X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fimap_general.php;h=2b0b0cf67620d37756f6d3117b8fdc049413ecd0;hp=38ef57224b4c35814517d0673c47d3a46f6f8455;hb=de3178dc1a5117827e254544c6f164dba653ad83;hpb=61d8f26d217c5e16fab9a644ce07952f1b00fa30 diff --git a/functions/imap_general.php b/functions/imap_general.php index 38ef5722..2b0b0cf6 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -5,7 +5,7 @@ * * This implements all functions that do general IMAP functions. * - * @copyright © 1999-2006 The SquirrelMail Project Team + * @copyright © 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -60,11 +60,14 @@ function sqimap_run_command_list ($imap_stream, $query, $handle_errors, &$respon $message = $message[$tag]; $response = $response[$tag]; return $read[$tag]; +//FIXME: obey $handle_errors below! } else { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); +//FIXME: NO HTML IN CORE! $string = "\n" . _("ERROR: No available IMAP stream.") . +//FIXME: NO HTML IN CORE! "\n"; error_box($string); return false; @@ -110,11 +113,14 @@ function sqimap_run_command ($imap_stream, $query, $handle_errors, &$response, } else { return $read[$tag]; } +//FIXME: obey $handle_errors below! } else { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); +//FIXME: NO HTML IN CORE! $string = "\n" . _("ERROR: No available IMAP stream.") . +//FIXME: NO HTML IN CORE! "\n"; error_box($string); return false; @@ -316,8 +322,10 @@ function sqimap_read_data_list($imap_stream, $tag, $handle_errors, &$response, &$message, $query = '') { global $color, $oTemplate, $squirrelmail_language; set_up_language($squirrelmail_language); +//FIXME: NO HTML IN CORE! $string = "\n" . _("ERROR: Bad function call.") . +//FIXME: NO HTML IN CORE! "
\n" . _("Reason:") . ' '. 'There is a plugin installed which make use of the
' . @@ -325,6 +333,7 @@ function sqimap_read_data_list($imap_stream, $tag, $handle_errors, 'Please adapt the installed plugin and let it use
'. 'sqimap_run_command or sqimap_run_command_list instead

'. 'The following query was issued:
'. +//FIXME: NO HTML IN CORE! htmlspecialchars($query) . '
' . "
\n"; error_box($string); $oTemplate->display('footer.tpl'); @@ -346,6 +355,7 @@ function sqimap_error_box($title, $query = '', $message_title = '', $message = ' global $color, $squirrelmail_language; set_up_language($squirrelmail_language); +//FIXME: NO HTML IN CORE! $string = "\n" . $title . "
\n"; $cmd = explode(' ',$query); $cmd= strtolower($cmd[0]); @@ -356,6 +366,7 @@ function sqimap_error_box($title, $query = '', $message_title = '', $message = ' $string .= $message_title; if ($message != '') $string .= htmlspecialchars($message); +//FIXME: NO HTML IN CORE! $string .= "
\n"; if ($link != '') $string .= $link; @@ -466,6 +477,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, we prohibid that literal responses appear in the outer loop so we can trust the untagged and tagged info provided by $read */ + $read_literal = false; if ($s === "}\r\n") { $j = strrpos($read,'{'); $iLit = substr($read,$j+1,-3); @@ -490,7 +502,9 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, if ($read === false) { /* error */ break 4; /* while while switch while */ } - $fetch_data[] = $read; + $s = substr($read,-3); + $read_literal = true; + continue; } else { $fetch_data[] = $read; } @@ -503,7 +517,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, /* check for next untagged reponse and break */ if ($read{0} == '*') break 2; $s = substr($read,-3); - } while ($s === "}\r\n"); + } while ($s === "}\r\n" || $read_literal); $s = substr($read,-3); } while ($read{0} !== '*' && substr($read,0,strlen($tag)) !== $tag); @@ -558,6 +572,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, $query = ''; } sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:"),$sResponse); +//FIXME: NO HTML IN CORE! echo ''; exit; } else if ($handle_errors) { @@ -593,10 +608,12 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, break; case 'BAD': sqimap_error_box(_("ERROR: Bad or malformed request."), $query, _("Server responded:") . ' ', $message[$tag]); +//FIXME: NO HTML IN CORE! echo ''; exit; case 'BYE': sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:") . ' ', $message[$tag]); +//FIXME: NO HTML IN CORE! echo ''; exit; default: @@ -671,6 +688,7 @@ function sqimap_create_stream($server,$port,$tls=0) { set_up_language($squirrelmail_language, true); require_once(SM_PATH . 'functions/display_messages.php'); logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server). +//FIXME: NO HTML IN CORE! "
\r\n$error_number : $error_string
