diff options
Diffstat (limited to 'program/include/rcmail.php')
-rw-r--r-- | program/include/rcmail.php | 393 |
1 files changed, 274 insertions, 119 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 0483f0e18..c9350bdd9 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -51,7 +51,6 @@ class rcmail extends rcube */ public $action = ''; public $comm_path = './'; - public $filename = ''; private $address_books = array(); private $action_map = array(); @@ -66,13 +65,12 @@ class rcmail extends rcube /** * This implements the 'singleton' design pattern * - * @param string Environment name to run (e.g. live, dev, test) * @return rcmail The one and only instance */ - static function get_instance($env = '') + static function get_instance() { if (!self::$instance || !is_a(self::$instance, 'rcmail')) { - self::$instance = new rcmail($env); + self::$instance = new rcmail(); self::$instance->startup(); // init AFTER object was linked with self::$instance } @@ -88,10 +86,6 @@ class rcmail extends rcube { $this->init(self::INIT_WITH_DB | self::INIT_WITH_PLUGINS); - // set filename if not index.php - if (($basename = basename($_SERVER['SCRIPT_FILENAME'])) && $basename != 'index.php') - $this->filename = $basename; - // start session $this->session_init(); @@ -132,7 +126,7 @@ class rcmail extends rcube */ public function set_task($task) { - $task = asciiwords($task, true); + $task = asciiwords($task); if ($this->user && $this->user->ID) $task = !$task ? 'mail' : $task; @@ -168,7 +162,7 @@ class rcmail extends rcube setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8'); // workaround for http://bugs.php.net/bug.php?id=18556 - if (version_compare(PHP_VERSION, '5.5.0', '<') && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) { + if (in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) { setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8'); } } @@ -289,13 +283,13 @@ class rcmail extends rcube */ public function get_address_sources($writeable = false, $skip_hidden = false) { - $abook_type = (string) $this->config->get('address_book_type'); - $ldap_config = (array) $this->config->get('ldap_public'); + $abook_type = strtolower($this->config->get('address_book_type')); + $ldap_config = $this->config->get('ldap_public'); $autocomplete = (array) $this->config->get('autocomplete_addressbooks'); - $list = array(); + $list = array(); // We are using the DB address book or a plugin address book - if (!empty($abook_type) && strtolower($abook_type) != 'ldap') { + if ($abook_type != 'ldap' && $abook_type != '') { if (!isset($this->address_books['0'])) $this->address_books['0'] = new rcube_contacts($this->db, $this->get_user_id()); $list['0'] = array( @@ -308,7 +302,8 @@ class rcmail extends rcube ); } - if (!empty($ldap_config)) { + if ($ldap_config) { + $ldap_config = (array) $ldap_config; foreach ($ldap_config as $id => $prop) { // handle misconfiguration if (empty($prop) || !is_array($prop)) { @@ -317,7 +312,7 @@ class rcmail extends rcube $list[$id] = array( 'id' => $id, 'name' => html::quote($prop['name']), - 'groups' => !empty($prop['groups']) || !empty($prop['group_filters']), + 'groups' => is_array($prop['groups']), 'readonly' => !$prop['writable'], 'hidden' => $prop['hidden'], 'autocomplete' => in_array($id, $autocomplete) @@ -481,22 +476,15 @@ class rcmail extends rcube $port = $config['default_port']; } - // Check if we need to add/force domain to username - if (!empty($config['username_domain'])) { - $domain = is_array($config['username_domain']) ? $config['username_domain'][$host] : $config['username_domain']; - - if ($domain = rcube_utils::parse_host((string)$domain, $host)) { - $pos = strpos($username, '@'); - - // force configured domains - if (!empty($config['username_domain_forced']) && $pos !== false) { - $username = substr($username, 0, $pos) . '@' . $domain; - } - // just add domain if not specified - else if ($pos === false) { - $username .