<?php
-
/**
* Deliver.class.php
*
- * Copyright (c) 1999-2003 The SquirrelMail Project Team
+ * Copyright (c) 1999-2005 The SquirrelMail Project Team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* This contains all the functions needed to send messages through
* a delivery backend.
*
- * $Id$
+ * @version $Id$
+ * @author Marc Groot Koerkamp
+ * @package squirrelmail
*/
+/**
+ * Deliver Class - called to actually deliver the message
+ *
+ * This class is called by compose.php and other code that needs
+ * to send messages. All delivery functionality should be centralized
+ * in this class.
+ *
+ * Do not place UI code in this class, as UI code should be placed in templates
+ * going forward.
+ *
+ * @author Marc Groot Koerkamp
+ * @package squirrelmail
+ */
class Deliver {
+ /**
+ * function mail - send the message parts to the SMTP stream
+ *
+ * @param Message $message Message class to send
+ * @param resource $stream file handle to the SMTP stream
+ *
+ * @return integer $raw_length
+ */
function mail($message, $stream=false) {
$rfc822_header = $message->rfc822_header;
if (count($message->entities)) {
$boundary='';
}
$raw_length = 0;
- $reply_rfc822_header = (isset($message->reply_rfc822_header)
+ $reply_rfc822_header = (isset($message->reply_rfc822_header)
? $message->reply_rfc822_header : '');
$header = $this->prepareRFC822_Header($rfc822_header, $reply_rfc822_header, $raw_length);
return $raw_length;
}
+ /**
+ * function writeBody - generate and write the mime boundaries around each part to the stream
+ *
+ * Recursively formats and writes the MIME boundaries of the $message
+ * to the output stream.
+ *
+ * @param Message $message Message object to transform
+ * @param resource $stream SMTP output stream
+ * @param integer &$length_raw raw length of the message (part)
+ * as returned by mail fn
+ * @param string $boundary custom boundary to call, usually for subparts
+ *
+ * @return void
+ */
function writeBody($message, $stream, &$length_raw, $boundary='') {
// calculate boundary in case of multidimensional mime structures
if ($boundary && $message->entity_id && count($message->entities)) {
if (strpos($boundary,'_part_')) {
$boundary = substr($boundary,0,strpos($boundary,'_part_'));
+
+ // the next four lines use strrev to reverse any nested boundaries
+ // because RFC 2046 (5.1.1) says that if a line starts with the outer
+ // boundary string (doesn't matter what the line ends with), that
+ // can be considered a match for the outer boundary; thus the nested
+ // boundary needs to be unique from the outer one
+ //
+ } else if (strpos($boundary,'_trap_')) {
+ $boundary = substr(strrev($boundary),0,strpos(strrev($boundary),'_part_'));
}
- $boundary_new = $boundary . '_part_'.$message->entity_id;
+ $boundary_new = strrev($boundary . '_part_'.$message->entity_id);
} else {
$boundary_new = $boundary;
}
}
}
$this->writeBodyPart($message, $stream, $length_raw);
-
+
$last = false;
for ($i=0, $entCount=count($message->entities);$i<$entCount;$i++) {
$msg = $this->writeBody($message->entities[$i], $stream, $length_raw, $boundary_new);
if ($i == $entCount-1) $last = true;
}
if ($boundary && $last) {
- $s = "--".$boundary."--\r\n\r\n";
+ $s = "--".$boundary_new."--\r\n\r\n";
$length_raw += strlen($s);
if ($stream) {
$this->preWriteToStream($s);
}
}
+ /**
+ * function writeBodyPart - write each individual mimepart
+ *
+ * Recursively called by WriteBody to write each mime part to the SMTP stream
+ *
+ * @param Message $message Message object to transform
+ * @param resource $stream SMTP output stream
+ * @param integer &$length length of the message part
+ * as returned by mail fn
+ *
+ * @return void
+ */
function writeBodyPart($message, $stream, &$length) {
if ($message->mime_header) {
