summaryrefslogtreecommitdiff
path: root/plugins/managesieve
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/managesieve')
-rw-r--r--plugins/managesieve/Changelog3
-rw-r--r--plugins/managesieve/config.inc.php.dist5
-rw-r--r--plugins/managesieve/lib/rcube_sieve_script.php96
-rw-r--r--plugins/managesieve/localization/en_GB.inc9
-rw-r--r--plugins/managesieve/localization/en_US.inc9
-rw-r--r--plugins/managesieve/localization/pl_PL.inc9
-rw-r--r--plugins/managesieve/managesieve.js6
-rw-r--r--plugins/managesieve/managesieve.php111
-rw-r--r--plugins/managesieve/package.xml4
-rw-r--r--plugins/managesieve/tests/src/parser_enotify_a19
-rw-r--r--plugins/managesieve/tests/src/parser_enotify_b18
-rw-r--r--plugins/managesieve/tests/src/parser_notify_a18
-rw-r--r--plugins/managesieve/tests/src/parser_notify_b17
13 files changed, 305 insertions, 19 deletions
diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog
index 482cff0ca..c0428c4fc 100644
--- a/plugins/managesieve/Changelog
+++ b/plugins/managesieve/Changelog
@@ -1,4 +1,7 @@
- Fixed issue with DBMail bug [http://pear.php.net/bugs/bug.php?id=19077] (#1488594)
+- Added support for enotify/notify (RFC5435, RFC5436, draft-ietf-sieve-notify-00)
+- Change default port to 4190 (IANA-allocated), add port auto-detection (#1488713)
+- Added request size limits detection and script corruption prevention (#1488648)
* version 5.2 [2012-07-24]
-----------------------------------------------------------
diff --git a/plugins/managesieve/config.inc.php.dist b/plugins/managesieve/config.inc.php.dist
index cb9b2a97f..1f34564c5 100644
--- a/plugins/managesieve/config.inc.php.dist
+++ b/plugins/managesieve/config.inc.php.dist
@@ -1,7 +1,8 @@
<?php
-// managesieve server port
-$rcmail_config['managesieve_port'] = 2000;
+// managesieve server port. When empty the port will be determined automatically
+// using getservbyname() function, with 4190 as a fallback.
+$rcmail_config['managesieve_port'] = null;
// managesieve server address, default is localhost.
// Replacement variables supported in host name:
diff --git a/plugins/managesieve/lib/rcube_sieve_script.php b/plugins/managesieve/lib/rcube_sieve_script.php
index aa3b9ab6e..36eb1bcf8 100644
--- a/plugins/managesieve/lib/rcube_sieve_script.php
+++ b/plugins/managesieve/lib/rcube_sieve_script.php
@@ -41,7 +41,9 @@ class rcube_sieve_script
'variables', // RFC5229
'body', // RFC5173
'subaddress', // RFC5233
- // @TODO: enotify/notify, spamtest+virustest, mailbox, date
+ 'enotify', // RFC5435
+ 'notify', // draft-ietf-sieve-notify-00
+ // @TODO: spamtest+virustest, mailbox, date
);
/**
@@ -198,6 +200,9 @@ class rcube_sieve_script
}
}
+ $imapflags = in_array('imap4flags', $this->supported) ? 'imap4flags' : 'imapflags';
+ $notify = in_array('enotify', $this->supported) ? 'enotify' : 'notify';
+
// rules
foreach ($this->content as $rule) {
$extension = '';
@@ -370,11 +375,7 @@ class rcube_sieve_script
case 'addflag':
case 'setflag':
case 'removeflag':
- if (in_array('imap4flags', $this->supported))
- array_push($exts, 'imap4flags');
- else
- array_push($exts, 'imapflags');
-
+ array_push($exts, $imapflags);
$action_script .= $action['type'].' '
. self::escape_string($action['target']);
break;
@@ -403,6 +404,46 @@ class rcube_sieve_script
$action_script .= self::escape_string($action['name']) . ' ' . self::escape_string($action['value']);
break;
+ case 'notify':
+ array_push($exts, $notify);
+ $action_script .= 'notify';
+
