X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Fconfigtest.php;h=92a50484da709ce2acc3ac58c1aa8af9534e563a;hp=2d45eb4640b5a54c637e5ef68b611315a9bc9653;hb=3ee5d63bdd6f215e9d4c8add39b88a10dab56972;hpb=8a6b8e1f25781423b7788700c5dd1e7998e0ad1f
diff --git a/src/configtest.php b/src/configtest.php
index 2d45eb46..92a50484 100644
--- a/src/configtest.php
+++ b/src/configtest.php
@@ -3,7 +3,7 @@
/**
* SquirrelMail configtest script
*
- * @copyright © 2003-2009 The SquirrelMail Project Team
+ * @copyright 2003-2015 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
@@ -120,6 +120,9 @@ if (file_exists(SM_PATH . 'config/config_local.php')) {
require(SM_PATH . 'config/config_local.php');
}
+sqGetGlobalVar('REMOTE_ADDR',$client_ip,SQ_SERVER);
+sqGetGlobalVar('SERVER_ADDR',$server_ip,SQ_SERVER);
+
/**
* Include Compatibility plugin if available.
*/
@@ -175,8 +178,6 @@ if(!in_array('strings.php', $included)) {
/* Block remote use of script */
if (! $allow_remote_configtest) {
- sqGetGlobalVar('REMOTE_ADDR',$client_ip,SQ_SERVER);
- sqGetGlobalVar('SERVER_ADDR',$server_ip,SQ_SERVER);
if ((! isset($client_ip) || $client_ip!='127.0.0.1') &&
(! isset($client_ip) || ! isset($server_ip) || $client_ip!=$server_ip)) {
@@ -206,12 +207,39 @@ if(!check_php_version(4,1,0)) {
echo $IND . 'PHP version ' . PHP_VERSION . ' OK. (You have: ' . phpversion() . ". Minimum: 4.1.0)
\n";
+// try to determine information about the user and group the web server is running as
+//
+$webOwnerID = 'N/A';
+$webOwnerInfo = array('name' => 'N/A');
+if (function_exists('posix_getuid'))
+ $webOwnerID = posix_getuid();
+if ($webOwnerID === FALSE)
+ $webOwnerID = 'N/A';
+if ($webOwnerID !== 'N/A' && function_exists('posix_getpwuid'))
+ $webOwnerInfo = posix_getpwuid($webOwnerID);
+if (!$webOwnerInfo)
+ $webOwnerInfo = array('name' => 'N/A');
+$webGroupID = 'N/A';
+$webGroupInfo = array('name' => 'N/A');
+if (function_exists('posix_getgid'))
+ $webGroupID = posix_getgid();
+if ($webGroupID === FALSE)
+ $webGroupID = 'N/A';
+if ($webGroupID !== 'N/A' && function_exists('posix_getgrgid'))
+ $webGroupInfo = posix_getgrgid($webGroupID);
+if (!$webGroupInfo)
+ $webGroupInfo = array('name' => 'N/A');
+
+echo $IND . 'Running as ' . $webOwnerInfo['name'] . '(' . $webOwnerID
+ . ') / ' . $webGroupInfo['name'] . '(' . $webGroupID . ")
\n";
+
echo $IND . 'display_errors: ' . $php_display_errors_original_value . " (overridden with 1 for this page only)
\n";
-echo $IND . 'error_reporting: ' . $php_error_reporting_original_value . " (overridden with 2047 for this page only)
\n";
+echo $IND . 'error_reporting: ' . $php_error_reporting_original_value . " (overridden with " . E_ALL . " for this page only)
\n";
$safe_mode = ini_get('safe_mode');
if ($safe_mode) {
+ //FIXME: should show that safe_mode is off when it is (this only shows the safe_mode setting when it's on) (also might be generally helpful to show things like open_basedir, too or even add phpinfo() output or a link to another script that has phpinfo()
echo $IND . 'safe_mode: ' . $safe_mode;
if (empty($prefs_dsn) || empty($addrbook_dsn))
echo ' (double check data and attachment directory ownership, etc!)';
@@ -240,7 +268,7 @@ else if (strpos($variables_order, 'G') === FALSE
|| strpos($variables_order, 'P') === FALSE
|| strpos($variables_order, 'C') === FALSE
|| strpos($variables_order, 'S') === FALSE) {
- do_err('Your variables_order setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but you have it set to "' . htmlspecialchars($variables_order) . '"', true);
+ do_err('Your variables_order setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but you have it set to "' . sm_encode_html_special_chars($variables_order) . '"', true);
} else {
echo $IND . "variables_order OK: $variables_order.