$type0 = $message->mime_header->type0;
case 'message':
if ($message->body_part) {
$body_part = $message->body_part;
+ // remove NUL characters
+ $body_part = str_replace("\0",'',$body_part);
$length += $this->clean_crlf($body_part);
if ($stream) {
- $this->preWriteToStream($body_part);
+ $this->preWriteToStream($body_part);
$this->writeToStream($stream, $body_part);
}
$last = $body_part;
$filename = $message->att_local_name;
$file = fopen ($filename, 'rb');
while ($body_part = fgets($file, 4096)) {
+ // remove NUL characters
+ $body_part = str_replace("\0",'',$body_part);
$length += $this->clean_crlf($body_part);
if ($stream) {
$this->preWriteToStream($body_part);
default:
if ($message->body_part) {
$body_part = $message->body_part;
+ // remove NUL characters
+ $body_part = str_replace("\0",'',$body_part);
$length += $this->clean_crlf($body_part);
if ($stream) {
$this->writeToStream($stream, $body_part);
} elseif ($message->att_local_name) {
$filename = $message->att_local_name;
$file = fopen ($filename, 'rb');
- $encoded = '';
while ($tmp = fread($file, 570)) {
$body_part = chunk_split(base64_encode($tmp));
$length += $this->clean_crlf($body_part);
}
}
+ /**
+ * function clean_crlf - change linefeeds and newlines to legal characters
+ *
+ * The SMTP format only allows CRLF as line terminators.
+ * This function replaces illegal teminators with the correct terminator.
+ *
+ * @param string &$s string to clean linefeeds on
+ *
+ * @return void
+ */
function clean_crlf(&$s) {
$s = str_replace("\r\n", "\n", $s);
$s = str_replace("\r", "\n", $s);
return strlen($s);
}
+ /**
+ * function strip_crlf - strip linefeeds and newlines from a string
+ *
+ * The SMTP format only allows CRLF as line terminators.
+ * This function strips all line terminators from the string.
+ *
+ * @param string &$s string to clean linefeeds on
+ *
+ * @return void
+ */
function strip_crlf(&$s) {
$s = str_replace("\r\n ", '', $s);
$s = str_replace("\r", '', $s);
$s = str_replace("\n", '', $s);
}
+ /**
+ * function preWriteToStream - reserved for extended functionality
+ *
+ * This function is not yet implemented.
+ * Reserved for extended functionality.
+ *
+ * @param string &$s string to operate on
+ *
+ * @return void
+ */
function preWriteToStream(&$s) {
}
+ /**
+ * function writeToStream - write data to the SMTP stream
+ *
+ * @param resource $stream SMTP output stream
+ * @param string $data string with data to send to the SMTP stream
+ *
+ * @return void
+ */
function writeToStream($stream, $data) {
fputs($stream, $data);
}
+ /**
+ * function initStream - reserved for extended functionality
+ *
+ * This function is not yet implemented.
+ * Reserved for extended functionality.
+ *
+ * @param Message $message Message object
+ * @param string $host host name or IP to connect to
+ * @param string $user username to log into the SMTP server with
+ * @param string $pass password to log into the SMTP server with
+ * @param integer $length
+ *
+ * @return handle $stream file handle resource to SMTP stream
+ */
function initStream($message, $length=0, $host='', $port='', $user='', $pass='') {
return $stream;
}
-
- function getBcc() {
+
+ /**
+ * function getBCC - reserved for extended functionality
+ *
+ * This function is not yet implemented.
+ * Reserved for extended functionality.
+ *
+ */
+ function getBCC() {
return false;
}
+ /**
+ * function prepareMIME_Header - creates the mime header
+ *
+ * @param Message $message Message object to act on
+ * @param string $boundary mime boundary from fn MimeBoundary
+ *
+ * @return string $header properly formatted mime header
+ */
function prepareMIME_Header($message, $boundary) {
$mime_header = $message->mime_header;
$rn="\r\n";
$contenttype = 'Content-Type: '. $mime_header->type0 .'/'.
