X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fsmtp.php;h=fd179db65baecbf0225982ee74d38bf5c4f5c08c;hb=6332704d9e75c774f164dda49a29f87a3454f789;hp=7beb63ce452460b64e2ad5abdad44f42bbb5deb0;hpb=d068c0ec5447e8f373ebd536b08ed902c00de0f5;p=squirrelmail.git
diff --git a/functions/smtp.php b/functions/smtp.php
index 7beb63ce..fd179db6 100644
--- a/functions/smtp.php
+++ b/functions/smtp.php
@@ -1,11 +1,32 @@
-
+lookup($array[$i]);
+ $ret = "";
+ if (isset($result['email'])) {
+ if (isset($result['name'])) {
+ $ret = '"'.$result['name'].'" ';
+ }
+ $ret .= '<'.$result['email'].'>';
+ $array[$i] = $ret;
+ }
+ else
+ {
+ if (strpos($array[$i], '@') === false)
+ $array[$i] .= '@' . $domain;
+ $array[$i] = '<' . $array[$i] . '>';
+ }
+ }
+ return $array;
+ }
+
// Attach the files that are due to be attached
function attachFiles ($fp) {
global $attachments, $attachment_dir;
- while (list($localname, $remotename) = each($attachments)) {
- // This is to make sure noone is giving a filename in another
- // directory
- $localname = ereg_replace ("\\/", "", $localname);
-
- $fileinfo = fopen ($attachment_dir.$localname.".info", "r");
- $filetype = fgets ($fileinfo, 8192);
- fclose ($fileinfo);
- $filetype = trim ($filetype);
- if ($filetype=="")
- $filetype = "application/octet-stream";
-
- fputs ($fp, "--".mimeBoundary()."\n");
- fputs ($fp, "Content-Type: $filetype\n");
- fputs ($fp, "Content-Disposition: attachment; filename=\"$remotename\"\n");
- fputs ($fp, "Content-Transfer-Encoding: base64\n\n");
-
- $file = fopen ($attachment_dir.$localname, "r");
- while ($tmp = fread($file, 57))
- fputs ($fp, chunk_split(base64_encode($tmp)));
- fclose ($file);
-
- unlink ($attachment_dir.$localname);
- unlink ($attachment_dir.$localname.".info");
+ $length = 0;
+
+ if (isMultipart()) {
+ foreach ($attachments as $info)
+ {
+ if (isset($info['type']))
+ $filetype = $info['type'];
+ else
+ $filetype = 'application/octet-stream';
+
+ $header = '--'.mimeBoundary()."\r\n";
+ $header .= "Content-Type: $filetype; name=\"" .
+ $info['remotefilename'] . "\"\r\n";
+ $header .= "Content-Disposition: attachment; filename=\"" .
+ $info['remotefilename'] . "\"\r\n";
+
+ // Use 'rb' for NT systems -- read binary
+ // Unix doesn't care -- everything's binary! :-)
+ $file = fopen ($attachment_dir . $info['localfilename'], 'rb');
+ if (substr($filetype, 0, 5) == 'text/' ||
+ $filetype == 'message/rfc822') {
+ $header .= "\r\n";
+ fputs ($fp, $header);
+ $length += strlen($header);
+ while ($tmp = fgets($file, 4096)) {
+ $tmp = str_replace("\r\n", "\n", $tmp);
+ $tmp = str_replace("\r", "\n", $tmp);
+ $tmp = str_replace("\n", "\r\n", $tmp);
+ if (feof($fp) && substr($tmp, -2) != "\r\n")
+ $tmp .= "\r\n";
+ fputs($fp, $tmp);
+ $length += strlen($tmp);
+ }
+ } else {
+ $header .= "Content-Transfer-Encoding: base64\r\n\r\n";
+ fputs ($fp, $header);
+ $length += strlen($header);
+ while ($tmp = fread($file, 570)) {
+ $encoded = chunk_split(base64_encode($tmp));
+ $length += strlen($encoded);
+ fputs ($fp, $encoded);
+ }
+ }
+ fclose ($file);
+ }
+ }
+
+ return $length;
+ }
+
+ // Delete files that are uploaded for attaching
+ function deleteAttachments() {
+ global $attachments, $attachment_dir;
+
+ if (isMultipart()) {
+ reset($attachments);
+ while (list($localname, $remotename) = each($attachments)) {
+ if (!ereg ("\\/", $localname)) {
+ unlink ($attachment_dir.$localname);
+ unlink ($attachment_dir.$localname.'.info');
+ }
+ }
}
}
// Return a nice MIME-boundary
function mimeBoundary () {
- global $mimeBoundaryString, $version, $REMOTE_ADDR, $SERVER_NAME,
- $REMOTE_PORT;
+ static $mimeBoundaryString;
if ($mimeBoundaryString == "") {
- $temp = "SquirrelMail".$version.$REMOTE_ADDR.$SERVER_NAME.