= '@' . $domain; - } - } + /* Modify username with domain if required + Inspired by Marco <P0L0_notspam_binware.org> + */ + // Check if we need to add domain + if (!empty($config['username_domain']) && strpos($username, '@') === false) { + if (is_array($config['username_domain']) && isset($config['username_domain'][$host])) + $username .= '@'.rcube_utils::parse_host($config['username_domain'][$host], $host); + else if (is_string($config['username_domain'])) + $username .= '@'.rcube_utils::parse_host($config['username_domain'], $host); } if (!isset($config['login_lc'])) { @@ -631,7 +619,7 @@ class rcmail extends rcube $post_host = rcube_utils::get_input_value('_host', rcube_utils::INPUT_POST); $post_user = rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST); - list(, $domain) = explode('@', $post_user); + list($user, $domain) = explode('@', $post_user); // direct match in default_host array if ($default_host[$post_host] || in_array($post_host, array_values($default_host))) { @@ -735,6 +723,28 @@ class rcmail extends rcube /** + * Create unique authorization hash + * + * @param string Session ID + * @param int Timestamp + * @return string The generated auth hash + */ + private function get_auth_hash($sess_id, $ts) + { + $auth_string = sprintf('rcmail*sess%sR%s*Chk:%s;%s', + $sess_id, + $ts, + $this->config->get('ip_check') ? $_SERVER['REMOTE_ADDR'] : '***.***.***.***', + $_SERVER['HTTP_USER_AGENT']); + + if (function_exists('sha1')) + return sha1($auth_string); + else + return md5($auth_string); + } + + + /** * Build a valid URL to this instance of Roundcube * * @param mixed Either a string with the action or url parameters as key-value pairs @@ -754,7 +764,7 @@ class rcmail extends rcube $p['_task'] = $task; unset($p['task']); - $url = './' . $this->filename; + $url = './'; $delm = '?'; foreach (array_reverse($p) as $key => $val) { if ($val !== '' && $val !== null) { @@ -779,6 +789,11 @@ class rcmail extends rcube $book->close(); } + // before closing the database connection, write session data + if ($_SERVER['REMOTE_ADDR'] && is_object($this->session)) { + session_write_close(); + } + // write performance stats to logs/console if ($this->config->get('devel_mode')) { if (function_exists('memory_get_usage')) @@ -939,6 +954,193 @@ class rcmail extends rcube /** + * Send the given message using the configured method. + * + * @param object $message Reference to Mail_MIME object + * @param string $from Sender address string + * @param array $mailto Array of recipient address strings + * @param array $error SMTP error array (reference) + * @param string $body_file Location of file with saved message body (reference), + * used when delay_file_io is enabled + * @param array $options SMTP options (e.g. DSN request) + * + * @return boolean Send status. + */ + public function deliver_message(&$message, $from, $mailto, &$error, &$body_file = null, $options = null) + { + $plugin = $this->plugins->exec_hook('message_before_send', array( + 'message' => $message, + 'from' => $from, + 'mailto' => $mailto, + 'options' => $options, + )); + + if ($plugin['abort']) { + return isset($plugin['result']) ? $plugin['result'] : false; + } + + $from = $plugin['from']; + $mailto = $plugin['mailto']; + $options = $plugin['options']; + $message = $plugin['message']; + $headers = $message->headers(); + + // send thru SMTP server using custom SMTP library + if ($this->config->get('smtp_server')) { + // generate list of recipients + $a_recipients = array($mailto); + + if (strlen($headers['Cc'])) + $a_recipients[] = $headers['Cc']; + if (strlen($headers['Bcc'])) + $a_recipients[] = $headers['Bcc']; + + // clean Bcc from header for recipients + $send_headers = $headers; + unset($send_headers['Bcc']); + // here too, it because txtHeaders() below use $message->_headers not only $send_headers + unset($message->_headers['Bcc']); + + $smtp_headers = $message->txtHeaders($send_headers, true); + + if ($message->getParam('delay_file_io')) { + // use common temp dir + $temp_dir = $this->config->get('temp_dir'); + $body_file = tempnam($temp_dir, 'rcmMsg'); + if (PEAR::isError($mime_result = $message->saveMessageBody($body_file))) { + self::raise_error(array('code' => 650, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Could not create message: ".