$mime_header->type1;
if (count($message->entities)) {
- $contenttype .= ";\r\n " . 'boundary="'.$boundary.'"';
+ $contenttype .= ';' . 'boundary="'.$boundary.'"';
}
if (isset($mime_header->parameters['name'])) {
$contenttype .= '; name="'.
$header[] = $contenttype . $rn;
if ($mime_header->description) {
- $header[] .= 'Content-Description: ' . $mime_header->description . $rn;
+ $header[] = 'Content-Description: ' . $mime_header->description . $rn;
}
if ($mime_header->encoding) {
- $encoding = $mime_header->encoding;
- $header[] .= 'Content-Transfer-Encoding: ' . $mime_header->encoding . $rn;
+ $header[] = 'Content-Transfer-Encoding: ' . $mime_header->encoding . $rn;
} else {
if ($mime_header->type0 == 'text' || $mime_header->type0 == 'message') {
- $header[] .= 'Content-Transfer-Encoding: 8bit' . $rn;
+ $header[] = 'Content-Transfer-Encoding: 8bit' . $rn;
} else {
- $header[] .= 'Content-Transfer-Encoding: base64' . $rn;
+ $header[] = 'Content-Transfer-Encoding: base64' . $rn;
}
}
if ($mime_header->id) {
- $header[] .= 'Content-ID: ' . $mime_header->id . $rn;
+ $header[] = 'Content-ID: ' . $mime_header->id . $rn;
}
if ($mime_header->disposition) {
$disposition = $mime_header->disposition;
$contentdisp .= '; filename="'.
encodeHeader($disposition->getProperty('filename')). '"';
}
- $header[] = $contentdisp . $rn;
+ $header[] = $contentdisp . $rn;
}
if ($mime_header->md5) {
- $header[] .= 'Content-MD5: ' . $mime_header->md5 . $rn;
+ $header[] = 'Content-MD5: ' . $mime_header->md5 . $rn;
}
if ($mime_header->language) {
- $header[] .= 'Content-Language: ' . $mime_header->language . $rn;
+ $header[] = 'Content-Language: ' . $mime_header->language . $rn;
}
$cnt = count($header);
return $header;
}
+ /**
+ * function prepareRFC822_Header - prepares the RFC822 header string from Rfc822Header object(s)
+ *
+ * This function takes the Rfc822Header object(s) and formats them
+ * into the RFC822Header string to send to the SMTP server as part
+ * of the SMTP message.
+ *
+ * @param Rfc822Header $rfc822_header
+ * @param Rfc822Header $reply_rfc822_header
+ * @param integer &$raw_length length of the message
+ *
+ * @return string $header
+ */
function prepareRFC822_Header($rfc822_header, $reply_rfc822_header, &$raw_length) {
- global $domain, $version, $username;
+ global $domain, $version, $username, $encode_header_key, $edit_identity, $hide_auth_header;
/* if server var SERVER_NAME not available, use $domain */
if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER)) {
/* This creates an RFC 822 date */
$date = date('D, j M Y H:i:s ', mktime()) . $this->timezone();
/* Create a message-id */
- $message_id = '<' . $REMOTE_PORT . '.' . $REMOTE_ADDR . '.';
- $message_id .= time() . '.squirrel@' . $REMOTE_ADDR .'>';
+ $message_id = '<' . $REMOTE_PORT . '.';
+ if (isset($encode_header_key) && trim($encode_header_key)!='') {
+ // use encrypted form of remote address
+ $message_id.= OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key));
+ } else {
+ $message_id.= $REMOTE_ADDR;
+ }
+ $message_id .= '.' . time() . '.squirrel@' . $SERVER_NAME .'>';
/* Make an RFC822 Received: line */
if (isset($REMOTE_HOST)) {
$received_from = "$REMOTE_HOST ([$REMOTE_ADDR])";
$received_from .= " (proxying for $HTTP_X_FORWARDED_FOR)";
}
$header = array();
- $header[] = "Received: from $received_from" . $rn;
- $header[] = " (SquirrelMail authenticated user $username);" . $rn;
- $header[] = " by $SERVER_NAME with HTTP;" . $rn;
- $header[] = " $date" . $rn;
+
+ /**
+ * SquirrelMail header
+ *
+ * This Received: header provides information that allows to track
+ * user and machine that was used to send email. Don't remove it
+ * unless you understand all possible forging issues or your
+ * webmail installation does not prevent changes in user's email address.
