projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Happy New Year
[squirrelmail.git] / plugins / spamcop / spamcop.php
diff --git a/plugins/spamcop/spamcop.php b/plugins/spamcop/spamcop.php
index b74c4127629a7b0f378ec218a40ebd015b8bbbf0..be7bbcf9df89dc019d2f5dac76a01863b7966c3e 100644 (file)
--- a/plugins/spamcop/spamcop.php
+++ b/plugins/spamcop/spamcop.php
@@ -1,74 +1,34 @@
 <?php
-/** 
+
+/**
  * spamcop.php -- SpamCop plugin -- main page
  *
- * @copyright (c) 1999-2004 The SquirrelMail development team
+ * @copyright 1999-2020 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage spamcop
  */
 
-/** @ignore */
-define('SM_PATH','../../');
-
- /* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/imap.php');
-
 /**
- * Stores message in attachment directory, when email based reports are used
- * @access private
+ * Include the SquirrelMail initialization file.
  */
-function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, 
-                                      $passed_ent_id='', $imapConnection) {
-    global $attachment_dir, $username;
-
-    $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
-    if (!$passed_ent_id) {
-        $body_a = sqimap_run_command($imapConnection, 
-                                    'FETCH '.$passed_id.' RFC822',
-                                    TRUE, $response, $readmessage, 
-                                    TRUE);
-    } else {
-        $body_a = sqimap_run_command($imapConnection, 
-                                     'FETCH '.$passed_id.' BODY['.$passed_ent_id.']',
-                                     TRUE, $response, $readmessage,TRUE);
-        $message = $message->parent;
-    }
-    if ($response == 'OK') {
-        $subject = encodeHeader($message->rfc822_header->subject);
-        array_shift($body_a);
-        $body = implode('', $body_a) . "\r\n";
-                
-        $localfilename = GenerateRandomString(32, 'FILE', 7);
-        $full_localfilename = "$hashed_attachment_dir/$localfilename";
-        $fp = fopen( $full_localfilename, 'w');
-        fwrite ($fp, $body);
-        fclose($fp);
-       
-        /* dirty relative dir fix */
-        if (substr($attachment_dir,0,3) == '../') {
-          $attachment_dir = substr($attachment_dir,3);
-          $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
-        }
-       $full_localfilename = "$hashed_attachment_dir/$localfilename";
-
-       $composeMessage->initAttachment('message/rfc822','email.txt', 
-                        $full_localfilename);
-    }
-    return $composeMessage;
-}
-
+require('../../include/init.php');
+/* IMAP functions depend on date and mime */
+include_once(SM_PATH . 'functions/date.php');
+include_once(SM_PATH . 'functions/mime.php');
+/* IMAP functions */
+include_once(SM_PATH . 'functions/imap_general.php');
+include_once(SM_PATH . 'functions/imap_messages.php');
+/* plugin functions */
+include_once(SM_PATH . 'plugins/spamcop/functions.php');
+
+include_once(SM_PATH . 'functions/compose.php');
 
 /* GLOBALS */
 
-sqgetGlobalVar('username', $username, SQ_SESSION);
-sqgetGlobalVar('key',      $key,      SQ_COOKIE);
-sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
-
 sqgetGlobalVar('mailbox', $mailbox, SQ_GET);
-sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
+sqgetGlobalVar('passed_id', $passed_id, SQ_GET, NULL, SQ_TYPE_BIGINT);
 sqgetGlobalVar('js_web', $js_web, SQ_GET);
 
 if (! sqgetGlobalVar('startMessage', $startMessage, SQ_GET) ) {
@@ -98,11 +58,19 @@ if ($js_web) {
   displayPageHeader($color,$mailbox);
 }
 
-    $imap_stream = sqimap_login($username, $key, $imapServerAddress, 
-       $imapPort, 0);
+/** is spamcop plugin disabled */
+if (! is_plugin_enabled('spamcop')) {
+    error_box(_("Plugin is disabled."));
+    // display footer (closes html tags) and stop script execution
+    $oTemplate->display('footer.tpl');
+    exit();
+}
+
+    global $imap_stream_options; // in case not defined in config
+    $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options);
     sqimap_mailbox_select($imap_stream, $mailbox);
 
-    if ($spamcop_method == 'quick_email' || 
+    if ($spamcop_method == 'quick_email' ||
         $spamcop_method == 'thorough_email') {
        // Use email-based reporting -- save as an attachment
        $session = "$composesession"+1;
@@ -117,18 +85,18 @@ if ($js_web) {
           $composeMessage->rfc822_header = $rfc822_header;
           $composeMessage->reply_rfc822_header = '';
           $compose_messages[$session] = $composeMessage;
-          sqsession_register($compose_messages,'compose_messages');  
+          sqsession_register($compose_messages,'compose_messages');
        } else {
           $composeMessage=$compose_messages[$session];
        }
 