+ // Here we support only 00 version of notify draft, there
+ // were a couple regressions in 00 to 04 changelog, we use
+ // the version used by Cyrus
+ if ($notify == 'notify') {
+ switch ($action['importance']) {
+ case 1: $action_script .= " :high"; break;
+ case 2: $action_script .= " :normal"; break;
+ case 3: $action_script .= " :low"; break;
+
+ }
+ unset($action['importance']);
+ }
+
+ foreach (array('from', 'importance', 'options', 'message') as $n_tag) {
+ if (!empty($action[$n_tag])) {
+ $action_script .= " :$n_tag " . self::escape_string($action[$n_tag]);
+ }
+ }
+
+ if (!empty($action['address'])) {
+ $method = 'mailto:' . $action['address'];
+ if (!empty($action['body'])) {
+ $method .= '?body=' . rawurlencode($action['body']);
+ }
+ }
+ else {
+ $method = $action['method'];
+ }
+
+ // method is optional in notify extension
+ if (!empty($method)) {
+ $action_script .= ($notify == 'notify' ? " :method " : " ") . self::escape_string($method);
+ }
+
+ break;
+
case 'vacation':
array_push($exts, 'vacation');
$action_script .= 'vacation';
@@ -840,6 +881,49 @@ class rcube_sieve_script
// $result[] = array('type' => 'require', 'target' => $tokens);
break;
+ case 'notify':
+ $notify = array('type' => 'notify');
+ $priorities = array(':high' => 1, ':normal' => 2, ':low' => 3);
+
+ // Parameters: :from, :importance, :options, :message
+ // additional (optional) :method parameter for notify extension
+ for ($i=0, $len=count($tokens); $i<$len; $i++) {
+ $tok = strtolower($tokens[$i]);
+ if ($tok[0] == ':') {
+ // Here we support only 00 version of notify draft, there
+ // were a couple regressions in 00 to 04 changelog, we use
+ // the version used by Cyrus
+ if (isset($priorities[$tok])) {
+ $notify['importance'] = $priorities[$tok];
+ }
+ else {
+ $notify[substr($tok, 1)] = $tokens[++$i];
+ }
+ }
+ else {
+ // unnamed parameter is a :method in enotify extension
+ $notify['method'] = $tokens[$i];
+ }
+ }
+
+ $method_components = parse_url($notify['method']);
+ if ($method_components['scheme'] == 'mailto') {
+ $notify['address'] = $method_components['path'];
+ $method_params = array();
+ if (array_key_exists('query', $method_components)) {
+ parse_str($method_components['query'], $method_params);
+ }
+ $method_params = array_change_key_case($method_params, CASE_LOWER);
+ // magic_quotes_gpc and magic_quotes_sybase affect the output of parse_str
+ if (ini_get('magic_quotes_gpc') || ini_get('magic_quotes_sybase')) {
+ array_map('stripslashes', $method_params);
+ }
+ $notify['body'] = (array_key_exists('body', $method_params)) ? $method_params['body'] : '';
+ }
+
+ $result[] = $notify;
+ break;
+
}
if ($separator == $end)
diff --git a/plugins/managesieve/localization/en_GB.inc b/plugins/managesieve/localization/en_GB.inc
index 6859f5fff..f9075b8e0 100644
--- a/plugins/managesieve/localization/en_GB.inc
+++ b/plugins/managesieve/localization/en_GB.inc
@@ -97,6 +97,15 @@ $labels['setvariable'] = 'Set variable';
$labels['setvarname'] = 'Variable name:';
$labels['setvarvalue'] = 'Variable value:';
$labels['setvarmodifiers'] = 'Modifiers:';
+$labels['notify'] = 'Send notification';
+$labels['notifyaddress'] = 'To e-mail address:';
+$labels['notifybody'] = 'Notification body:';
+$labels['notifysubject'] = 'Notification subject:';
+$labels['notifyfrom'] = 'Notification sender:';
+$labels['notifyimportance'] = 'Importance:';
+$labels['notifyimportancelow'] = 'low';
+$labels['notifyimportancenormal'] = 'normal';