+ * See SquirrelMail bug tracker #847107 for more details about it.
+ */
+ if (isset($encode_header_key) &&
+ trim($encode_header_key)!='') {
+ // use encoded headers, if encryption key is set and not empty
+ $header[].= 'X-Squirrel-UserHash: '.OneTimePadEncrypt($username,base64_encode($encode_header_key)).$rn;
+ $header[].= 'X-Squirrel-FromHash: '.OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key)).$rn;
+ if (isset($HTTP_X_FORWARDED_FOR))
+ $header[].= 'X-Squirrel-ProxyHash:'.OneTimePadEncrypt($this->ip2hex($HTTP_X_FORWARDED_FOR),base64_encode($encode_header_key)).$rn;
+ } else {
+ // use default received headers
+ $header[] = "Received: from $received_from" . $rn;
+ if ($edit_identity || ! isset($hide_auth_header) || ! $hide_auth_header)
+ $header[] = " (SquirrelMail authenticated user $username)" . $rn;
+ $header[] = " by $SERVER_NAME with HTTP;" . $rn;
+ $header[] = " $date" . $rn;
+ }
+
/* Insert the rest of the header fields */
$header[] = 'Message-ID: '. $message_id . $rn;
if ($reply_rfc822_header->message_id) {
}
$header[] = "Date: $date" . $rn;
$header[] = 'Subject: '.encodeHeader($rfc822_header->subject) . $rn;
- $header[] = 'From: '. $rfc822_header->getAddr_s('from',',',true) . $rn;
- /* RFC2822 if from contains more then 1 address */
+ $header[] = 'From: '. $rfc822_header->getAddr_s('from',",$rn ",true) . $rn;
+
+ // folding address list [From|To|Cc|Bcc] happens by using ",$rn<space>" as delimiter
+ // Do not use foldLine for that.
+
+ // RFC2822 if from contains more then 1 address
if (count($rfc822_header->from) > 1) {
$header[] = 'Sender: '. $rfc822_header->getAddr_s('sender',',',true) . $rn;
}
if (count($rfc822_header->to)) {
- $header[] = 'To: '. $rfc822_header->getAddr_s('to',',',true) . $rn;
+ $header[] = 'To: '. $rfc822_header->getAddr_s('to',",$rn ",true) . $rn;
}
if (count($rfc822_header->cc)) {
- $header[] = 'Cc: '. $rfc822_header->getAddr_s('cc',',',true) . $rn;
+ $header[] = 'Cc: '. $rfc822_header->getAddr_s('cc',",$rn ",true) . $rn;
}
if (count($rfc822_header->reply_to)) {
$header[] = 'Reply-To: '. $rfc822_header->getAddr_s('reply_to',',',true) . $rn;
/* Sendmail should return true. Default = false */
$bcc = $this->getBcc();
if (count($rfc822_header->bcc)) {
- $s = 'Bcc: '. $rfc822_header->getAddr_s('bcc',',',true) . $rn;
+ $s = 'Bcc: '. $rfc822_header->getAddr_s('bcc',",$rn ",true) . $rn;
if (!$bcc) {
- $s = $this->foldLine($s, 78, str_pad('',4));
$raw_length += strlen($s);
} else {
$header[] = $s;
}
}
- /* Identify SquirrelMail */
+ /* Identify SquirrelMail */
$header[] = 'User-Agent: SquirrelMail/' . $version . $rn;
- // Spamassassin complains about no X-Mailer in combination with X-Priority
- $header[] = 'X-Mailer: SquirrelMail/' . $version . $rn;
/* Do the MIME-stuff */
$header[] = 'MIME-Version: 1.0' . $rn;
$contenttype = 'Content-Type: '. $rfc822_header->content_type->type0 .'/'.
