*
* This implements all functions that do general IMAP functions.
*
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright 1999-2014 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
$message = $message[$tag];
$response = $response[$tag];
return $read[$tag];
+//FIXME: obey $handle_errors below!
} else {
global $squirrelmail_language, $color;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
+//FIXME: NO HTML IN CORE!
"</b></font>\n";
error_box($string);
return false;
$message = $message[$tag];
if (!empty($read[$tag])) {
+ /* sqimap_read_data should be called for one response
+ but since it just calls sqimap_retrieve_imap_response
+ which handles multiple responses we need to check for
+ that and merge the $read[$tag] array IF they are
+ separated and IF it was a FETCH response. */
+
+ if (isset($read[$tag][1]) && is_array($read[$tag][1]) && isset($read[$tag][1][0])
+ && preg_match('/^\* \d+ FETCH/', $read[$tag][1][0])) {
+ $result = array();
+ foreach($read[$tag] as $index => $value) {
+ $result = array_merge($result, $read[$tag]["$index"]);
+ }
+ return $result;
+ }
+
return $read[$tag][0];
} else {
return $read[$tag];
}
+//FIXME: obey $handle_errors below!
} else {
global $squirrelmail_language, $color;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
+//FIXME: NO HTML IN CORE!
"</b></font>\n";
error_box($string);
return false;
&$response, &$message, $query = '') {
global $color, $oTemplate, $squirrelmail_language;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: Bad function call.") .
+//FIXME: NO HTML IN CORE!
"</b><br />\n" .
_("Reason:") . ' '.
'There is a plugin installed which make use of the <br />' .
'Please adapt the installed plugin and let it use<br />'.
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
- htmlspecialchars($query) . '<br />' . "</font><br />\n";
+//FIXME: NO HTML IN CORE!
+ sm_encode_html_special_chars($query) . '<br />' . "</font><br />\n";
error_box($string);
$oTemplate->display('footer.tpl');
exit;
global $color, $squirrelmail_language;
set_up_language($squirrelmail_language);
+//FIXME: NO HTML IN CORE!
$string = "<font color=\"$color[2]\"><b>\n" . $title . "</b><br />\n";
$cmd = explode(' ',$query);
$cmd= strtolower($cmd[0]);
if ($query != '' && $cmd != 'login')
- $string .= _("Query:") . ' ' . htmlspecialchars($query) . '<br />';
+ $string .= _("Query:") . ' ' . sm_encode_html_special_chars($query) . '<br />';
if ($message_title != '')
$string .= $message_title;
if ($message != '')
- $string .= htmlspecialchars($message);
+ $string .= sm_encode_html_special_chars($message);
+//FIXME: NO HTML IN CORE!
$string .= "</font><br />\n";
if ($link != '')
$string .= $link;
we prohibid that literal responses appear in the
outer loop so we can trust the untagged and
tagged info provided by $read */
+ $read_literal = false;
if ($s === "}\r\n") {
$j = strrpos($read,'{');
$iLit = substr($read,$j+1,-3);
if ($read === false) { /* error */
break 4; /* while while switch while */
}
- $fetch_data[] = $read;
+ $s = substr($read,-3);
+ $read_literal = true;
+ continue;
} else {
$fetch_data[] = $read;
}
/* check for next untagged reponse and break */
if ($read{0} == '*') break 2;
$s = substr($read,-3);
- } while ($s === "}\r\n");
+ } while ($s === "}\r\n" || $read_literal);
$s = substr($read,-3);
} while ($read{0} !== '*' &&
substr($read,0,strlen($tag)) !== $tag);
$query = '';
}
sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:"),$sResponse);
+//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
} else if ($handle_errors) {
break;
case 'BAD':
sqimap_error_box(_("ERROR: Bad or malformed request."), $query, _("Server responded:") . ' ', $message[$tag]);
+//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
case 'BYE':
sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:") . ' ', $message[$tag]);
+//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
default:
* @param int port port number to connect to
* @param integer $tls whether to use plain text(0), TLS(1) or STARTTLS(2) when connecting.
* Argument was boolean before 1.5.1.
+ * @param array $ssl_options SSL context options, see config_local.php
+ * for more details (OPTIONAL)
* @return imap-stream resource identifier
* @since 1.5.0 (usable only in 1.5.1 or later)
*/
-function sqimap_create_stream($server,$port,$tls=0) {
+function sqimap_create_stream($server,$port,$tls=0,$ssl_options=array()) {
global $squirrelmail_language;
if (strstr($server,':') && ! preg_match("/^\[.*\]$/",$server)) {
$server = '['.$server.']';
}
+ // NB: Using "ssl://" ensures the highest possible TLS version
+ // will be negotiated with the server (whereas "tls://" only
+ // uses TLS version 1.0)
+ //
if ($tls == 1) {
if ((check_php_version(4,3)) and (extension_loaded('openssl'))) {
- /* Use TLS by prefixing "tls://" to the hostname */
- $server = 'tls://' . $server;
+ if (function_exists('stream_socket_client')) {
+ $server_address = 'ssl://' . $server . ':' . $port;
+ if (!empty($ssl_options))
+ $ssl_options = array('ssl' => $ssl_options);
+ $ssl_context = @stream_context_create($ssl_options);
+ $connect_timeout = ini_get('default_socket_timeout');
+ // null timeout is broken
+ if ($connect_timeout == 0)
+ $connect_timeout = 15;
+ $imap_stream = @stream_socket_client($server_address, $error_number, $error_string, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context);
+ } else {
+ $imap_stream = @fsockopen('ssl://' . $server, $port, $error_number, $error_string, 15);
+ }
} else {
require_once(SM_PATH . 'functions/display_messages.php');
logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
_("Please contact your system administrator and report this error."),
sprintf(_("Error connecting to IMAP server: %s."), $server));
}
+ } else {
+ $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
}
- $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
/* Do some error correction */
if (!$imap_stream) {
set_up_language($squirrelmail_language, true);
require_once(SM_PATH . 'functions/display_messages.php');
logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
+//FIXME: NO HTML IN CORE!