+$labels['notifyimportancehigh'] = 'high';
$labels['filtercreate'] = 'Create filter';
$labels['usedata'] = 'Use following data in the filter:';
$labels['nextstep'] = 'Next Step';
diff --git a/plugins/managesieve/localization/en_US.inc b/plugins/managesieve/localization/en_US.inc
index 191291338..cb223c18f 100644
--- a/plugins/managesieve/localization/en_US.inc
+++ b/plugins/managesieve/localization/en_US.inc
@@ -88,6 +88,15 @@ $labels['varlowerfirst'] = 'first character lower-case';
$labels['varupperfirst'] = 'first character upper-case';
$labels['varquotewildcard'] = 'quote special characters';
$labels['varlength'] = 'length';
+$labels['notify'] = 'Send notification';
+$labels['notifyaddress'] = 'To e-mail address:';
+$labels['notifybody'] = 'Notification body:';
+$labels['notifysubject'] = 'Notification subject:';
+$labels['notifyfrom'] = 'Notification sender:';
+$labels['notifyimportance'] = 'Importance:';
+$labels['notifyimportancelow'] = 'low';
+$labels['notifyimportancenormal'] = 'normal';
+$labels['notifyimportancehigh'] = 'high';
$labels['filtercreate'] = 'Create filter';
$labels['usedata'] = 'Use following data in the filter:';
$labels['nextstep'] = 'Next Step';
diff --git a/plugins/managesieve/localization/pl_PL.inc b/plugins/managesieve/localization/pl_PL.inc
index 0b4cb6073..734a4ebcf 100644
--- a/plugins/managesieve/localization/pl_PL.inc
+++ b/plugins/managesieve/localization/pl_PL.inc
@@ -103,6 +103,15 @@ $labels['varlowerfirst'] = 'pierwsza litera mała (:lowerfirst)';
$labels['varupperfirst'] = 'pierwsza litera duża (:upperfirst)';
$labels['varquotewildcard'] = 'anulowane znaki specjalne (:quotewildcard)';
$labels['varlength'] = 'długość (:length)';
+$labels['notify'] = 'Wyślij powiadomienie';
+$labels['notifyaddress'] = 'Na adres e-mail:';
+$labels['notifybody'] = 'Treść powiadomienia:';
+$labels['notifysubject'] = 'Temat powiadomienia:';
+$labels['notifyfrom'] = 'Nadawca powiadomienia:';
+$labels['notifyimportance'] = 'Priorytet:';
+$labels['notifyimportancelow'] = 'niski';
+$labels['notifyimportancenormal'] = 'normalny';
+$labels['notifyimportancehigh'] = 'wysoki';
$labels['filtercreate'] = 'Utwórz filtr';
$labels['usedata'] = 'Użyj następujących danych do utworzenia filtra:';
$labels['nextstep'] = 'Następny krok';
diff --git a/plugins/managesieve/managesieve.js b/plugins/managesieve/managesieve.js
index f447719a2..bbc10793c 100644
--- a/plugins/managesieve/managesieve.js
+++ b/plugins/managesieve/managesieve.js
@@ -639,7 +639,8 @@ function action_type_select(id)
target_area: document.getElementById('action_target_area' + id),
flags: document.getElementById('action_flags' + id),
vacation: document.getElementById('action_vacation' + id),
- set: document.getElementById('action_set' + id)
+ set: document.getElementById('action_set' + id),
+ notify: document.getElementById('action_notify' + id)
};
if (obj.value == 'fileinto' || obj.value == 'fileinto_copy') {
@@ -660,6 +661,9 @@ function action_type_select(id)
else if (obj.value == 'set') {
enabled.set = 1;
}
+ else if (obj.value == 'notify') {
+ enabled.notify = 1;
+ }
for (var x in elems) {
elems[x].style.display = !enabled[x] ? 'none' : 'inline';
diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index e7828f1da..7282ff2e0 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -7,13 +7,13 @@
* It's clickable interface which operates on text scripts and communicates
* with server using managesieve protocol. Adds Filters tab in Settings.
