X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fmail_fetch%2Ffunctions.php;h=b606da1f02a49af3574af248dfb5b4bb7deba45f;hp=5f1e97184d036015f5451288d0691da1cbb60447;hb=c4faef335b2362c81b8ebf026d4066c12d70536c;hpb=5fe0662e2fa39482b7752e3be0a07341980715c8 diff --git a/plugins/mail_fetch/functions.php b/plugins/mail_fetch/functions.php index 5f1e9718..b606da1f 100644 --- a/plugins/mail_fetch/functions.php +++ b/plugins/mail_fetch/functions.php @@ -9,7 +9,7 @@ * and josh@superfork.com (extracted from php manual) * Adapted for MailFetch by Philippe Mingo * - * @copyright © 1999-2009 The SquirrelMail Project Team + * @copyright 1999-2020 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins @@ -22,7 +22,8 @@ include_once (SM_PATH . 'plugins/mail_fetch/constants.php'); include_once (SM_PATH . 'plugins/mail_fetch/class.mail_fetch.php'); /** declare plugin globals */ -global $mail_fetch_allow_unsubscribed; +global $mail_fetch_allow_unsubscribed, $mail_fetch_allowable_ports, + $mail_fetch_block_server_pattern; /** * Add link to menu at top of content pane @@ -63,7 +64,7 @@ if (file_exists(SM_PATH . 'config/mail_fetch_config.php')) { function mail_fetch_login_function() { include_once (SM_PATH . 'functions/imap_general.php'); - global $username, $data_dir, $imapServerAddress, $imapPort; + global $username, $data_dir, $imapServerAddress, $imapPort, $imap_stream_options; $mailfetch_newlog = getPref($data_dir, $username, 'mailfetch_newlog'); @@ -128,7 +129,7 @@ function mail_fetch_login_function() { continue; } - $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10); + $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 10, $imap_stream_options); /* log into pop server*/ if (! $pop3->login($mailfetch_user, $mailfetch_pass)) { @@ -138,7 +139,7 @@ function mail_fetch_login_function() { $aMsgStat = $pop3->command_stat(); if (is_bool($aMsgStat)) { - $outMsg .= _("Can't get mailbox status:") . ' ' . htmlspecialchars($pop3->error); + $outMsg .= _("Can't get mailbox status:") . ' ' . sm_encode_html_special_chars($pop3->error); continue; } @@ -151,7 +152,7 @@ function mail_fetch_login_function() { if ($mailfetch_lmos == 'on') { $msglist = $pop3->command_uidl(); if (is_bool($msglist)) { - $outMsg .= _("Server does not support UIDL.") . ' '.htmlspecialchars($pop3->error); + $outMsg .= _("Server does not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error); // User asked to leave messages on server, but we can't do that. $pop3->command_quit(); continue; @@ -190,7 +191,7 @@ function mail_fetch_login_function() { $Message = $pop3->command_retr($i); if (is_bool($Message)) { - $outMsg .= _("Warning:") . ' ' . htmlspecialchars($pop3->error); + $outMsg .= _("Warning:") . ' ' . sm_encode_html_special_chars($pop3->error); continue; } @@ -211,7 +212,7 @@ function mail_fetch_login_function() { $response=(implode('',$response)); $message=(implode('',$message)); if ($response != 'OK') { - $outMsg .= _("Error Appending Message!")." ".htmlspecialchars($message); + $outMsg .= _("Error Appending Message!")." ".sm_encode_html_special_chars($message); if ($mailfetch_lmos == 'on') { setPref($data_dir,$username,"mailfetch_uidl_$i_loop", $msglist[$i-1]); @@ -311,18 +312,21 @@ function mail_fetch_folderact_function($args) { // end of hooked functions /** - * hex2bin - document me + * hex2bin - convert a hexadecimal string into binary + * Exists since PHP 5.4. */ -function hex2bin( $data ) { +if ( ! function_exists('hex2bin') ) { + function hex2bin( $data ) { - /* Original code by josh@superfork.com */ + /* Original code by josh@superfork.com */ - $len = strlen($data); - $newdata = ''; - for( $i=0; $i < $len; $i += 2 ) { - $newdata .= pack( "C", hexdec( substr( $data, $i, 2) ) ); + $len = strlen($data); + $newdata = ''; + for( $i=0; $i < $len; $i += 2 ) { + $newdata .= pack( "C", hexdec( substr( $data, $i, 2) ) ); + } + return $newdata; } - return $newdata; } function mf_keyED( $txt ) { @@ -417,3 +421,68 @@ function mail_fetch_check_noselect($imap_stream,$imap_folder) { } return false; } + +/** + * Validate a requested POP3 port number + * + * Allowable port numbers are configured in config.php + * (see config_example.php for an example and more + * rules about how the list of allowable port numbers + * can be specified) + * + * @param int $requested_port The port number given by the user + * + * @return string An error string is returned if the port + * number is not allowable, otherwise an + * empty string is returned. + * + */ +function validate_mail_fetch_port_number($requested_port) { + global $mail_fetch_allowable_ports; + if (empty($mail_fetch_allowable_ports)) + $mail_fetch_allowable_ports = array(110, 995); + + if (in_array('ALL', $mail_fetch_allowable_ports)) + return ''; + + if (!in_array($requested_port, $mail_fetch_allowable_ports)) { + sq_change_text_domain('mail_fetch'); + $error = _("Sorry, that port number is not allowed"); + sq_change_text_domain('squirrelmail'); + return $error; + } + + return ''; +} + +/** + * Validate a requested POP3 server address + * + * Blocked server addresses are configured in config.php + * (see config_example.php for more details) + * + * @param int $requested_address The server address given by the user + * + * @return string An error string is returned if the server + * address is not allowable, otherwise an + * empty string is returned. + * + */ +function validate_mail_fetch_server_address($requested_address) { + global $mail_fetch_block_server_pattern; + if (empty($mail_fetch_block_server_pattern)) + $mail_fetch_block_server_pattern = '/(^10\.)|(^192\.)|(^127\.)|(^localhost)/'; + + if ($mail_fetch_block_server_pattern == 'UNRESTRICTED') + return ''; + + if (preg_match($mail_fetch_block_server_pattern, $requested_address)) { + sq_change_text_domain('mail_fetch'); + $error = _("Sorry, that server address is not allowed"); + sq_change_text_domain('squirrelmail'); + return $error; + } + + return ''; +} +