"<br />\r\n$error_number : $error_string<br />\r\n",
sprintf(_("Error connecting to IMAP server: %s."), $server) );
exit;
* 1 = show no errors (just exit)
* 2 = show no errors (return FALSE)
* 3 = show no errors (return error string)
+ * @param array $ssl_options SSL context options, see config_local.php
+ * for more details (OPTIONAL)
* @return mixed The IMAP connection stream, or if the connection fails,
* FALSE if $hide is set to 2 or an error string if $hide
* is set to 3.
*/
-function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
+function sqimap_login ($username, $password, $imap_server_address,
+ $imap_port, $hide, $ssl_options=array()) {
global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
$imap_auth_mech, $sqimap_capabilities;
$host = $imap_server_address;
$imap_server_address = sqimap_get_user_server($imap_server_address, $username);
- $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
+ $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls,$ssl_options);
if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
// We're using some sort of authentication OTHER than plain or login
//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here
if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
- $message = htmlspecialchars($message);
+ $message = sm_encode_html_special_chars($message);
set_up_language($squirrelmail_language, true);
if ($response == 'BAD') {
if ($hide == 3) return sprintf(_("Bad request: %s"), $message);
if (isset($read) && is_array($read)) {
$string .= '<br />' . _("Read data:") . "<br />\n";
foreach ($read as $line) {
- $string .= htmlspecialchars($line) . "<br />\n";
+ $string .= sm_encode_html_special_chars($line) . "<br />\n";
}
}
error_box($string);
/* Do some caching here */
if (!$sqimap_delimiter) {
- if (sqimap_capability($imap_stream, 'NAMESPACE')) {
+ if (sqimap_capability($imap_stream, 'NAMESPACE')
/*
* According to something that I can't find, this is supposed to work on all systems
* OS: This won't work in Courier IMAP.
*
* TODO: remove this in favour of the information from sqimap_get_namespace()
*/
- $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b);
- if (eregi('\\* NAMESPACE +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL)', $read[0], $data)) {
- if (eregi('^\\( *\\((.*)\\) *\\)', $data[1], $data2)) {
- $pn = $data2[1];
- }
- $pna = explode(')(', $pn);
- while (list($k, $v) = each($pna)) {
- $lst = explode('"', $v);
- if (isset($lst[3])) {
- $pn[$lst[1]] = $lst[3];
- } else {
- $pn[$lst[1]] = '';
- }
+ && ($read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b))
+ && preg_match('/\* NAMESPACE +(\( *\(.+\) *\)|NIL) +(\( *\(.+\) *\)|NIL) +(\( *\(.+\) *\)|NIL)/i', $read[0], $data)
+ && preg_match('/^\( *\((.*)\) *\)/', $data[1], $data2)) {
+ $pn = $data2[1];
+ $pna = explode(')(', $pn);
+ $delnew = array();
+ while (list($k, $v) = each($pna)) {
+ $lst = explode('"', $v);
+ if (isset($lst[3])) {
+ $delnew[$lst[1]] = $lst[3];
+ } else {
+ $delnew[$lst[1]] = '';
}
}
- $sqimap_delimiter = $pn[0];
+ $sqimap_delimiter = array_shift($delnew);
} else {
fputs ($imap_stream, ". LIST \"INBOX\" \"\"\r\n");
$read = sqimap_read_data($imap_stream, '.', true, $a, $b);
$ns_strings = array(1=>'personal', 2=>'users', 3=>'shared');
$namespace = array();
- if(ereg('NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)', $input, $regs) !== false) {
+ if (preg_match('/NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)/', $input, $regs)) {
for($i=1; $i<=3; $i++) {
if($regs[$i] == 'NIL') {
$namespace[$ns_strings[$i]] = array();
*/
function sqimap_encode_mailbox_name($what)
{
- if (ereg("[\"\\\r\n]", $what))
+ if (preg_match('/["\\\r\n]/', $what))
return '{' . strlen($what) . "}\r\n" . $what; /* 4.3 literal form */
return '"' . $what . '"'; /* 4.3 quoted string form */
}
if ($sRsp == 'NO' || $sRsp == 'BAD') {
// for the moment disabled. Enable after 1.5.1 release.
// Notices could give valueable information about the mailbox
- // sqm_trigger_imap_error('SQM_IMAP_APPEND_NOTICE',$imapquery,$sRsp,$sMsg);
+ // Update: seems this was forgotten, but now it is finally enabled
+ sqm_trigger_imap_error('SQM_IMAP_APPEND_NOTICE',$imapquery,$sRsp,$sMsg);
}
$bDone = false;
case $imapsid:
* @since 1.3.0
*/
function map_yp_alias($username) {
- $yp = `ypmatch $username aliases`;
+ $safe_username = escapeshellarg($username);
+ $yp = `ypmatch $safe_username aliases`;
return chop(substr($yp, strlen($username)+1));
}
projects / squirrelmail.git / blobdiff