if (count($rfc822_header->content_type->properties)) {
foreach ($rfc822_header->content_type->properties as $k => $v) {
if ($k && $v) {
- $contenttype .= ';' .$k.'='.$v;
+ $contenttype .= ';' .$k.'='.$v;
}
}
}
$header[] = $contenttype . $rn;
if ($encoding = $rfc822_header->encoding) {
- $header[] .= 'Content-Transfer-Encoding: ' . $encoding . $rn;
- }
+ $header[] = 'Content-Transfer-Encoding: ' . $encoding . $rn;
+ }
if ($rfc822_header->dnt) {
- $dnt = $rfc822_header->getAddr_s('dnt');
+ $dnt = $rfc822_header->getAddr_s('dnt');
/* Pegasus Mail */
$header[] = 'X-Confirm-Reading-To: '.$dnt. $rn;
/* RFC 2298 */
$header[] = 'Disposition-Notification-To: '.$dnt. $rn;
}
if ($rfc822_header->priority) {
- $prio = $rfc822_header->priority;
- $header[] = 'X-Priority: '. $prio. $rn;
- switch($prio)
+ switch($rfc822_header->priority)
{
- case 1: $header[] = 'Importance: High'. $rn; break;
- case 3: $header[] = 'Importance: Normal'. $rn; break;
- case 5: $header[] = 'Importance: Low'. $rn; break;
+ case 1:
+ $header[] = 'X-Priority: 1 (Highest)'.$rn;
+ $header[] = 'Importance: High'. $rn; break;
+ case 5:
+ $header[] = 'X-Priority: 5 (Lowest)'.$rn;
+ $header[] = 'Importance: Low'. $rn; break;
default: break;
}
}
- /* Insert headers from the $more_headers array */
+ /* Insert headers from the $more_headers array */
if(count($rfc822_header->more_headers)) {
reset($rfc822_header->more_headers);
foreach ($rfc822_header->more_headers as $k => $v) {
}
$hdr_s .= $sLine;
break;
+ case 'To':
+ case 'Cc':
+ case 'Bcc':
+ case 'From':
+ $hdr_s .= $header[$i];
+ break;
default: $hdr_s .= $this->foldLine($header[$i], 78, str_pad('',4)); break;
}
}
return $header;
}
- /*
- * function for cleanly folding of headerlines
- */
+ /**
+ * function foldLine - for cleanly folding of headerlines
+ *
+ * @param string $line
+ * @param integer $length length to fold the line at
+ * @param string $pre prefix the line with...
+ *
+ * @return string $line folded line with trailing CRLF
+ */
function foldLine($line, $length, $pre='') {
$line = substr($line,0, -2);
$length -= 2; /* do not fold between \r and \n */
$fold_string = "\r\n ";
$aFoldLine[] = substr($line,0,$iLengthEnc);
$line = substr($line,$iLengthEnc);
- }
+ }
} else if ($iPosEnc < $length) { /* the encoded string fits into the foldlength */
/*remainder */
$sLineRem = substr($line,$iPosEncEnd,$length - $iPosEncEnd);
$bFirstFold = true;
$length -= strlen($fold_string);
}
- }
+ }
}
}
if (!$fold) {
case ($iFoldPos = strrpos($line_tmp,'=')): break;
default: break;
}
-
+
if (!$iFoldPos) { /* clean folding didn't work */
$iFoldPos = $length;
}
return $line."\r\n";
}
+ /**
+ * function mimeBoundary - calculates the mime boundary to use
+ *
+ * This function will generate a random mime boundary base part
+ * for the message if the boundary has not already been set.
