + } + // Attach the files that are due to be attached function attachFiles ($fp) { global $attachments, $attachment_dir; - while (list($localname, $remotename) = each($attachments)) { - // This is to make sure noone is giving a filename in another - // directory - $localname = ereg_replace ("\\/", "", $localname); - - $fileinfo = fopen ($attachment_dir.$localname.".info", "r"); - $filetype = fgets ($fileinfo, 8192); - fclose ($fileinfo); - $filetype = trim ($filetype); - if ($filetype=="") - $filetype = "application/octet-stream"; - - fputs ($fp, "--".mimeBoundary()."\r\n"); - fputs ($fp, "Content-Type: $filetype\n"); - fputs ($fp, "Content-Disposition: attachment; filename=\"$remotename\"\r\n"); - fputs ($fp, "Content-Transfer-Encoding: base64\r\n\r\n"); - - $file = fopen ($attachment_dir.$localname, "r"); - while ($tmp = fread($file, 57)) - fputs ($fp, chunk_split(base64_encode($tmp))); - fclose ($file); - - unlink ($attachment_dir.$localname); - unlink ($attachment_dir.$localname.".info"); + $length = 0; + + if (isMultipart()) { + foreach ($attachments as $info) + { +// echo "
Attachment Info:\n"; +// var_dump($info); +// echo "\n\n"; + if (isset($info['type'])) + $filetype = $info['type']; + else + $filetype = 'application/octet-stream'; + + $header = '--'.mimeBoundary()."\r\n"; + $header .= "Content-Type: $filetype; name=\"" . + $info['remotefilename'] . "\"\r\n"; + $header .= "Content-Disposition: attachment; filename=\"" . + $info['remotefilename'] . "\"\r\n"; + + $file = fopen ($attachment_dir . $info['localfilename'], 'r'); + if (substr($filetype, 0, 5) == 'text/' || + $filetype == 'message/rfc822') { + $header .= "\r\n"; + fputs ($fp, $header); + $length += strlen($header); + while ($tmp = fgets($file, 4096)) { + $tmp = str_replace("\r\n", "\n", $tmp); + $tmp = str_replace("\r", "\n", $tmp); + $tmp = str_replace("\n", "\r\n", $tmp); + if (feof($fp) && substr($tmp, -2) != "\r\n") + $tmp .= "\r\n"; + fputs($fp, $tmp); + $length += strlen($tmp); + } + } else { + $header .= "Content-Transfer-Encoding: base64\r\n\r\n"; + fputs ($fp, $header); + $length += strlen($header); + while ($tmp = fread($file, 570)) { + $encoded = chunk_split(base64_encode($tmp)); + $length += strlen($encoded); + fputs ($fp, $encoded); + } + } + fclose ($file); + } + } + + return $length; + } + + // Delete files that are uploaded for attaching + function deleteAttachments() { + global $attachments, $attachment_dir; + + if (isMultipart()) { + reset($attachments); + while (list($localname, $remotename) = each($attachments)) { + if (!ereg ("\\/", $localname)) { + unlink ($attachment_dir.$localname); + unlink ($attachment_dir.$localname.'.info'); + } + } } } // Return a nice MIME-boundary function mimeBoundary () { - global $mimeBoundaryString, $version, $REMOTE_ADDR, $SERVER_NAME, - $REMOTE_PORT; + static $mimeBoundaryString; if ($mimeBoundaryString == "") { - $temp = "SquirrelMail".$version.$REMOTE_ADDR.$SERVER_NAME. - $REMOTE_PORT; - $mimeBoundaryString = "=-_+".substr(md5($temp),1,20); + $mimeBoundaryString = "----=_" . + GenerateRandomString(60, '\'()+,-./:=?_', 7); } return $mimeBoundaryString; @@ -64,308 +151,471 @@ /* Time offset for correct timezone */ function timezone () { - $diff_second = date("Z"); + global $invert_time; + + $diff_second = date('Z'); + if ($invert_time) + $diff_second = - $diff_second; if ($diff_second > 0) - $sign = "+"; + $sign = '+'; else - $sign = "-"; + $sign = '-'; $diff_second = abs($diff_second); $diff_hour = floor ($diff_second / 3600); $diff_minute = floor (($diff_second-3600*$diff_hour) / 60); - $zonename = "(".strftime("%Z").")"; + $zonename = '('.strftime('%Z').')'; $result = sprintf ("%s%02d%02d %s", $sign, $diff_hour, $diff_minute, $zonename); return ($result); } /* Print all the needed RFC822 headers */ - function write822Header ($fp, $t, $c, $b, $subject) { - global $REMOTE_ADDR, $SERVER_NAME; - global $data_dir, $username, $domain, $version, $useSendmail; - - $to = parseAddrs($t); - $cc = parseAddrs($c); - $bcc = parseAddrs($b); - $reply_to = getPref($data_dir, $username, "reply_to"); - $from = getPref($data_dir, $username, "full_name"); - $from_addr = getPref($data_dir, $username, "email_address"); - - if ($from_addr == "") - $from_addr = "$username@$domain"; - - $to_list = getLineOfAddrs($to); - $cc_list = getLineOfAddrs($cc); - $bcc_list = getLineOfAddrs($bcc); - - if ($from == "") - $from = "<$from_addr>"; - else - $from = $from . " <$from_addr>"; - - /* This creates an RFC 822 date showing GMT */ - $date = date("D, j M Y H:i:s ", mktime()) . timezone(); + function write822Header ($fp, $t, $c, $b, $subject, $more_headers) { + global $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT; + global $data_dir, $username, $popuser, $domain, $version, $useSendmail; + global $default_charset, $HTTP_VIA, $HTTP_X_FORWARDED_FOR; + global $REMOTE_HOST, $identity; + + // Storing the header to make sure the header is the same + // everytime the header is printed. + static $header, $headerlength; + + if ($header == '') { + $to = expandAddrs(parseAddrs($t)); + $cc = expandAddrs(parseAddrs($c)); + $bcc = expandAddrs(parseAddrs($b)); + if (isset($identity) && $identity != 'default') + { + $reply_to = getPref($data_dir, $username, 'reply_to' . $identity); + $from = getPref($data_dir, $username, 'full_name' . $identity); + $from_addr = getPref($data_dir, $username, 'email_address' . $identity); + } + else + { + $reply_to = getPref($data_dir, $username, 'reply_to'); + $from = getPref($data_dir, $username, 'full_name'); + $from_addr = getPref($data_dir, $username, 'email_address'); + } + + if ($from_addr == '') + $from_addr = $popuser.'@'.$domain; + + $to_list = getLineOfAddrs($to); + $cc_list = getLineOfAddrs($cc); + $bcc_list = getLineOfAddrs($bcc); + + /* Encoding 8-bit characters and making from line */ + $subject = encodeHeader($subject); + if ($from == '') + $from = "<$from_addr>"; + else + $from = '"' . encodeHeader($from) . "\" <$from_addr>"; + + /* This creates an RFC 822 date */ + $date = date("D, j M Y H:i:s ", mktime()) . timezone(); + + /* Create a message-id */ + $message_id = '<' . $REMOTE_PORT . '.' . $REMOTE_ADDR . '.'; + $message_id .= time() . '.squirrel@' . $SERVER_NAME .'>'; + + /* Make an RFC822 Received: line */ + if (isset($REMOTE_HOST)) + $received_from = "$REMOTE_HOST ([$REMOTE_ADDR])"; + else + $received_from = $REMOTE_ADDR; + + if (isset($HTTP_VIA) || isset ($HTTP_X_FORWARDED_FOR)) { + if ($HTTP_X_FORWARDED_FOR == '') + $HTTP_X_FORWARDED_FOR = 'unknown'; + $received_from .= " (proxying for $HTTP_X_FORWARDED_FOR)"; + } + + $header = "Received: from $received_from\r\n"; + $header .= " (SquirrelMail authenticated user $username)\r\n"; + $header .= " by $SERVER_NAME with HTTP;\r\n"; + $header .= " $date\r\n"; + + /* Insert the rest of the header fields */ + $header .= "Message-ID: $message_id\r\n"; + $header .= "Date: $date\r\n"; + $header .= "Subject: $subject\r\n"; + $header .= "From: $from\r\n"; + $header .= "To: $to_list\r\n"; // Who it's TO + + /* Insert headers from the $more_headers array */ + if(is_array($more_headers)) { + reset($more_headers); + while(list($h_name, $h_val) = each($more_headers)) { + $header .= sprintf("%s: %s\r\n", $h_name, $h_val); + } + } + + if ($cc_list) { + $header .= "Cc: $cc_list\r\n"; // Who the CCs are + } + + if ($reply_to != '') + $header .= "Reply-To: $reply_to\r\n"; + + if ($useSendmail) { + if ($bcc_list) { + // BCCs is removed from header by sendmail + $header .= "Bcc: $bcc_list\r\n"; + } + } + + $header .= "X-Mailer: SquirrelMail (version $version)\r\n"; // Identify SquirrelMail + + // Do the MIME-stuff + $header .= "MIME-Version: 1.0\r\n"; + + if (isMultipart()) { + $header .= 'Content-Type: multipart/mixed; boundary="'; + $header .= mimeBoundary(); + $header .