- $REMOTE_PORT;
- $mimeBoundaryString = "=-_+".substr(md5($temp),1,20);
+ $mimeBoundaryString = "----=_" .
+ GenerateRandomString(60, '\'()+,-./:=?_', 7);
}
return $mimeBoundaryString;
@@ -64,303 +151,475 @@
/* Time offset for correct timezone */
function timezone () {
- $diff_second = date("Z");
+ global $invert_time;
+
+ $diff_second = date('Z');
+ if ($invert_time)
+ $diff_second = - $diff_second;
if ($diff_second > 0)
- $sign = "+";
+ $sign = '+';
else
- $sign = "-";
+ $sign = '-';
$diff_second = abs($diff_second);
$diff_hour = floor ($diff_second / 3600);
$diff_minute = floor (($diff_second-3600*$diff_hour) / 60);
- $zonename = "(".strftime("%Z").")";
+ $zonename = '('.strftime('%Z').')';
$result = sprintf ("%s%02d%02d %s", $sign, $diff_hour, $diff_minute, $zonename);
return ($result);
}
/* Print all the needed RFC822 headers */
- function write822Header ($fp, $t, $c, $b, $subject) {
- global $REMOTE_ADDR, $SERVER_NAME;
- global $data_dir, $username, $domain, $version, $useSendmail;
-
- $to = parseAddrs($t);
- $cc = parseAddrs($c);
- $bcc = parseAddrs($b);
- $reply_to = getPref($data_dir, $username, "reply_to");
- $from = getPref($data_dir, $username, "full_name");
- $from_addr = getPref($data_dir, $username, "email_address");
-
- if ($from_addr == "")
- $from_addr = "$username@$domain";
-
- $to_list = getLineOfAddrs($to);
- $cc_list = getLineOfAddrs($cc);
- $bcc_list = getLineOfAddrs($bcc);
-
- if ($from == "")
- $from = "<$from_addr>";
- else
- $from = $from . " <$from_addr>";
-
- /* This creates an RFC 822 date showing GMT */
- $date = date("D, j M Y H:i:s ", mktime()) . timezone();
+ function write822Header ($fp, $t, $c, $b, $subject, $more_headers) {
+ global $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT;
+ global $data_dir, $username, $popuser, $domain, $version, $useSendmail;
+ global $default_charset, $HTTP_VIA, $HTTP_X_FORWARDED_FOR;
+ global $REMOTE_HOST, $identity;
+
+ // Storing the header to make sure the header is the same
+ // everytime the header is printed.