+ *
+ * @return string $mimeBoundaryString random mime boundary string
+ */
function mimeBoundary () {
static $mimeBoundaryString;
return $mimeBoundaryString;
}
- /* Time offset for correct timezone */
+ /**
+ * function timezone - Time offset for correct timezone
+ *
+ * @return string $result with timezone and offset
+ */
function timezone () {
global $invert_time;
$diff_hour = floor ($diff_second / 3600);
$diff_minute = floor (($diff_second-3600*$diff_hour) / 60);
$zonename = '('.strftime('%Z').')';
- $result = sprintf ("%s%02d%02d %s", $sign, $diff_hour, $diff_minute,
+ $result = sprintf ("%s%02d%02d %s", $sign, $diff_hour, $diff_minute,
$zonename);
return ($result);
}
+ /**
+ * function calculate_references - calculate correct Referer string
+ *
+ * @param Rfc822Header $hdr message header to calculate from
+ *
+ * @return string $refer concatenated and trimmed Referer string
+ */
function calculate_references($hdr) {
$refer = $hdr->references;
$message_id = $hdr->message_id;
trim($refer);
return $refer;
}
+
+ /**
+ * Converts ip address to hexadecimal string
+ *
+ * Function is used to convert ipv4 and ipv6 addresses to hex strings.
+ * It removes all delimiter symbols from ip addresses, converts decimal
+ * ipv4 numbers to hex and pads strings in order to present full length
+ * address. ipv4 addresses are represented as 8 byte strings, ipv6 addresses
+ * are represented as 32 byte string.
+ *
+ * If function fails to detect address format, it returns unprocessed string.
+ * @param string $string ip address string
+ * @return string processed ip address string
+ * @since 1.5.1
+ */
+ function ip2hex($string) {
+ if (preg_match("/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/",$string,$match)) {
+ // ipv4 address
+ $ret = str_pad(dechex($match[1]),2,'0',STR_PAD_LEFT)
+ . str_pad(dechex($match[2]),2,'0',STR_PAD_LEFT)
+ . str_pad(dechex($match[3]),2,'0',STR_PAD_LEFT)
+ . str_pad(dechex($match[4]),2,'0',STR_PAD_LEFT);
+ } elseif (preg_match("/^([0-9a-h]+)\:([0-9a-h]+)\:([0-9a-h]+)\:([0-9a-h]+)\:([0-9a-h]+)\:([0-9a-h]+)\:([0-9a-h]+)\:([0-9a-h]+)$/i",$string,$match)) {
+ // full ipv6 address
+ $ret = str_pad($match[1],4,'0',STR_PAD_LEFT)
+ . str_pad($match[2],4,'0',STR_PAD_LEFT)
+ . str_pad($match[3],4,'0',STR_PAD_LEFT)
+ . str_pad($match[4],4,'0',STR_PAD_LEFT)
+ . str_pad($match[5],4,'0',STR_PAD_LEFT)
+ . str_pad($match[6],4,'0',STR_PAD_LEFT)
+ . str_pad($match[7],4,'0',STR_PAD_LEFT)
+ . str_pad($match[8],4,'0',STR_PAD_LEFT);
+ } elseif (preg_match("/^\:\:([0-9a-h\:]+)$/i",$string,$match)) {
+ // short ipv6 with all starting symbols nulled
+ $aAddr=explode(':',$match[1]);
+ $ret='';
+ foreach ($aAddr as $addr) {
+ $ret.=str_pad($addr,4,'0',STR_PAD_LEFT);
+ }
+ $ret=str_pad($ret,32,'0',STR_PAD_LEFT);
+ } elseif (preg_match("/^([0-9a-h\:]+)::([0-9a-h\:]+)$/i",$string,$match)) {
+ // short ipv6 with middle part nulled
+ $aStart=explode(':',$match[1]);
+ $sStart='';
+ foreach($aStart as $addr) {
+ $sStart.=str_pad($addr,4,'0',STR_PAD_LEFT);
+ }
+ $aEnd = explode(':',$match[2]);
+ $sEnd='';
+ foreach($aEnd as $addr) {
+ $sEnd.=str_pad($addr,4,'0',STR_PAD_LEFT);
+ }
+ $ret = $sStart
+ . str_pad('',(32 - strlen($sStart . $sEnd)),'0',STR_PAD_LEFT)
+ . $sEnd;
+ } else {
+ // unknown addressing
+ $ret = $string;
+ }
+ return $ret;
+ }
}
-?>
+?>
\ No newline at end of file
projects / squirrelmail.git / blobdiff