*
* This implements all functions that do general IMAP functions.
*
- * @copyright 1999-2012 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
$message = $message[$tag];
if (!empty($read[$tag])) {
+ /* sqimap_read_data should be called for one response
+ but since it just calls sqimap_retrieve_imap_response
+ which handles multiple responses we need to check for
+ that and merge the $read[$tag] array IF they are
+ separated and IF it was a FETCH response. */
+
+ if (isset($read[$tag][1]) && is_array($read[$tag][1]) && isset($read[$tag][1][0])
+ && preg_match('/^\* \d+ FETCH/', $read[$tag][1][0])) {
+ $result = array();
+ foreach($read[$tag] as $index => $value) {
+ $result = array_merge($result, $read[$tag]["$index"]);
+ }
+ return $result;
+ }
+
return $read[$tag][0];
} else {
return $read[$tag];
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
//FIXME: NO HTML IN CORE!
- htmlspecialchars($query) . '<br />' . "</font><br />\n";
+ sm_encode_html_special_chars($query) . '<br />' . "</font><br />\n";
error_box($string);
$oTemplate->display('footer.tpl');
exit;
$cmd= strtolower($cmd[0]);
if ($query != '' && $cmd != 'login')
- $string .= _("Query:") . ' ' . htmlspecialchars($query) . '<br />';
+ $string .= _("Query:") . ' ' . sm_encode_html_special_chars($query) . '<br />';
if ($message_title != '')
$string .= $message_title;
if ($message != '')
- $string .= htmlspecialchars($message);
+ $string .= sm_encode_html_special_chars($message);
//FIXME: NO HTML IN CORE!
$string .= "</font><br />\n";
if ($link != '')
$read = '';
if (!is_array($message)) $message = array();
if (!is_array($response)) $response = array();
- $aResponse = '';
+ $aResponse = array();
$resultlist = array();
$data = array();
$sCommand = '';
case 'NO':
/* ignore this error from M$ exchange, it is not fatal (aka bug) */
if (strstr($message[$tag], 'command resulted in') === false) {
+ sqsession_register('NO', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: Could not complete request."), $query, _("Reason Given:") . ' ', $message[$tag]);
echo '</body></html>';
exit;
}
break;
case 'BAD':
+ sqsession_register('BAD', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: Bad or malformed request."), $query, _("Server responded:") . ' ', $message[$tag]);
//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
case 'BYE':
+ sqsession_register('BYE', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:") . ' ', $message[$tag]);
//FIXME: NO HTML IN CORE!
echo '</body></html>';
exit;
default:
+ sqsession_register('UNKNOWN', 'IMAP_FATAL_ERROR_TYPE');
+ sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY');
+ sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE');
sqimap_error_box(_("ERROR: Unknown IMAP response."), $query, _("Server responded:") . ' ', $message[$tag]);
/* the error is displayed but because we don't know the reponse we
return the result anyway */
* @param int port port number to connect to
* @param integer $tls whether to use plain text(0), TLS(1) or STARTTLS(2) when connecting.
* Argument was boolean before 1.5.1.
+ * @param array $stream_options Stream context options, see config_local.php
+ * for more details (OPTIONAL)
* @return imap-stream resource identifier
* @since 1.5.0 (usable only in 1.5.1 or later)
*/
-function sqimap_create_stream($server,$port,$tls=0) {
+function sqimap_create_stream($server,$port,$tls=0,$stream_options=array()) {
global $squirrelmail_language;
if (strstr($server,':') && ! preg_match("/^\[.*\]$/",$server)) {
$server = '['.$server.']';
}
+ // NB: Using "ssl://" ensures the highest possible TLS version
+ // will be negotiated with the server (whereas "tls://" only
+ // uses TLS version 1.0)
+ //
if ($tls == 1) {
if ((check_php_version(4,3)) and (extension_loaded('openssl'))) {
- /* Use TLS by prefixing "tls://" to the hostname */
- $server = 'tls://' . $server;
+ if (function_exists('stream_socket_client')) {
+ $server_address = 'ssl://' . $server . ':' . $port;
+ $ssl_context = @stream_context_create($stream_options);
+ $connect_timeout = ini_get('default_socket_timeout');
+ // null timeout is broken
+ if ($connect_timeout == 0)
+ $connect_timeout = 15;
+ $imap_stream = @stream_socket_client($server_address, $error_number, $error_string, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context);
+ } else {
+ $imap_stream = @fsockopen('ssl://' . $server, $port, $error_number, $error_string, 15);
+ }
} else {
require_once(SM_PATH . 'functions/display_messages.php');
logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
_("Please contact your system administrator and report this error."),
sprintf(_("Error connecting to IMAP server: %s."), $server));
}
+ } else {
+ $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
}
- $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
/* Do some error correction */
if (!$imap_stream) {
* 1 = show no errors (just exit)
* 2 = show no errors (return FALSE)
* 3 = show no errors (return error string)
+ * @param array $stream_options Stream context options, see config_local.php
+ * for more details (OPTIONAL)
* @return mixed The IMAP connection stream, or if the connection fails,
* FALSE if $hide is set to 2 or an error string if $hide
* is set to 3.