$mime_result->getMessage()), + TRUE, FALSE); + return false; + } + $msg_body = fopen($body_file, 'r'); + } + else { + $msg_body = $message->get(); + } + + // send message + if (!is_object($this->smtp)) { + $this->smtp_init(true); + } + + $sent = $this->smtp->send_mail($from, $a_recipients, $smtp_headers, $msg_body, $options); + $response = $this->smtp->get_response(); + $error = $this->smtp->get_error(); + + // log error + if (!$sent) { + self::raise_error(array('code' => 800, 'type' => 'smtp', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "SMTP error: ".join("\n", $response)), TRUE, FALSE); + } + } + // send mail using PHP's mail() function + else { + // unset some headers because they will be added by the mail() function + $headers_enc = $message->headers($headers); + $headers_php = $message->_headers; + unset($headers_php['To'], $headers_php['Subject']); + + // reset stored headers and overwrite + $message->_headers = array(); + $header_str = $message->txtHeaders($headers_php); + + // #1485779 + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + if (preg_match_all('/<([^@]+@[^>]+)>/', $headers_enc['To'], $m)) { + $headers_enc['To'] = implode(', ', $m[1]); + } + } + + $msg_body = $message->get(); + + if (PEAR::isError($msg_body)) { + self::raise_error(array('code' => 650, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Could not create message: ".$msg_body->getMessage()), + TRUE, FALSE); + } + else { + $delim = $this->config->header_delimiter(); + $to = $headers_enc['To']; + $subject = $headers_enc['Subject']; + $header_str = rtrim($header_str); + + if ($delim != "\r\n") { + $header_str = str_replace("\r\n", $delim, $header_str); + $msg_body = str_replace("\r\n", $delim, $msg_body); + $to = str_replace("\r\n", $delim, $to); + $subject = str_replace("\r\n", $delim, $subject); + } + + if (filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN)) + $sent = mail($to, $subject, $msg_body, $header_str); + else + $sent = mail($to, $subject, $msg_body, $header_str, "-f$from"); + } + } + + if ($sent) { + $this->plugins->exec_hook('message_sent', array('headers' => $headers, 'body' => $msg_body)); + + // remove MDN headers after sending + unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']); + + // get all recipients + if ($headers['Cc']) + $mailto .= $headers['Cc']; + if ($headers['Bcc']) + $mailto .= $headers['Bcc']; + if (preg_match_all('/<([^@]+@[^>]+)>/', $mailto, $m)) + $mailto = implode(', ', array_unique($m[1])); + + if ($this->config->get('smtp_log')) { + self::write_log('sendmail', sprintf("User %s [%s]; Message for %s; %s", + $this->user->get_username(), + $_SERVER['REMOTE_ADDR'], + $mailto, + !empty($response) ? join('; ', $response) : '')); + } + } + + if (is_resource($msg_body)) { + fclose($msg_body); + } + + $message->_headers = array(); + $message->headers($headers); + + return $sent; + } + + + /** + * Unique Message-ID generator. + * + * @return string Message-ID + */ + public function gen_message_id() + { + $local_part = md5(uniqid('rcmail'.mt_rand(),true)); + $domain_part = $this->user->get_username('domain'); + + // Try to find FQDN, some spamfilters doesn't like 'localhost' (#1486924) + if (!preg_match('/\.[a-z]+$/i', $domain_part)) { + foreach (array($_SERVER['HTTP_HOST'], $_SERVER['SERVER_NAME']) as $host) { + $host = preg_replace('/:[0-9]+$/', '', $host); + if ($host && preg_match('/\.