X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fsmtp.php;h=ad7a257ae29ddaf697a8c1ae68cd4f37eeb0621f;hp=75af97bbe1c477a045e77c7bedd78052e0736c03;hb=b60b58f9ca942cfdddc08a415c626e245c2526b3;hpb=6441f7c6b523c5874f702a2bb859a9daddf1cc4f diff --git a/functions/smtp.php b/functions/smtp.php index 75af97bb..ad7a257a 100644 --- a/functions/smtp.php +++ b/functions/smtp.php @@ -1,4 +1,4 @@ - 0) $sign = "+"; else @@ -106,10 +118,11 @@ } /* Print all the needed RFC822 headers */ - function write822Header ($fp, $t, $c, $b, $subject) { + function write822Header ($fp, $t, $c, $b, $subject, $more_headers) { global $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT; - global $data_dir, $username, $domain, $version, $useSendmail; - global $default_charset; + global $data_dir, $username, $popuser, $domain, $version, $useSendmail; + global $default_charset, $HTTP_VIA, $HTTP_X_FORWARDED_FOR; + global $REMOTE_HOST; // Storing the header to make sure the header is the same // everytime the header is printed. @@ -122,29 +135,44 @@ $reply_to = getPref($data_dir, $username, "reply_to"); $from = getPref($data_dir, $username, "full_name"); $from_addr = getPref($data_dir, $username, "email_address"); - + if ($from_addr == "") - $from_addr = "$username@$domain"; + $from_addr = $popuser."@".$domain; $to_list = getLineOfAddrs($to); $cc_list = getLineOfAddrs($cc); $bcc_list = getLineOfAddrs($bcc); + /* Encoding 8-bit characters and making from line */ + $subject = sqStripSlashes(encodeHeader($subject)); if ($from == "") $from = "<$from_addr>"; else - $from = $from . " <$from_addr>"; + $from = "\"" . encodeHeader($from) . "\" <$from_addr>"; /* This creates an RFC 822 date */ $date = date("D, j M Y H:i:s ", mktime()) . timezone(); /* Create a message-id */ $message_id = "<" . $REMOTE_PORT . "." . $REMOTE_ADDR . "."; - $message_id .= time() . "@" . $SERVER_NAME .">"; + $message_id .= time() . ".squirrel@" . $SERVER_NAME .">"; /* Make an RFC822 Received: line */ - $header = "Received: from $REMOTE_ADDR by $SERVER_NAME with HTTP; "; - $header .= "$date\n"; + if (isset($REMOTE_HOST)) + $received_from = "$REMOTE_HOST ([$REMOTE_ADDR])"; + else + $received_from = $REMOTE_ADDR; + + if (isset($HTTP_VIA) || isset ($HTTP_X_FORWARDED_FOR)) { + if ($HTTP_X_FORWARDED_FOR == "") + $HTTP_X_FORWARDED_FOR = "unknown"; + $received_from .= " (proxying for $HTTP_X_FORWARDED_FOR)"; + } + + $header = "Received: from $received_from\r\n"; + $header .= " (SquirrelMail authenticated user $username)\r\n"; + $header .= " by $SERVER_NAME with HTTP;\r\n"; + $header .= " $date\r\n"; /* Insert the rest of the header fields */ $header .= "Message-ID: $message_id\r\n"; @@ -152,7 +180,15 @@ $header .= "Subject: $subject\r\n"; $header .= "From: $from\r\n"; $header .= "To: $to_list \r\n"; // Who it's TO - + + /* Insert headers from the $more_headers array */ + if(is_array($more_headers)) { + reset($more_headers); + while(list($h_name, $h_val) = each($more_headers)) { + $header .= sprintf("%s: %s\r\n", $h_name, $h_val); + } + } + if ($cc_list) { $header .= "Cc: $cc_list\r\n"; // Who the CCs are } @@ -170,7 +206,7 @@ $header .= "X-Mailer: SquirrelMail (version $version)\r\n"; // Identify SquirrelMail // Do the MIME-stuff - $header .= "MIME-Version: 1.0\n"; + $header .= "MIME-Version: 1.0\r\n"; if (isMultipart()) { $header .= "Content-Type: multipart/mixed; boundary=\""; @@ -209,7 +245,7 @@ $body .= "Content-Type: text/plain\r\n"; $body .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; - $body .= stripslashes($passedBody) . "\r\n"; + $body .