*
- * @version 5.0
+ * @version @package_version@
* @author Aleksander Machniak <alec@alec.pl>
*
* Configuration (see config.inc.php.dist)
*
- * Copyright (C) 2008-2011, The Roundcube Dev Team
- * Copyright (C) 2011, Kolab Systems AG
+ * Copyright (C) 2008-2012, The Roundcube Dev Team
+ * Copyright (C) 2011-2012, Kolab Systems AG
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -62,8 +62,9 @@ class managesieve extends rcube_plugin
"x-beenthere",
);
- const VERSION = '5.2';
+ const VERSION = '5.2';
const PROGNAME = 'Roundcube (Managesieve)';
+ const PORT = 4190;
function init()
@@ -200,10 +201,16 @@ class managesieve extends rcube_plugin
set_include_path($include_path);
$host = rcube_parse_host($this->rc->config->get('managesieve_host', 'localhost'));
- $port = $this->rc->config->get('managesieve_port', 2000);
-
$host = rcube_idn_to_ascii($host);
+ $port = $this->rc->config->get('managesieve_port');
+ if (empty($port)) {
+ $port = getservbyname('sieve', 'tcp');
+ if (empty($port)) {
+ $port = self::PORT;
+ }
+ }
+
$plugin = $this->rc->plugins->exec_hook('managesieve_connect', array(
'user' => $_SESSION['username'],
'password' => $this->rc->decrypt($_SESSION['password']),
@@ -523,9 +530,37 @@ class managesieve extends rcube_plugin
// Init plugin and handle managesieve connection
$error = $this->managesieve_start();
- // filters set add action
- if (!empty($_POST['_newset'])) {
+ // get request size limits (#1488648)
+ $max_post = max(array(
+ ini_get('max_input_vars'),
+ ini_get('suhosin.request.max_vars'),
+ ini_get('suhosin.post.max_vars'),
+ ));
+ $max_depth = max(array(
+ ini_get('suhosin.request.max_array_depth'),
+ ini_get('suhosin.post.max_array_depth'),
+ ));
+ // check request size limit
+ if ($max_post && count($_POST, COUNT_RECURSIVE) >= $max_post) {
+ rcube::raise_error(array(
+ 'code' => 500, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Request size limit exceeded (one of max_input_vars/suhosin.request.max_vars/suhosin.post.max_vars)"
+ ), true, false);
+ $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+ }
+ // check request depth limits
+ else if ($max_depth && count($_POST['_header']) > $max_depth) {
+ rcube::raise_error(array(
+ 'code' => 500, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Request size limit exceeded (one of suhosin.request.max_array_depth/suhosin.post.max_array_depth)"
+ ), true, false);
+ $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+ }
+ // filters set add action
+ else if (!empty($_POST['_newset'])) {
$name = get_input_value('_name', RCUBE_INPUT_POST, true);
$copy = get_input_value('_copy', RCUBE_INPUT_POST, true);
$from = get_input_value('_from', RCUBE_INPUT_POST);
@@ -625,6 +660,11 @@ class managesieve extends rcube_plugin
$varnames = get_input_value('_action_varname', RCUBE_INPUT_POST);
$varvalues = get_input_value('_action_varvalue', RCUBE_INPUT_POST);
$varmods = get_input_value('_action_varmods', RCUBE_INPUT_POST);
+ $notifyaddrs = get_input_value('_action_notifyaddress', RCUBE_INPUT_POST);
+ $notifybodies = get_input_value('_action_notifybody', RCUBE_INPUT_POST);
+ $notifymessages = get_input_value('_action_notifymessage', RCUBE_INPUT_POST);
+ $notifyfrom = get_input_value('_action_notifyfrom', RCUBE_INPUT_POST);
+ $notifyimp = get_input_value('_action_notifyimportance', RCUBE_INPUT_POST);
// we need a "hack" for radiobuttons