\n";
}
@@ -256,7 +284,7 @@ if (!check_php_version(5)) {
else if (strpos($gpc_order, 'G') === FALSE
|| strpos($gpc_order, 'P') === FALSE
|| strpos($gpc_order, 'C') === FALSE) {
- do_err('Your gpc_order setting is insufficient for SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . htmlspecialchars($gpc_order) . '"', true);
+ do_err('Your gpc_order setting is insufficient for SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . sm_encode_html_special_chars($gpc_order) . '"', true);
} else {
echo $IND . "gpc_order OK: $gpc_order.
\n";
}
@@ -452,7 +480,7 @@ if (isset($plugins[0])) {
// if plugin outputs more than newlines and spacing, stop script execution.
if (!empty($output)) {
- $plugin_load_error = 'Some output was produced when plugin ' . $name . ' was loaded. Usually this means there is an error in the plugin\'s setup or configuration file. The output was: '.htmlspecialchars($output);
+ $plugin_load_error = 'Some output was produced when plugin ' . $name . ' was loaded. Usually this means there is an error in the plugin\'s setup or configuration file. The output was: '.sm_encode_html_special_chars($output);
do_err($plugin_load_error);
}
}
@@ -561,9 +589,9 @@ if ( $squirrelmail_default_language != 'en_US' ) {
echo $IND . "Default language OK.
\n";
}
-echo $IND . "Base URL detected as: " . htmlspecialchars($test_location) .
+echo $IND . "Base URL detected as: " . sm_encode_html_special_chars($test_location) .
" (location base " . (empty($config_location_base) ? 'autodetected' : 'set to ' .
- htmlspecialchars($config_location_base)."") . ")
\n";
+ sm_encode_html_special_chars($config_location_base)."") . ")
\n";
/* check minimal requirements for other security options */
@@ -604,26 +632,38 @@ if($useSendmail) {
echo $IND . "sendmail OK
\n";
} else {
- $stream = fsockopen( ($use_smtp_tls==1?'tls://':'').$smtpServerAddress, $smtpPort,
+ // NB: Using "ssl://" ensures the highest possible TLS version
+ // will be negotiated with the server (whereas "tls://" only
+ // uses TLS version 1.0)
+ $stream = fsockopen( ($use_smtp_tls==1?'ssl://':'').$smtpServerAddress, $smtpPort,
$errorNumber, $errorString);
if(!$stream) {
do_err("Error connecting to SMTP server \"$smtpServerAddress:$smtpPort\".".
- "Server error: ($errorNumber) ".htmlspecialchars($errorString));
+ "Server error: ($errorNumber) ".sm_encode_html_special_chars($errorString));
}
// check for SMTP code; should be 2xx to allow us access
$smtpline = fgets($stream, 1024);
if(((int) $smtpline{0}) > 3) {
do_err("Error connecting to SMTP server. Server error: ".
- htmlspecialchars($smtpline));
+ sm_encode_html_special_chars($smtpline));
}
/* smtp starttls checks */
if ($use_smtp_tls===2) {
// if something breaks, script should close smtp connection on exit.
+
+ // format EHLO argument correctly if needed
+ //
+ if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $client_ip))
+ $helohost = '[' . $client_ip . ']';
+ else // some day might add IPv6 here
+ $helohost = $client_ip;
+
+
// say helo
- fwrite($stream,"EHLO $client_ip\r\n");
+ fwrite($stream,"EHLO $helohost\r\n");
$ehlo=array();
$ehlo_error = false;
@@ -658,7 +698,7 @@ if($useSendmail) {
$starttls_response=fgets($stream, 1024);
if ($starttls_response[0]!=2) {
$starttls_cmd_err = 'SMTP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_response);
+ .sm_encode_html_special_chars($starttls_response);
do_err($starttls_cmd_err);
} elseif(! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
do_err('Failed to enable encryption on SMTP STARTTLS connection.');
@@ -671,7 +711,7 @@ if($useSendmail) {
fputs($stream, 'QUIT');
fclose($stream);
echo $IND . 'SMTP server OK ('.
- trim(htmlspecialchars($smtpline)).")
\n";
+ trim(sm_encode_html_special_chars($smtpline)).")
