*
* This implements all functions that manipulate mailboxes
*
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright © 1999-2007 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
isDraftMailbox($box,$include_subs) );
if ( !$ret ) {
- $ret = boolean_hook_function('special_mailbox',$box,1);
+ $ret = boolean_hook_function('special_mailbox', $box, 1);
}
return $ret;
}
if ($mailbox == 'None') {
return;
}
+
// cleanup $mailbox in order to prevent IMAP injection attacks
$mailbox = str_replace(array("\r","\n"), array("",""),$mailbox);
+
+ /**
+ * Default UW IMAP server configuration allows to access other files
+ * on server. $imap_server_type is not checked because interface can
+ * be used with 'other' or any other server type setting. $mailbox
+ * variable can be modified in any script that uses variable from GET
+ * or POST. This code blocks all standard SquirrelMail IMAP API requests
+ * that use mailbox with full path (/etc/passwd) or with ../ characters
+ * in path (../../etc/passwd)
+ */
+ if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') {
+ global $oTemplate;
+ error_box(sprintf(_("Invalid mailbox name: %s"),htmlspecialchars($mailbox)));
+ sqimap_logout($imap_stream);
+ $oTemplate->display('footer.tpl');
+ die();
+ }
+
$read = sqimap_run_command($imap_stream, 'SELECT ' . sqimap_encode_mailbox_name($mailbox),
true, $response, $message);
$result = array();
// subscribe again
sqimap_subscribe ($imap_stream, $mailbox);
} else {
- do_hook_function('rename_or_delete_folder', $args = array($mailbox, 'delete', ''));
+ do_hook('rename_or_delete_folder', $temp=array(&$mailbox, 'delete', ''));
removePref($data_dir, $username, "thread_$mailbox");
removePref($data_dir, $username, "collapse_folder_$mailbox");
}
sqimap_subscribe($imap_stream, $new_name.$postfix);
setPref($data_dir, $username, 'thread_'.$new_name.$postfix, $oldpref_thread);
setPref($data_dir, $username, 'collapse_folder_'.$new_name.$postfix, $oldpref_collapse);
- do_hook_function('rename_or_delete_folder',$args = array($old_name, 'rename', $new_name));
+ do_hook('rename_or_delete_folder', $temp=array(&$old_name, 'rename', &$new_name));
$l = strlen( $old_name ) + 1;
$p = 'unformatted';
}
setPref($data_dir, $username, 'thread_'.$new_sub, $oldpref_thread);
setPref($data_dir, $username, 'collapse_folder_'.$new_sub, $oldpref_collapse);
- do_hook_function('rename_or_delete_folder',
- $args = array($box[$p], 'rename', $new_sub));
+ do_hook('rename_or_delete_folder', $temp=array(&$box[$p], 'rename', &$new_sub));
}
}
}
{
$hook_status['MAILBOX']=$oMbx->mailboxname_full;
$hook_status['CALLER']='sqimap_get_status_mbx_tree'; // helps w/ debugging
- do_hook_function('folder_status',$hook_status);
+ do_hook('folder_status', $hook_status);
}
}
}