\r\n", sprintf(_("Error connecting to IMAP server: %s."), $server) ); exit; @@ -748,15 +766,22 @@ function sqimap_create_stream($server,$port,$tls=0) { /** * Logs the user into the IMAP server. If $hide is set, no error messages - * will be displayed. This function returns the IMAP connection handle. + * will be displayed (if set to 1, just exits, if set to 2, returns FALSE). + * This function returns the IMAP connection handle. * @param string $username user name * @param string $password password encrypted with onetimepad. Since 1.5.2 * function can use internal password functions, if parameter is set to * boolean false. * @param string $imap_server_address address of imap server * @param integer $imap_port port of imap server - * @param boolean $hide controls display connection errors - * @return stream + * @param int $hide controls display connection errors: + * 0 = do not hide + * 1 = show no errors (just exit) + * 2 = show no errors (return FALSE) + * 3 = show no errors (return error string) + * @return mixed The IMAP connection stream, or if the connection fails, + * FALSE if $hide is set to 2 or an error string if $hide + * is set to 3. */ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, @@ -770,11 +795,11 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ if(!empty($authz)) { /* authz plugin - specific: - * Get proxy login parameters from authz plugin configuration. If they + * Get proxy login parameters from authz plugin configuration. If they * exist, they will override the current ones. * This is useful if we want to use different SASL authentication mechanism * and/or different TLS settings for proxy logins. */ - global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls; + global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls; $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech; $use_imap_tls = !empty($authz_use_imap_tls)? $authz_use_imap_tls : $use_imap_tls; $imap_port = !empty($authz_use_imap_tls)? $authz_imapPort_tls : $imap_port; @@ -897,14 +922,17 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ /* If the connection was not successful, lets see why */ if ($response != 'OK') { - if (!$hide) { + if (!$hide || $hide == 3) { +//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ $message = htmlspecialchars($message); set_up_language($squirrelmail_language, true); if ($response == 'BAD') { + if ($hide == 3) return sprintf(_("Bad request: %s"), $message); $string = sprintf (_("Bad request: %s")."
\r\n", $message); } else { + if ($hide == 3) return sprintf(_("Unknown error: %s"), $message); $string = sprintf (_("Unknown error: %s") . "
\n", $message); } if (isset($read) && is_array($read)) { @@ -929,13 +957,15 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ set_up_language($squirrelmail_language, true); sqsession_destroy(); - sqsetcookieflush(); + /* terminate the session nicely */ sqimap_logout($imap_stream); + if ($hide == 3) return _("Unknown user or password incorrect."); logout_error( _("Unknown user or password incorrect.") ); exit; } } else { + if ($hide == 2) return FALSE; exit; } } @@ -1041,7 +1071,7 @@ function sqimap_get_delimiter ($imap_stream = false) { * OS: According to rfc2342 response from NAMESPACE command is: * OS: * NAMESPACE (PERSONAL NAMESPACES) (OTHER_USERS NAMESPACE) (SHARED NAMESPACES) * OS: We want to lookup all personal NAMESPACES... - * + * * TODO: remove this in favour of the information from sqimap_get_namespace() */ $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b); @@ -1082,7 +1112,7 @@ function sqimap_get_namespace($imap_stream) { $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b); return sqimap_parse_namespace($read[0]); } - + /** * Parses a NAMESPACE response and returns an array with the available * personal, users and shared namespaces. @@ -1267,7 +1297,7 @@ function sqimap_status_messages ($imap_stream, $mailbox, if (!empty($hook_status)) { $hook_status['MAILBOX']=$mailbox; $hook_status['CALLER']='sqimap_status_messages'; - do_hook_function('folder_status',$hook_status); + do_hook('folder_status', $hook_status); } return $status; } @@ -1337,7 +1367,8 @@ function sqimap_append_checkresponse($response, $sMailbox, $sid='', $query='') { if ($sRsp == 'NO' || $sRsp == 'BAD') { // for the moment disabled. Enable after 1.5.1 release. // Notices could give valueable information about the mailbox - // sqm_trigger_imap_error('SQM_IMAP_APPEND_NOTICE',$imapquery,$sRsp,$sMsg); + // Update: seems this was forgotten, but now it is finally enabled + sqm_trigger_imap_error('SQM_IMAP_APPEND_NOTICE',$imapquery,$sRsp,$sMsg); } $bDone = false; case $imapsid: @@ -1405,6 +1436,7 @@ function sqimap_get_user_server ($imap_server, $username) { * @since 1.3.0 */ function map_yp_alias($username) { - $yp = `ypmatch $username aliases`; + $safe_username = escapeshellarg($username); + $yp = `ypmatch $safe_username aliases`; return chop(substr($yp, strlen($username)+1)); }