\n";
/* POP before SMTP */
if($pop_before_smtp) {
@@ -679,13 +719,13 @@ if($useSendmail) {
$stream = fsockopen($pop_before_smtp_host, 110, $err_no, $err_str);
if (!$stream) {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110) "
- . $err_no . ' : ' . htmlspecialchars($err_str));
+ . $err_no . ' : ' . sm_encode_html_special_chars($err_str));
}
$tmp = fgets($stream, 1024);
if (substr($tmp, 0, 3) != '+OK') {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110)"
- . ' '.htmlspecialchars($tmp));
+ . ' '.sm_encode_html_special_chars($tmp));
}
fputs($stream, 'QUIT');
fclose($stream);
@@ -699,23 +739,26 @@ if($useSendmail) {
echo "Checking IMAP service....
\n";
/** Can we open a connection? */
-$stream = fsockopen( ($use_imap_tls==1?'tls://':'').$imapServerAddress, $imapPort,
+// NB: Using "ssl://" ensures the highest possible TLS version
+// will be negotiated with the server (whereas "tls://" only
+// uses TLS version 1.0)
+$stream = fsockopen( ($use_imap_tls==1?'ssl://':'').$imapServerAddress, $imapPort,
$errorNumber, $errorString);
if(!$stream) {
do_err("Error connecting to IMAP server \"$imapServerAddress:$imapPort\".".
"Server error: ($errorNumber) ".
- htmlspecialchars($errorString));
+ sm_encode_html_special_chars($errorString));
}
/** Is the first response 'OK'? */
$imapline = fgets($stream, 1024);
if(substr($imapline, 0,4) != '* OK') {
do_err('Error connecting to IMAP server. Server error: '.
- htmlspecialchars($imapline));
+ sm_encode_html_special_chars($imapline));
}
echo $IND . 'IMAP server ready ('.
- htmlspecialchars(trim($imapline)).")
\n";
+ sm_encode_html_special_chars(trim($imapline)).")
\n";
/** Check capabilities */
fputs($stream, "A001 CAPABILITY\r\n");
@@ -737,7 +780,7 @@ if ($use_imap_tls===2 && stristr($capline, 'STARTTLS') === false) {
$starttls_line=fgets($stream, 1024);
if (! preg_match("/^A002 OK.*/i",$starttls_line)) {
$imap_starttls_err = 'IMAP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_line);
+ .sm_encode_html_special_chars($starttls_line);
do_err($imap_starttls_err);
} elseif (! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
do_err('Failed to enable encryption on IMAP connection.');
@@ -757,7 +800,7 @@ if ($use_imap_tls===2 && stristr($capline, 'STARTTLS') === false) {
}
}
-echo $IND . 'Capabilities: '.htmlspecialchars($capline)."
\n";
+echo $IND . 'Capabilities: '.sm_encode_html_special_chars($capline)."
\n";
if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) {
do_err('Your server doesn\'t allow plaintext logins. '.
@@ -818,7 +861,7 @@ if (function_exists('gettext')) {
$display_locale = $setlocale;
$locale_count = 1;
}
- $tested_locales_msg = 'Tested '.htmlspecialchars($display_locale).' '
+ $tested_locales_msg = 'Tested '.sm_encode_html_special_chars($display_locale).' '
.($locale_count>1 ? 'locales':'locale'). '.';
echo $IND . $IND .$IND . $lang_data['NAME'].' (' .$lang_code. ') - ';
@@ -829,7 +872,7 @@ if (function_exists('gettext')) {
} else {
echo 'supported. '
.$tested_locales_msg
- .' setlocale() returned "'.htmlspecialchars($retlocale).'"';
+ .' setlocale() returned "'.sm_encode_html_special_chars($retlocale).'"';
}
echo "
\n";
}
@@ -882,7 +925,7 @@ if ( (!ini_get('safe_mode')) || function_exists('date_default_timezone_set') ||
echo "Webmail users can't change their time zone settings. \n";
}
if (isset($_ENV['TZ'])) {
- echo 'Default time zone is '.htmlspecialchars($_ENV['TZ']);
+ echo 'Default time zone is '.sm_encode_html_special_chars($_ENV['TZ']);
} else {
echo 'Current time zone is '.date('T');
}
@@ -941,7 +984,7 @@ if($addrbook_dsn || $prefs_dsn || $addrbook_global_dsn) {
$dbh = DB::connect($dsn, true);
if (DB::isError($dbh)) {
- do_err('Database error: '. htmlspecialchars(DB::errorMessage($dbh)) .
+ do_err('Database error: '. sm_encode_html_special_chars(DB::errorMessage($dbh)) .
' in ' .$type .' DSN.');
}
$dbh->disconnect();