+ static $header, $headerlength;
+
+ if ($header == '') {
+ $to = expandAddrs(parseAddrs($t));
+ $cc = expandAddrs(parseAddrs($c));
+ $bcc = expandAddrs(parseAddrs($b));
+ if (isset($identity) && $identity != 'default')
+ {
+ $reply_to = getPref($data_dir, $username, 'reply_to' . $identity);
+ $from = getPref($data_dir, $username, 'full_name' . $identity);
+ $from_addr = getPref($data_dir, $username, 'email_address' . $identity);
+ }
+ else
+ {
+ $reply_to = getPref($data_dir, $username, 'reply_to');
+ $from = getPref($data_dir, $username, 'full_name');
+ $from_addr = getPref($data_dir, $username, 'email_address');
+ }
+
+ if ($from_addr == '')
+ $from_addr = $popuser.'@'.$domain;
+
+ $to_list = getLineOfAddrs($to);
+ $cc_list = getLineOfAddrs($cc);
+ $bcc_list = getLineOfAddrs($bcc);
+
+ /* Encoding 8-bit characters and making from line */
+ $subject = encodeHeader($subject);
+ if ($from == '')
+ $from = "<$from_addr>";
+ else
+ $from = '"' . encodeHeader($from) . "\" <$from_addr>";
+
+ /* This creates an RFC 822 date */
+ $date = date("D, j M Y H:i:s ", mktime()) . timezone();
+
+ /* Create a message-id */
+ $message_id = '<' . $REMOTE_PORT . '.' . $REMOTE_ADDR . '.';
+ $message_id .= time() . '.squirrel@' . $SERVER_NAME .'>';
+
+ /* Make an RFC822 Received: line */
+ if (isset($REMOTE_HOST))
+ $received_from = "$REMOTE_HOST ([$REMOTE_ADDR])";
+ else
+ $received_from = $REMOTE_ADDR;
+
+ if (isset($HTTP_VIA) || isset ($HTTP_X_FORWARDED_FOR)) {
+ if ($HTTP_X_FORWARDED_FOR == '')
+ $HTTP_X_FORWARDED_FOR = 'unknown';
+ $received_from .= " (proxying for $HTTP_X_FORWARDED_FOR)";
+ }
+
+ $header = "Received: from $received_from\r\n";
+ $header .= " (SquirrelMail authenticated user $username)\r\n";
+ $header .= " by $SERVER_NAME with HTTP;\r\n";
+ $header .= " $date\r\n";
+
+ /* Insert the rest of the header fields */
+ $header .= "Message-ID: $message_id\r\n";
+ $header .= "Date: $date\r\n";
+ $header .= "Subject: $subject\r\n";
+ $header .= "From: $from\r\n";
+ $header .= "To: $to_list\r\n"; // Who it's TO
+
+ /* Insert headers from the $more_headers array */
+ if(is_array($more_headers)) {
+ reset($more_headers);
+ while(list($h_name, $h_val) = each($more_headers)) {
+ $header .= sprintf("%s: %s\r\n", $h_name, $h_val);
+ }
+ }
+
+ if ($cc_list) {
+ $header .= "Cc: $cc_list\r\n"; // Who the CCs are
+ }
+
+ if ($reply_to != '')
+ $header .= "Reply-To: $reply_to\r\n";
+
+ if ($useSendmail) {
+ if ($bcc_list) {
+ // BCCs is removed from header by sendmail
+ $header .= "Bcc: $bcc_list\r\n";
+ }
+ }
+
+ $header .= "X-Mailer: SquirrelMail (version $version)\r\n"; // Identify SquirrelMail
+
+ // Do the MIME-stuff
+ $header .= "MIME-Version: 1.0\r\n";
+
+ if (isMultipart()) {
+ $header .= 'Content-Type: multipart/mixed; boundary="';
+ $header .= mimeBoundary();
+ $header .= "\"\r\n";
+ } else {
+ if ($default_charset != '')
+ $header .= "Content-Type: text/plain; charset=$default_charset\r\n";