 
         $message = sqimap_get_message($imap_stream, $passed_id, $mailbox);
-        $composeMessage = getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, 
+        $composeMessage = spamcop_getMessage_RFC822_Attachment($message, $composeMessage, $passed_id,
                                       $passed_ent_id, $imap_stream);
 
-       $compose_messages[$session] = $composeMessage;
-       sqsession_register($compose_messages, 'compose_messages');
+            $compose_messages[$session] = $composeMessage;
+        sqsession_register($compose_messages, 'compose_messages');
 
         $fn = getPref($data_dir, $username, 'full_name');
         $em = getPref($data_dir, $username, 'email_address');
@@ -150,11 +118,11 @@ echo "</p>";
 <td align="left" valign="top">
 <?php if (isset($js_web) && $js_web) {
   echo '<form method="post" action="javascript:return false">';
-  echo '<input type="button" value="' . _("Close Window") . "\" onClick=\"window.close(); return true;\" />\n";
+  echo '<input type="button" value="' . _("Close Window") . "\" onclick=\"window.close(); return true;\" />\n";
 } else {
-   ?><form method="post" action="../../src/right_main.php">
-  <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
-  <input type="hidden" name="startMessage" value="<?php echo htmlspecialchars($startMessage) ?>" />
+   ?><form method="post" action="<?php echo sqm_baseuri(); ?>src/right_main.php">
+  <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+  <input type="hidden" name="startMessage" value="<?php echo sm_encode_html_special_chars($startMessage) ?>" />
 <?php
   echo '<input type="submit" value="' . _("Cancel / Done") . "\" />";
 }
@@ -167,16 +135,17 @@ echo "</p>";
       $report_email = 'submit.' . $spamcop_id . '@spam.spamcop.net';
    else
       $report_email = 'quick.' . $spamcop_id . '@spam.spamcop.net';
-   $form_action = SM_PATH . 'src/compose.php';
+   $form_action = sqm_baseuri() . 'src/compose.php';
 ?>  <form method="post" action="<?php echo $form_action?>">
-  <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
-  <input type="hidden" name="spamcop_is_composing" value="<?php echo htmlspecialchars($passed_id) ?>" />
-  <input type="hidden" name="send_to" value="<?php echo htmlspecialchars($report_email)?>" />
+  <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
+  <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+  <input type="hidden" name="spamcop_is_composing" value="<?php echo sm_encode_html_special_chars($passed_id) ?>" />
+  <input type="hidden" name="send_to" value="<?php echo sm_encode_html_special_chars($report_email)?>" />
   <input type="hidden" name="subject" value="reply anyway" />
   <input type="hidden" name="identity" value="0" />
   <input type="hidden" name="session" value="<?php echo $session?>" />
 <?php
-  echo '<input type="submit" name="send" value="' . _("Send Spam Report") . "\" />\n";
+  echo '<input type="submit" name="send1" value="' . _("Send Spam Report") . "\" />\n";
 } else {
    $spam_message = mime_fetch_body ($imap_stream, $passed_id, $passed_ent_id, 50000);
 
@@ -184,11 +153,8 @@ echo "</p>";
       $Warning = "\n[truncated by SpamCop]\n";
       $spam_message = substr($spam_message, 0, 50000 - strlen($Warning)) . $Warning;
    }
-   if ($spamcop_type=='member') {
-     $action_url="http://members.spamcop.net/sc";
-   } else {
-     $action_url="http://www.spamcop.net/sc";
-   }
+   $action_url="http://members.spamcop.net/sc";
+
    if (isset($js_web) && $js_web) {
      echo "<form method=\"post\" action=\"$action_url\" name=\"submitspam\"".
        " enctype=\"multipart/form-data\">\n";
@@ -198,10 +164,9 @@ echo "</p>";
    } ?>
   <input type="hidden" name="action" value="submit" />
   <input type="hidden" name="oldverbose" value="1" />
-  <input type="hidden" name="code" value="<?php echo htmlspecialchars($spamcop_id) ?>" />
-  <input type="hidden" name="spam" value="<?php echo htmlspecialchars($spam_message); ?>" />
+  <input type="hidden" name="spam" value="<?php echo sm_encode_html_special_chars($spam_message); ?>" />
     <?php
-       echo '<input type="submit" name="x1" value="' . _("Send Spam Report") . "\" />\n";
+        echo '<input type="submit" name="x1" value="' . _("Send Spam Report") . "\" />\n";
     }
 ?>  </form>
 </td>
Unnamed repository; edit this file 'description' to name the repository.