[a-z]+$/i', $host)) { + $domain_part = $host; + } + } + } + + return sprintf('<%s@%s>', $local_part, $domain_part); + } + + + /** * Returns RFC2822 formatted current date in user's timezone * * @return string Date @@ -961,32 +1163,22 @@ class rcmail extends rcube /** * Write login data (name, ID, IP address) to the 'userlogins' log file. */ - public function log_login($user = null, $failed_login = false, $error_code = 0) + public function log_login() { if (!$this->config->get('log_logins')) { return; } - // failed login - if ($failed_login) { - $message = sprintf('Failed login for %s from %s in session %s (error: %d)', - $user, rcube_utils::remote_ip(), session_id(), $error_code); - } - // successful login - else { - $user_name = $this->get_user_name(); - $user_id = $this->get_user_id(); + $user_name = $this->get_user_name(); + $user_id = $this->get_user_id(); - if (!$user_id) { - return; - } - - $message = sprintf('Successful login for %s (ID: %d) from %s in session %s', - $user_name, $user_id, rcube_utils::remote_ip(), session_id()); + if (!$user_id) { + return; } - // log login - self::write_log('userlogins', $message); + self::write_log('userlogins', + sprintf('Successful login for %s (ID: %d) from %s in session %s', + $user_name, $user_id, rcube_utils::remote_ip(), session_id())); } @@ -1002,7 +1194,7 @@ class rcmail extends rcube */ public function table_output($attrib, $table_data, $a_show_cols, $id_col) { - $table = new html_table($attrib); + $table = new html_table(/*array('cols' => count($a_show_cols))*/); // add table header if (!$attrib['noheader']) { @@ -1243,7 +1435,6 @@ class rcmail extends rcube $js_mailboxlist = array(); $out = html::tag('ul', $attrib, $rcmail->render_folder_tree_html($a_mailboxes, $mbox_name, $js_mailboxlist, $attrib), html::$common_attrib); - $rcmail->output->include_script('treelist.js'); $rcmail->output->add_gui_object('mailboxlist', $attrib['id']); $rcmail->output->set_env('mailboxes', $js_mailboxlist); $rcmail->output->set_env('unreadwrap', $attrib['unreadwrap']); @@ -1365,10 +1556,9 @@ class rcmail extends rcube $realnames = (bool)$attrib['realnames']; $msgcounts = $this->storage->get_cache('messagecount'); $collapsed = $this->config->get('collapsed_folders'); - $realnames = $this->config->get('show_real_foldernames'); $out = ''; - foreach ($arrFolders as $folder) { + foreach ($arrFolders as $key => $folder) { $title = null; $folder_class = $this->folder_classname($folder['id']); $is_collapsed = strpos($collapsed, '&'.rawurlencode($folder['id']).'&') !== false; @@ -1423,13 +1613,14 @@ class rcmail extends rcube 'id' => "rcmli".$folder_id, 'class' => join(' ', $classes), 'noclose' => true), - html::a($link_attrib, $html_name)); - - if (!empty($folder['folders'])) { - $out .= html::div('treetoggle ' . ($is_collapsed ? 'collapsed' : 'expanded'), ' '); - } - - $jslist[$folder['id']] = array( + html::a($link_attrib, $html_name) . + (!empty($folder['folders']) ? html::div(array( + 'class' => ($is_collapsed ? 'collapsed' : 'expanded'), + 'style' => "position:absolute", + 'onclick' => sprintf("%s.command('collapse-folder', '%s')", rcmail_output::JS_OBJECT_NAME, $js_name) + ), ' ') : '')); + + $jslist[$folder_id] = array( 'id' => $folder['id'], 'name' => $foldername, 'virtual' => $folder['virtual'] @@ -1454,7 +1645,7 @@ class rcmail extends rcube { $out = ''; - foreach ($arrFolders as $folder) { + foreach ($arrFolders as $key => $folder) { // skip exceptions (and its subfolders) if (!empty($opts['exceptions']) && in_array($folder['id'], $opts['exceptions'])) { continue; @@ -1515,38 +1706,18 @@ class rcmail extends rcube * Try to localize the given IMAP folder name. * UTF-7 decode it in case no localized text was found * - * @param string $name Folder name - * @param bool $with_path Enable path localization + * @param string $name Folder name * * @return string Localized folder name in UTF-8 encoding */ - public function localize_foldername($name, $with_path = true) + public function localize_foldername($name) { - $realnames = $this->config->get('show_real_foldernames'); - - // try to localize path of the folder - if ($with_path && !