+ else
+ $header .= "Content-Type: text/plain;\r\n";
+ $header .= "Content-Transfer-Encoding: 8bit\r\n";
+ }
+ $header .= "\r\n"; // One blank line to separate header and body
- /* Make an RFC822 Received: line */
- fputs ($fp, "Received: from $REMOTE_ADDR by $SERVER_NAME with HTTP; ");
- fputs ($fp, "$date\n");
+ $headerlength = strlen($header);
+ }
+
+ // Write the header
+ fputs ($fp, $header);
- /* The rest of the header */
- fputs ($fp, "Date: $date\n");
- fputs ($fp, "Subject: $subject\n"); // Subject
- fputs ($fp, "From: $from\n"); // Subject
- fputs ($fp, "To: $to_list\n"); // Who it's TO
+ return $headerlength;
+ }
- if ($cc_list) {
- fputs($fp, "Cc: $cc_list\n"); // Who the CCs are
- }
+ // Send the body
+ function writeBody ($fp, $passedBody) {
+ global $default_charset;
- if ($reply_to != "")
- fputs($fp, "Reply-To: $reply_to\n");
+ $attachmentlength = 0;
+
+ if (isMultipart()) {
+ $body = '--'.mimeBoundary()."\r\n";
- if ($useSendmail) {
- if ($bcc_list) {
- // BCCs is removed from header by sendmail
- fputs($fp, "Bcc: $bcc_list\n");
- }
- }
+ if ($default_charset != "")
+ $body .= "Content-Type: text/plain; charset=$default_charset\r\n";
+ else
+ $body .= "Content-Type: text/plain\r\n";
- fputs($fp, "X-Mailer: SquirrelMail (version $version)\n"); // Identify SquirrelMail
+ $body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
+ $body .= $passedBody . "\r\n\r\n";
+ fputs ($fp, $body);
- // Do the MIME-stuff
- fputs($fp, "MIME-Version: 1.0\n");
+ $attachmentlength = attachFiles($fp);
- if (isMultipart()) {
- fputs ($fp, "Content-Type: multipart/mixed; boundary=\"");
- fputs ($fp, mimeBoundary());
- fputs ($fp, "\"\n");
+ if (!isset($postbody)) $postbody = "";
+ $postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n";
+ fputs ($fp, $postbody);
} else {
- fputs($fp, "Content-Type: text/plain; charset=ISO-8859-1\n");
- fputs($fp, "Content-Transfer-Encoding: 8bit\n");
+ $body = $passedBody . "\r\n";
+ fputs ($fp, $body);
+ $postbody = "\r\n";
+ fputs ($fp, $postbody);
}
- }
- // Send the body
- function writeBody ($fp, $body) {
- if (isMultipart()) {
- fputs ($fp, "--".mimeBoundary()."\n");
- fputs ($fp, "Content-Type: text/plain; charset=ISO-8859-1\n");
- fputs ($fp, "Content-Transfer-Encoding: 8bit\n\n");
- fputs ($fp, stripslashes($body) . "\n");
- attachFiles($fp);
- fputs ($fp, "\n--".mimeBoundary()."--\n");
- } else {
- fputs ($fp, stripslashes($body) . "\n");
- }
+ return (strlen($body) + strlen($postbody) + $attachmentlength);
}
// Send mail using the sendmail command
- function sendSendmail($t, $c, $b, $subject, $body) {
- global $sendmail_path, $username, $domain;
-
+ function sendSendmail($t, $c, $b, $subject, $body, $more_headers) {
+ global $sendmail_path, $popuser, $username, $domain;
+
+ // Build envelope sender address. Make sure it doesn't contain
+ // spaces or other "weird" chars that would allow a user to
+ // exploit the shell/pipe it is used in.