= sqStripSlashes($passedBody) . "\r\n"; fputs ($fp, $body); $attachmentlength = attachFiles($fp); @@ -217,7 +253,7 @@ $postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n"; fputs ($fp, $postbody); } else { - $body = stripslashes($passedBody) . "\r\n"; + $body = sqStripSlashes($passedBody) . "\r\n"; fputs ($fp, $body); $postbody = "\r\n"; fputs ($fp, $postbody); @@ -227,18 +263,26 @@ } // Send mail using the sendmail command - function sendSendmail($t, $c, $b, $subject, $body) { - global $sendmail_path, $username, $domain; + function sendSendmail($t, $c, $b, $subject, $body, $more_headers) { + global $sendmail_path, $popuser, $username, $domain; + + // Build envelope sender address. Make sure it doesn't contain + // spaces or other "weird" chars that would allow a user to + // exploit the shell/pipe it is used in. + $envelopefrom = "$popuser@$domain"; + $envelopefrom = ereg_replace("[[:blank:]]","", $envelopefrom); + $envelopefrom = ereg_replace("[[:space:]]","", $envelopefrom); + $envelopefrom = ereg_replace("[[:cntrl:]]","", $envelopefrom); // open pipe to sendmail - $fp = popen (escapeshellcmd("$sendmail_path -t -f$username@$domain"), "w"); + $fp = popen (escapeshellcmd("$sendmail_path -t -f$envelopefrom"), "w"); - $headerlength = write822Header ($fp, $t, $c, $b, $subject); + $headerlength = write822Header ($fp, $t, $c, $b, $subject, $more_headers); $bodylength = writeBody($fp, $body); pclose($fp); - return ($headerlength + $bodylenght); + return ($headerlength + $bodylength); } function smtpReadData($smtpConnection) { @@ -252,17 +296,17 @@ } } - function sendSMTP($t, $c, $b, $subject, $body) { - global $username, $domain, $version, $smtpServerAddress, $smtpPort, - $data_dir; + function sendSMTP($t, $c, $b, $subject, $body, $more_headers) { + global $username, $popuser, $domain, $version, $smtpServerAddress, $smtpPort, + $data_dir, $color; $to = parseAddrs($t); $cc = parseAddrs($c); $bcc = parseAddrs($b); $from_addr = getPref($data_dir, $username, "email_address"); - if ($from_addr == "") - $from_addr = "$username@$domain"; + if (!$from_addr) + $from_addr = "$popuser@$domain"; $smtpConnection = fsockopen($smtpServerAddress, $smtpPort, $errorNumber, $errorString); if (!$smtpConnection) { @@ -270,53 +314,54 @@ echo "$errorNumber : $errorString
"; exit; } - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + errorCheck($tmp, $smtpConnection); $to_list = getLineOfAddrs($to); $cc_list = getLineOfAddrs($cc); /** Lets introduce ourselves */ fputs($smtpConnection, "HELO $domain\r\n"); - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + errorCheck($tmp, $smtpConnection); /** Ok, who is sending the message? */ fputs($smtpConnection, "MAIL FROM:<$from_addr>\r\n"); - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + errorCheck($tmp, $smtpConnection); /** send who the recipients are */ for ($i = 0; $i < count($to); $i++) { fputs($smtpConnection, "RCPT TO:<$to[$i]>\r\n"); - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + errorCheck($tmp, $smtpConnection); } for ($i = 0; $i < count($cc); $i++) { fputs($smtpConnection, "RCPT TO:<$cc[$i]>\r\n"); - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + errorCheck($tmp, $smtpConnection); } for ($i = 0; $i < count($bcc); $i++) { fputs($smtpConnection, "RCPT TO:<$bcc[$i]>\r\n"); - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + errorCheck($tmp, $smtpConnection); } /** Lets start sending the actual message */ fputs($smtpConnection, "DATA\r\n"); - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + errorCheck($tmp, $smtpConnection); // Send the message - $headerlength = write822Header ($smtpConnection, $t, $c, $b, $subject); + $headerlength = write822Header ($smtpConnection, $t, $c, $b, $subject, $more_headers); $bodylength = writeBody($smtpConnection, $body); fputs($smtpConnection, ".\r\n"); // end the DATA part - $tmp = nl2br(htmlspecialchars(fgets($smtpConnection, 1024))); - $num = errorCheck($tmp); + $tmp = fgets($smtpConnection, 1024); + $num = errorCheck($tmp, $smtpConnection); if ($num != 250) { - echo "ERROR
Message not sent!