*/
-function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
+function sqimap_login ($username, $password, $imap_server_address,
+ $imap_port, $hide, $stream_options=array()) {
global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
- $imap_auth_mech, $sqimap_capabilities;
+ $imap_auth_mech, $sqimap_capabilities, $display_imap_login_error;
// Note/TODO: This hack grabs the $authz argument from the session. In the short future,
// a new argument in function sqimap_login() will be used instead.
$host = $imap_server_address;
$imap_server_address = sqimap_get_user_server($imap_server_address, $username);
- $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
+ $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls,$stream_options);
if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
// We're using some sort of authentication OTHER than plain or login
//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here
if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
- $message = htmlspecialchars($message);
+ $message = sm_encode_html_special_chars($message);
set_up_language($squirrelmail_language, true);
if ($response == 'BAD') {
if ($hide == 3) return sprintf(_("Bad request: %s"), $message);
if (isset($read) && is_array($read)) {
$string .= '<br />' . _("Read data:") . "<br />\n";
foreach ($read as $line) {
- $string .= htmlspecialchars($line) . "<br />\n";
+ $string .= sm_encode_html_special_chars($line) . "<br />\n";
}
}
error_box($string);
/* terminate the session nicely */
sqimap_logout($imap_stream);
- if ($hide == 3) return _("Unknown user or password incorrect.");
- logout_error( _("Unknown user or password incorrect.") );
+
+ // determine what error message to use
+ //
+ $fail_msg = _("Unknown user or password incorrect.");
+ if ($display_imap_login_error) {
+ // See if there is an error message from the server
+ // Skip any rfc5530 response code: '[something]' at the
+ // start of the message
+ if (!empty($message)
+ && $message{0} == '['
+ && ($end = strstr($message, ']'))
+ && $end != ']') {
+ $message = substr($end, 1);
+ }
+ // Remove surrounding spaces and if there
+ // is anything left, display that as the
+ // error message:
+ $message = trim($message);
+ if (strlen($message))
+ $fail_msg = _($message);
+ }
+
+ if ($hide == 3) return $fail_msg;
+ logout_error($fail_msg);
exit;
}
} else {
exit;
}
+ // Run ID command if configured - RFC 2971
+ //
+ // Administrator must declare a configuration variable called
+ // $imap_id_command_args in config/config_local.php which must
+ // be an array, where each key is an attibute to be sent in the
+ // IMAP ID command to the server. Values will be sent as-is
+ // except if the value is "###REMOTE ADDRESS###" (without quotes)
+ // in which case the current user's real IP address will be
+ // substituted. If "###X-FORWARDED-FOR###" is used and a
+ // "X-FORWARDED-FOR" header is present in the client request,
+ // the contents of that header are used (careful, this can be
+ // forged). If "###X-FORWARDED-FOR OR REMOTE ADDRESS###" is
+ // used, then the "X-FORWARDED-FOR" header is used if it is
+ // present in the request, otherwise, the client's connecting
+ // IP address is used. The following attributes will always be
+ // added unless they are specifically overridden with a blank
+ // value:
+ // name, vendor, support-url, version
+ // A parsed representation of server's response is made available
+ // to plugins as both a global and session variable named
+ // "imap_server_id_response" (a simple key/value array) unless
+ // response parsing is turned off by way of setting a variable
+ // named $do_not_parse_imap_id_command_response in
+ // config/config_local.php to TRUE, in which case, the stored
+ // response will be the unparsed IMAP response.