foreach ($sizeitems as $item)
@@ -878,6 +918,23 @@ class managesieve extends rcube_plugin
$this->errors['actions'][$i]['value'] = $this->gettext('cannotbeempty');
}
break;
+
+ case 'notify':
+ if (empty($notifyaddrs[$idx])) {
+ $this->errors['actions'][$i]['address'] = $this->gettext('cannotbeempty');
+ }
+ else if (!check_email($notifyaddrs[$idx])) {
+ $this->errors['actions'][$i]['address'] = $this->gettext('noemailwarning');
+ }
+ if (!empty($notifyfrom[$idx]) && !check_email($notifyfrom[$idx])) {
+ $this->errors['actions'][$i]['from'] = $this->gettext('noemailwarning');
+ }
+ $this->form['actions'][$i]['address'] = $notifyaddrs[$idx];
+ $this->form['actions'][$i]['body'] = $notifybodies[$idx];
+ $this->form['actions'][$i]['message'] = $notifymessages[$idx];
+ $this->form['actions'][$i]['from'] = $notifyfrom[$idx];
+ $this->form['actions'][$i]['importance'] = $notifyimp[$idx];
+ break;
}
$this->form['actions'][$i]['type'] = $type;
@@ -1479,6 +1536,9 @@ class managesieve extends rcube_plugin
if (in_array('variables', $this->exts)) {
$select_action->add(Q($this->gettext('setvariable')), 'set');
}
+ if (in_array('enotify', $this->exts) || in_array('notify', $this->exts)) {
+ $select_action->add(Q($this->gettext('notify')), 'notify');
+ }
$select_action->add(Q($this->gettext('rulestop')), 'stop');
$select_type = $action['type'];
@@ -1571,6 +1631,41 @@ class managesieve extends rcube_plugin
}
$out .= '</div>';
+ // notify
+ // skip :options tag - not used by the mailto method
+ $out .= '<div id="action_notify' .$id.'" style="display:' .($action['type']=='notify' ? 'inline' : 'none') .'">';
+ $out .= '<span class="label">' .Q($this->gettext('notifyaddress')) . '</span><br />'
+ .'<input type="text" name="_action_notifyaddress['.$id.']" id="action_notifyaddress'.$id.'" '
+ .'value="' . Q($action['address']) . '" size="35" '
+ . $this->error_class($id, 'action', 'address', 'action_notifyaddress') .' />';
+ $out .= '<br /><span class="label">'. Q($this->gettext('notifybody')) .'</span><br />'
+ .'<textarea name="_action_notifybody['.$id.']" id="action_notifybody' .$id. '" '
+ .'rows="3" cols="35" '. $this->error_class($id, 'action', 'method', 'action_notifybody') . '>'
+ . Q($action['body'], 'strict', false) . "</textarea>\n";
+ $out .= '<br /><span class="label">' .Q($this->gettext('notifysubject')) . '</span><br />'
+ .'<input type="text" name="_action_notifymessage['.$id.']" id="action_notifymessage'.$id.'" '
+ .'value="' . Q($action['message']) . '" size="35" '
+ . $this->error_class($id, 'action', 'message', 'action_notifymessage') .' />';
+ $out .= '<br /><span class="label">' .Q($this->gettext('notifyfrom')) . '</span><br />'
+ .'<input type="text" name="_action_notifyfrom['.$id.']" id="action_notifyfrom'.$id.'" '
+ .'value="' . Q($action['from']) . '" size="35" '
+ . $this->error_class($id, 'action', 'from', 'action_notifyfrom') .' />';
+ $importance_options = array(
+ 3 => 'notifyimportancelow',
+ 2 => 'notifyimportancenormal',
+ 1 => 'notifyimportancehigh'
+ );
+ $select_importance = new html_select(array(
+ 'name' => '_action_notifyimportance[' . $id . ']',
+ 'id' => '_action_notifyimportance' . $id,
+ 'class' => $this->error_class($id, 'action', 'importance', 'action_notifyimportance')));
+ foreach ($importance_options as $io_v => $io_n) {
+ $select_importance->add(Q($this->gettext($io_n)), $io_v);