+ $envelopefrom = "$popuser@$domain";
+ $envelopefrom = ereg_replace("[[:blank:]]",'', $envelopefrom);
+ $envelopefrom = ereg_replace("[[:space:]]",'', $envelopefrom);
+ $envelopefrom = ereg_replace("[[:cntrl:]]",'', $envelopefrom);
+
// open pipe to sendmail
- $fp = popen (escapeshellcmd("$sendmail_path -odb -oi -t -f$username@$domain"), "w");
+ $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), 'w');
- write822Header ($fp, $t, $c, $b, $subject);
- writeBody($fp, $body);
+ $headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers);
+ $bodylength = writeBody($fp, $body);
pclose($fp);
+
+ return ($headerlength + $bodylength);
}
function smtpReadData($smtpConnection) {
$read = fgets($smtpConnection, 1024);
$counter = 0;
while ($read) {
- echo $read . "
";
+ echo $read . '
';
$data[$counter] = $read;
$read = fgets($smtpConnection, 1024);
$counter++;
}
}
- function sendSMTP($t, $c, $b, $subject, $body) {
- global $username, $domain, $version, $smtpServerAddress, $smtpPort,
- $data_dir;
+ function sendSMTP($t, $c, $b, $subject, $body, $more_headers) {
+ global $username, $popuser, $domain, $version, $smtpServerAddress,
+ $smtpPort, $data_dir, $color, $use_authenticated_smtp, $identity,
+ $key, $onetimepad;
- $to = parseAddrs($t);
- $cc = parseAddrs($c);
- $bcc = parseAddrs($b);
- $from_addr = getPref($data_dir, $username, "email_address");
+ $to = expandAddrs(parseAddrs($t));
+ $cc = expandAddrs(parseAddrs($c));
+ $bcc = expandAddrs(parseAddrs($b));
+ if (isset($identity) && $identity != 'default')
+ $from_addr = getPref($data_dir, $username, 'email_address' . $identity);
+ else
+ $from_addr = getPref($data_dir, $username, 'email_address');
- if ($from_addr == "")
- $from_addr = "$username@$domain";
+ if (!$from_addr)
+ $from_addr = "$popuser@$domain";
$smtpConnection = fsockopen($smtpServerAddress, $smtpPort, $errorNumber, $errorString);
if (!$smtpConnection) {
- echo "Error connecting to SMTP Server.
";
+ echo 'Error connecting to SMTP Server.
';
echo "$errorNumber : $errorString
";
exit;
}
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
$to_list = getLineOfAddrs($to);
$cc_list = getLineOfAddrs($cc);
/** Lets introduce ourselves */
- fputs($smtpConnection, "HELO $domain\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ if (! isset ($use_authenticated_smtp) || $use_authenticated_smtp == false) {
+ fputs($smtpConnection, "HELO $domain\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
+ } else {
+ fputs($smtpConnection, "EHLO $domain\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
+
+ fputs($smtpConnection, "AUTH LOGIN\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
+
+ fputs($smtpConnection, base64_encode ($username) . "\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
+
+ fputs($smtpConnection, base64_encode (OneTimePadDecrypt($key, $onetimepad)) . "\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
+ }
/** Ok, who is sending the message? */
- fputs($smtpConnection, "MAIL FROM:<$from_addr>\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ fputs($smtpConnection, "MAIL FROM: <$from_addr>\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
/** send who the recipients are */
for ($i = 0; $i < count($to); $i++) {
- fputs($smtpConnection, "RCPT TO:<$to[$i]>\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ fputs($smtpConnection, "RCPT TO: $to[$i]\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
}
for ($i = 0; $i < count($cc); $i++) {
- fputs($smtpConnection, "RCPT TO:<$cc[$i]>\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ fputs($smtpConnection, "RCPT TO: $cc[$i]\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
}
for ($i = 0; $i < count($bcc); $i++) {
- fputs($smtpConnection, "RCPT TO:<$bcc[$i]>\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
+ fputs($smtpConnection, "RCPT TO: $bcc[$i]\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
}
/** Lets start sending the actual message */
- fputs($smtpConnection, "DATA\n");
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- errorCheck($tmp);
-
- write822Header ($smtpConnection, $t, $c, $b, $subject);
+ fputs($smtpConnection, "DATA\r\n");
+ $tmp = fgets($smtpConnection, 1024);
+ if (errorCheck($tmp, $smtpConnection)!=5) return(0);
- writeBody($smtpConnection, $body); // send the body of the message
+ // Send the message
+ $headerlength = write822Header ($smtpConnection, $t, $c, $b, $subject, $more_headers);
+ $bodylength = writeBody($smtpConnection, $body);
- fputs($smtpConnection, ".\n"); // end the DATA part
- $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024)));
- $num = errorCheck($tmp);
+ fputs($smtpConnection, ".\r\n"); // end the DATA part
+ $tmp = fgets($smtpConnection, 1024);
+ $num = errorCheck($tmp, $smtpConnection, true);
if ($num != 250) {
- echo "