+ //
+ global $imap_id_command_args, $do_not_parse_imap_id_command_response;
+ if (!empty($imap_id_command_args) && is_array($imap_id_command_args)
+ && sqimap_capability($imap_stream, 'ID')) {
+
+ static $args = array();
+ if (empty($args)) {
+ if (!isset($imap_id_command_args['name']))
+ $imap_id_command_args['name'] = 'SquirrelMail';
+ if (!isset($imap_id_command_args['vendor']))
+ $imap_id_command_args['vendor'] = 'SquirrelMail Project Team';
+ if (!isset($imap_id_command_args['support-url']))
+ $imap_id_command_args['support-url'] = 'https://squirrelmail.org';
+ if (!isset($imap_id_command_args['version'])) {
+ $imap_id_command_args['version'] = SM_VERSION;
+ }
+ foreach ($imap_id_command_args as $key => $value) {
+ $key = trim($key);
+ $value = trim($value);
+ if ($key === '' || $value === '')
+ continue;
+ if ($value === '###REMOTE ADDRESS###' && sqGetGlobalVar('REMOTE_ADDR', $remote_addr, SQ_SERVER))
+ $value = $remote_addr;
+ else if ($value === '###X-FORWARDED-FOR###' && sqGetGlobalVar('HTTP_X_FORWARDED_FOR', $remote_addr, SQ_SERVER))
+ $value = $remote_addr;
+ else if ($value === '###X-FORWARDED-FOR OR REMOTE ADDRESS###') {
+ if (sqGetGlobalVar('HTTP_X_FORWARDED_FOR', $remote_addr, SQ_SERVER))
+ $value = $remote_addr;
+ else if (sqGetGlobalVar('REMOTE_ADDR', $remote_addr, SQ_SERVER))
+ $value = $remote_addr;
+ }
+ else if ($value === '###REMOTE ADDRESS###' && sqGetGlobalVar('REMOTE_ADDR', $remote_addr, SQ_SERVER)) {
+ $value = $remote_addr;
+ }
+ $args[] = '"' . str_replace(array('"', '\\'), array('\\"', '\\\\'), $key)
+ . '" "' . str_replace(array('"', '\\'), array('\\"', '\\\\'), $value) . '"';
+ }
+ }
+ $read_ary = sqimap_run_command($imap_stream, 'ID (' . implode(' ', $args) . ')', false, $response, $message);
+ if (!empty($read_ary) && is_array($read_ary)) {
+ global $imap_server_id_response;
+ if ($do_not_parse_imap_id_command_response)
+ $imap_server_id_response = $read_ary;
+ else
+ {
+ $imap_server_id_response = array();
+
+ // NOTE that this parser ignores closing ) sign, so
+ // technically some kind of malformed server
+ // response could cause extra junk to be included here
+ foreach ($read_ary as $info)
+ {
+ $parsed_info = explode('(', $info, 2);
+ if (!empty($parsed_info[1]))
+ {
+ // find opening quote for the next key name
+ while ($parsed_info = explode('"', $parsed_info[1], 2))
+ {
+ if (empty($parsed_info[1]))
+ break;
+ else
+ {
+ // find closing quote for the key name
+ $pos = strpos($parsed_info[1], '"');
+ if ($pos === FALSE)
+ break;
+ else
+ {
+ $key = substr($parsed_info[1], 0, $pos);
+ $parsed_info[1] = substr($parsed_info[1], $pos + 1);
+
+ // find opening quote for the key's value
+ $parsed_info = explode('"', $parsed_info[1], 2);
+ if (empty($parsed_info[1]))
+ break;
+ else
+ {
+ // find closing quote for the key's value
+ $pos = strpos($parsed_info[1], '"');
+ if ($pos === FALSE)
+ break;
+ else
+ {
+ $imap_server_id_response[$key] = substr($parsed_info[1], 0, $pos);
+ $parsed_info[1] = substr($parsed_info[1], $pos + 1);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ sqsession_register($imap_server_id_response, 'imap_server_id_response');
+ }
+ }
+
return $imap_stream;
}
function sqimap_logout ($imap_stream) {
/* Logout is not valid until the server returns 'BYE'
* If we don't have an imap_ stream we're already logged out */
- if(isset($imap_stream) && $imap_stream)
+ if(isset($imap_stream) && $imap_stream) {
sqimap_run_command($imap_stream, 'LOGOUT', false, $response, $message);
+ fclose($imap_stream);
+ }
}
/**
projects / squirrelmail.git / blobdiff