+ }
+ $out .= '<br /><span class="label">' . Q($this->gettext('notifyimportance')) . '</span><br />';
+ $out .= $select_importance->show($action['importance'] ? $action['importance'] : 2);
+ $out .= '</div>';
+
// mailbox select
if ($action['type'] == 'fileinto')
$mailbox = $this->mod_mailbox($action['target'], 'out');
diff --git a/plugins/managesieve/package.xml b/plugins/managesieve/package.xml
index cde78c9a3..20fec7895 100644
--- a/plugins/managesieve/package.xml
+++ b/plugins/managesieve/package.xml
@@ -17,9 +17,9 @@
<email>alec@alec.pl</email>
<active>yes</active>
</lead>
- <date>2012-06-21</date>
+ <date>2012-07-24</date>
<version>
- <release>5.1</release>
+ <release>5.2</release>
<api>5.0</api>
</version>
<stability>
diff --git a/plugins/managesieve/tests/src/parser_enotify_a b/plugins/managesieve/tests/src/parser_enotify_a
new file mode 100644
index 000000000..68a9ef5cc
--- /dev/null
+++ b/plugins/managesieve/tests/src/parser_enotify_a
@@ -0,0 +1,19 @@
+require ["enotify","variables"];
+# rule:[notify1]
+if header :contains "from" "boss@example.org"
+{
+ notify :importance "1" :message "This is probably very important" "mailto:alm@example.com";
+ stop;
+}
+# rule:[subject]
+if header :matches "Subject" "*"
+{
+ set "subject" "${1}";
+}
+# rule:[from notify2]
+if header :matches "From" "*"
+{
+ set "from" "${1}";
+ notify :importance "3" :message "${from}: ${subject}" "mailto:alm@example.com";
+}
+
diff --git a/plugins/managesieve/tests/src/parser_enotify_b b/plugins/managesieve/tests/src/parser_enotify_b
new file mode 100644
index 000000000..8854658f4
--- /dev/null
+++ b/plugins/managesieve/tests/src/parser_enotify_b
@@ -0,0 +1,18 @@
+require ["envelope","variables","enotify"];
+# rule:[from]
+if envelope :all :matches "from" "*"
+{
+ set "env_from" " [really: ${1}]";
+}
+# rule:[subject]
+if header :matches "Subject" "*"
+{
+ set "subject" "${1}";
+}
+# rule:[from notify]
+if address :all :matches "from" "*"
+{
+ set "from_addr" "${1}";
+ notify :message "${from_addr}${env_from}: ${subject}" "mailto:alm@example.com";
+}
+
diff --git a/plugins/managesieve/tests/src/parser_notify_a b/plugins/managesieve/tests/src/parser_notify_a
new file mode 100644
index 000000000..f1a57540e
--- /dev/null
+++ b/plugins/managesieve/tests/src/parser_notify_a
@@ -0,0 +1,18 @@
+require ["notify","variables"];
+# rule:[notify1]
+if header :contains "from" "boss@example.org"
+{
+ notify :low :message "This is probably very important";
+ stop;
+}
+# rule:[subject]
+if header :matches "Subject" "*"
+{
+ set "subject" "${1}";
+}
+# rule:[from notify2]
+if header :matches "From" "*"
+{
+ set "from" "${1}";
+ notify :high :message "${from}: ${subject}" :method "mailto:test@example.org";
+}
diff --git a/plugins/managesieve/tests/src/parser_notify_b b/plugins/managesieve/tests/src/parser_notify_b
new file mode 100644
index 000000000..cf80a9701
--- /dev/null
+++ b/plugins/managesieve/tests/src/parser_notify_b
@@ -0,0 +1,17 @@
+require ["envelope","variables","notify"];
+# rule:[from]
+if envelope :all :matches "from" "*"
+{
+ set "env_from" " [really: ${1}]";
+}
+# rule:[subject]
+if header :matches "Subject" "*"
+{
+ set "subject" "${1}";
+}
+# rule:[from notify]
+if address :all :matches "from" "*"
+{
+ set "from_addr" "${1}";
+ notify :message "${from_addr}${env_from}: ${subject}" :method "sms:1234567890";
+}