$realnames) { - $storage = $this->get_storage(); - $delimiter = $storage->get_hierarchy_delimiter(); - $path = explode($delimiter, $name); - $count = count($path); - - if ($count > 1) { - for ($i = 0; $i < $count; $i++) { - $folder = implode($delimiter, array_slice($path, 0, -$i)); - if ($folder_class = $this->folder_classname($folder)) { - $name = implode($delimiter, array_slice($path, $count - $i)); - return $this->gettext($folder_class) . $delimiter . rcube_charset::convert($name, 'UTF7-IMAP'); - } - } - } - } - - if (!$realnames && ($folder_class = $this->folder_classname($name))) { + if ($folder_class = $this->folder_classname($name)) { return $this->gettext($folder_class); } - - return rcube_charset::convert($name, 'UTF7-IMAP'); + else { + return rcube_charset::convert($name, 'UTF7-IMAP'); + } } @@ -1601,7 +1772,11 @@ class rcmail extends rcube $quota_result = (array) $quota; $quota_result['type'] = isset($_SESSION['quota_display']) ? $_SESSION['quota_display'] : ''; - if ($quota['total'] > 0) { + if (!$quota['total'] && $this->config->get('quota_zero_as_unlimited')) { + $quota_result['title'] = $this->gettext('unlimited'); + $quota_result['percent'] = 0; + } + else if ($quota['total']) { if (!isset($quota['percent'])) { $quota_result['percent'] = min(100, round(($quota['used']/max(1,$quota['total']))*100)); } @@ -1620,8 +1795,7 @@ class rcmail extends rcube } } else { - $unlimited = $this->config->get('quota_zero_as_unlimited'); - $quota_result['title'] = $this->gettext($unlimited ? 'unlimited' : 'unknown'); + $quota_result['title'] = $this->gettext('unknown'); $quota_result['percent'] = 0; } @@ -1634,51 +1808,32 @@ class rcmail extends rcube * * @param string $fallback Fallback message label * @param array $fallback_args Fallback message label arguments - * @param string $suffix Message label suffix */ - public function display_server_error($fallback = null, $fallback_args = null, $suffix = '') + public function display_server_error($fallback = null, $fallback_args = null) { $err_code = $this->storage->get_error_code(); $res_code = $this->storage->get_response_code(); - $args = array(); if ($res_code == rcube_storage::NOPERM) { - $error = 'errornoperm'; + $this->output->show_message('errornoperm', 'error'); } else if ($res_code == rcube_storage::READONLY) { - $error = 'errorreadonly'; - } - else if ($res_code == rcube_storage::OVERQUOTA) { - $error = 'errorroverquota'; + $this->output->show_message('errorreadonly', 'error'); } else if ($err_code && ($err_str = $this->storage->get_error_str())) { // try to detect access rights problem and display appropriate message if (stripos($err_str, 'Permission denied') !== false) { - $error = 'errornoperm'; - } - // try to detect full mailbox problem and display appropriate message - // there can be e.g. "Quota exceeded" or "quotum would exceed" - else if (stripos($err_str, 'quot') !== false && stripos($err_str, 'exceed') !== false) { - $error = 'erroroverquota'; + $this->output->show_message('errornoperm', 'error'); } else { - $error = 'servererrormsg'; - $args = array('msg' => $err_str); + $this->output->show_message('servererrormsg', 'error', array('msg' => $err_str)); } } else if ($err_code < 0) { - $error = 'storageerror'; + $this->output->show_message('storageerror', 'error'); } else if ($fallback) { - $error = $fallback; - $args = $fallback_args; - } - - if ($error) { - if ($suffix && $this->text_exists($error . $suffix)) { - $error .= $suffix; - } - $this->output->show_message($error, 'error', $args); + $this->output->show_message($fallback, 'error', $fallback_args); } } |