Reason given: $tmp
"; + $tmp = nl2br(htmlspecialchars($tmp)); + echo "ERROR
Message not sent!
Reason given: $tmp
"; } fputs($smtpConnection, "QUIT\r\n"); // log off @@ -327,7 +372,20 @@ } - function errorCheck($line) { + function errorCheck($line, $smtpConnection) { + global $page_header_php; + global $color; + if (!isset($page_header_php)) { + include "../functions/page_header.php"; + } + + // Read new lines on a multiline response + $lines = $line; + while(ereg("^[0-9]+-", $line)) { + $line = fgets($smtpConnection, 1024); + $lines .= $line; + } + // Status: 0 = fatal // 5 = ok @@ -402,19 +460,20 @@ case 554: $message = "Transaction failed"; $status = 0; break; - default: $message = "Unknown response: $line"; + default: $message = "Unknown response: ". nl2br(htmlspecialchars($lines)); $status = 0; $error_num = "001"; break; } if ($status == 0) { - echo ""; + displayPageHeader($color, "None"); echo ""; - echo "
ERROR

"; + echo "
ERROR

"; echo "   Error Number: $err_num
"; echo "         Reason: $message
"; - echo "Server Response: $line
"; + $lines = nl2br(htmlspecialchars($lines)); + echo "Server Response: $lines
"; echo "
MAIL NOT SENT"; echo ""; exit; @@ -422,31 +481,44 @@ return $err_num; } - function sendMessage($t, $c, $b, $subject, $body) { - global $useSendmail; + function sendMessage($t, $c, $b, $subject, $body, $reply_id) { + global $useSendmail, $msg_id, $is_reply, $mailbox; global $data_dir, $username, $domain, $key, $version, $sent_folder, $imapServerAddress, $imapPort; - - if ($useSendmail==true) { - $length = sendSendmail($t, $c, $b, $subject, $body); + $more_headers = Array(); + + $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 1); + + if ($reply_id) { + sqimap_mailbox_select ($imap_stream, $mailbox); + sqimap_messages_flag ($imap_stream, $reply_id, $reply_id, "Answered"); + + // Insert In-Reply-To and References headers if the + // message-id of the message we reply to is set (longer than "<>") + // The References header should really be the old Referenced header + // with the message ID appended, but it can be only the message ID too. + $hdr = sqimap_get_small_header ($imap_stream, $reply_id, false); + if(strlen($hdr->message_id) > 2) { + $more_headers["In-Reply-To"] = $hdr->message_id; + $more_headers["References"] = $hdr->message_id; + } + sqimap_mailbox_close($imap_stream); + } + + if ($useSendmail) { + $length = sendSendmail($t, $c, $b, $subject, $body, $more_headers); } else { - $length = sendSMTP($t, $c, $b, $subject, $body); + $length = sendSMTP($t, $c, $b, $subject, $body, $more_headers); } - - // This is a proposed interface to save messages in the sent folder - // -- gustavf - // -// $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 1); -// sqimap_append ($imap_stream, $sent_folder, $length); -// write822Header ($imap_stream, $t, $c, $b, $subject); -// writeBody ($imap_stream, $body); - //sqimap_append_done($imap_stream); - // - // Or something like that... - + if (sqimap_mailbox_exists ($imap_stream, $sent_folder)) { + sqimap_append ($imap_stream, $sent_folder, $length); + write822Header ($imap_stream, $t, $c, $b, $subject, $more_headers); + writeBody ($imap_stream, $body); + sqimap_append_done ($imap_stream); + } + sqimap_logout($imap_stream); // Delete the files uploaded for attaching (if any). deleteAttachments(); - } - + ?>