= "\"\r\n"; + } else { + if ($default_charset != '') + $header .= "Content-Type: text/plain; charset=$default_charset\r\n"; + else + $header .= "Content-Type: text/plain;\r\n"; + $header .= "Content-Transfer-Encoding: 8bit\r\n"; + } + $header .= "\r\n"; // One blank line to separate header and body - /* Make an RFC822 Received: line */ - fputs ($fp, "Received: from $REMOTE_ADDR by $SERVER_NAME with HTTP; "); - fputs ($fp, "$date\n"); + $headerlength = strlen($header); + } + + // Write the header + fputs ($fp, $header); - /* The rest of the header */ - fputs ($fp, "Date: $date\r\n"); - fputs ($fp, "Subject: $subject\r\n"); // Subject - fputs ($fp, "From: $from\r\n"); // Subject - fputs ($fp, "To: $to_list\r\n"); // Who it's TO + return $headerlength; + } - if ($cc_list) { - fputs($fp, "Cc: $cc_list\r\n"); // Who the CCs are - } + // Send the body + function writeBody ($fp, $passedBody) { + global $default_charset; - if ($reply_to != "") - fputs($fp, "Reply-To: $reply_to\r\n"); + $attachmentlength = 0; + + if (isMultipart()) { + $body = '--'.mimeBoundary()."\r\n"; - if ($useSendmail) { - if ($bcc_list) { - // BCCs is removed from header by sendmail - fputs($fp, "Bcc: $bcc_list\r\n"); - } - } + if ($default_charset != "") + $body .= "Content-Type: text/plain; charset=$default_charset\r\n"; + else + $body .= "Content-Type: text/plain\r\n"; - fputs($fp, "X-Mailer: SquirrelMail (version $version)\r\n"); // Identify SquirrelMail + $body .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + $body .= $passedBody . "\r\n\r\n"; + fputs ($fp, $body); - // Do the MIME-stuff - fputs($fp, "MIME-Version: 1.0\n"); + $attachmentlength = attachFiles($fp); - if (isMultipart()) { - fputs ($fp, "Content-Type: multipart/mixed; boundary=\""); - fputs ($fp, mimeBoundary()); - fputs ($fp, "\"\r\n"); + if (!isset($postbody)) $postbody = ""; + $postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n"; + fputs ($fp, $postbody); } else { - fputs($fp, "Content-Type: text/plain; charset=ISO-8859-1\r\n"); - fputs($fp, "Content-Transfer-Encoding: 8bit\r\n"); + $body = $passedBody . "\r\n"; + fputs ($fp, $body); + $postbody = "\r\n"; + fputs ($fp, $postbody); } - fputs ($fp, "\r\n"); - } - // Send the body - function writeBody ($fp, $body) { - if (isMultipart()) { - fputs ($fp, "--".mimeBoundary()."\r\n"); - fputs ($fp, "Content-Type: text/plain; charset=ISO-8859-1\r\n"); - fputs ($fp, "Content-Transfer-Encoding: 8bit\r\n\r\n"); - fputs ($fp, stripslashes($body) . "\r\n"); - attachFiles($fp); - fputs ($fp, "\r\n--".mimeBoundary()."--\r\n"); - } else { - fputs ($fp, stripslashes($body) . "\r\n"); - } - fputs ($fp, "\r\n"); + return (strlen($body) + strlen($postbody) + $attachmentlength); } // Send mail using the sendmail command - function sendSendmail($t, $c, $b, $subject, $body) { - global $sendmail_path, $username, $domain; - + function sendSendmail($t, $c, $b, $subject, $body, $more_headers) { + global $sendmail_path, $popuser, $username, $domain; + + // Build envelope sender address. Make sure it doesn't contain + // spaces or other "weird" chars that would allow a user to + // exploit the shell/pipe it is used in. + $envelopefrom = "$popuser@$domain"; + $envelopefrom = ereg_replace("[[:blank:]]",'', $envelopefrom); + $envelopefrom = ereg_replace("[[:space:]]",'', $envelopefrom); + $envelopefrom = ereg_replace("[[:cntrl:]]",'', $envelopefrom); + // open pipe to sendmail - $fp = popen (escapeshellcmd("$sendmail_path -odb -oi -t -f$username@$domain"), "w"); + $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), 'w'); - write822Header ($fp, $t, $c, $b, $subject); - writeBody($fp, $body); + $headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers); + $bodylength = writeBody($fp, $body); pclose($fp); + + return ($headerlength + $bodylength); } function smtpReadData($smtpConnection) { $read = fgets($smtpConnection, 1024); $counter = 0; while ($read) { - echo $read . "