* and josh@superfork.com (extracted from php manual)
* Adapted for MailFetch by Philippe Mingo <mingo@rotedic.com>
*
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package plugins
include_once (SM_PATH . 'plugins/mail_fetch/class.mail_fetch.php');
/** declare plugin globals */
-global $mail_fetch_allow_unsubscribed;
+global $mail_fetch_allow_unsubscribed, $mail_fetch_allowable_ports,
+ $mail_fetch_block_server_pattern;
/**
* Add link to menu at top of content pane
function mail_fetch_login_function() {
include_once (SM_PATH . 'functions/imap_general.php');
- global $username, $data_dir, $imapServerAddress, $imapPort;
+ global $username, $data_dir, $imapServerAddress, $imapPort, $imap_stream_options;
$mailfetch_newlog = getPref($data_dir, $username, 'mailfetch_newlog');
continue;
}
- $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10);
+ $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10, $imap_stream_options);
/* log into pop server*/
if (! $pop3->login($mailfetch_user, $mailfetch_pass)) {
$aMsgStat = $pop3->command_stat();
if (is_bool($aMsgStat)) {
- $outMsg .= _("Can't get mailbox status:") . ' ' . htmlspecialchars($pop3->error);
+ $outMsg .= _("Can't get mailbox status:") . ' ' . sm_encode_html_special_chars($pop3->error);
continue;
}
if ($mailfetch_lmos == 'on') {
$msglist = $pop3->command_uidl();
if (is_bool($msglist)) {
- $outMsg .= _("Server does not support UIDL.") . ' '.htmlspecialchars($pop3->error);
+ $outMsg .= _("Server does not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error);
// User asked to leave messages on server, but we can't do that.
$pop3->command_quit();
continue;
$Message = $pop3->command_retr($i);
if (is_bool($Message)) {
- $outMsg .= _("Warning:") . ' ' . htmlspecialchars($pop3->error);
+ $outMsg .= _("Warning:") . ' ' . sm_encode_html_special_chars($pop3->error);
continue;
}
$response=(implode('',$response));
$message=(implode('',$message));
if ($response != 'OK') {
- $outMsg .= _("Error Appending Message!")." ".htmlspecialchars($message);
+ $outMsg .= _("Error Appending Message!")." ".sm_encode_html_special_chars($message);
if ($mailfetch_lmos == 'on') {
setPref($data_dir,$username,"mailfetch_uidl_$i_loop", $msglist[$i-1]);
// end of hooked functions
/**
- * hex2bin - document me
+ * hex2bin - convert a hexadecimal string into binary
+ * Exists since PHP 5.4.
*/
-function hex2bin( $data ) {
+if ( ! function_exists('hex2bin') ) {
+ function hex2bin( $data ) {
- /* Original code by josh@superfork.com */
+ /* Original code by josh@superfork.com */
- $len = strlen($data);
- $newdata = '';
- for( $i=0; $i < $len; $i += 2 ) {
- $newdata .= pack( "C", hexdec( substr( $data, $i, 2) ) );
+ $len = strlen($data);
+ $newdata = '';
+ for( $i=0; $i < $len; $i += 2 ) {
+ $newdata .= pack( "C", hexdec( substr( $data, $i, 2) ) );
+ }
+ return $newdata;
}
- return $newdata;
}
function mf_keyED( $txt ) {
}
return false;
}
+
+/**
+ * Validate a requested POP3 port number
+ *
+ * Allowable port numbers are configured in config.php
+ * (see config_example.php for an example and more
+ * rules about how the list of allowable port numbers
+ * can be specified)
+ *
+ * @param int $requested_port The port number given by the user
+ *
+ * @return string An error string is returned if the port
+ * number is not allowable, otherwise an
+ * empty string is returned.
+ *
+ */
+function validate_mail_fetch_port_number($requested_port) {
+ global $mail_fetch_allowable_ports;
+ if (empty($mail_fetch_allowable_ports))
+ $mail_fetch_allowable_ports = array(110, 995);
+
+ if (in_array('ALL', $mail_fetch_allowable_ports))
+ return '';
+
+ if (!in_array($requested_port, $mail_fetch_allowable_ports)) {
+ sq_change_text_domain('mail_fetch');
+ $error = _("Sorry, that port number is not allowed");
+ sq_change_text_domain('squirrelmail');
+ return $error;
+ }
+
+ return '';
+}
+
+/**
+ * Validate a requested POP3 server address
+ *
+ * Blocked server addresses are configured in config.php
+ * (see config_example.php for more details)
+ *
+ * @param int $requested_address The server address given by the user
+ *
+ * @return string An error string is returned if the server
+ * address is not allowable, otherwise an
+ * empty string is returned.
+ *
+ */
+function validate_mail_fetch_server_address($requested_address) {
+ global $mail_fetch_block_server_pattern;
+ if (empty($mail_fetch_block_server_pattern))
+ $mail_fetch_block_server_pattern = '/(^10\.)|(^192\.)|(^127\.)|(^localhost)/';
+
+ if ($mail_fetch_block_server_pattern == 'UNRESTRICTED')
+ return '';
+
+ if (preg_match($mail_fetch_block_server_pattern, $requested_address)) {
+ sq_change_text_domain('mail_fetch');
+ $error = _("Sorry, that server address is not allowed");
+ sq_change_text_domain('squirrelmail');
+ return $error;
+ }
+
+ return '';
+}
+