From 2e7bd6dab7de8553984d1d31034b34c595cef5ee Mon Sep 17 00:00:00 2001 From: Paweł Słowik Date: Thu, 30 Aug 2012 20:11:44 +0200 Subject: Sieve enotify/notify - GUI --- plugins/managesieve/managesieve.php | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'plugins/managesieve/managesieve.php') diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php index e7828f1da..16c451845 100644 --- a/plugins/managesieve/managesieve.php +++ b/plugins/managesieve/managesieve.php @@ -625,6 +625,10 @@ class managesieve extends rcube_plugin $varnames = get_input_value('_action_varname', RCUBE_INPUT_POST); $varvalues = get_input_value('_action_varvalue', RCUBE_INPUT_POST); $varmods = get_input_value('_action_varmods', RCUBE_INPUT_POST); + $notifyaddrs = get_input_value('_action_notifyaddress', RCUBE_INPUT_POST); + $notifybodies = get_input_value('_action_notifybody', RCUBE_INPUT_POST); + $notifymessages = get_input_value('_action_notifymessage', RCUBE_INPUT_POST); + $notifyfrom = get_input_value('_action_notifyfrom', RCUBE_INPUT_POST); // we need a "hack" for radiobuttons foreach ($sizeitems as $item) @@ -878,6 +882,22 @@ class managesieve extends rcube_plugin $this->errors['actions'][$i]['value'] = $this->gettext('cannotbeempty'); } break; + + case 'notify': + if (empty($notifyaddrs[$idx])) { + $this->errors['actions'][$i]['address'] = $this->gettext('cannotbeempty'); + } + else if (!check_email($notifyaddrs[$idx])) { + $this->errors['actions'][$i]['address'] = $this->gettext('noemailwarning'); + } + if (!empty($notifyfrom[$idx]) && !check_email($notifyfrom[$idx])) { + $this->errors['actions'][$i]['from'] = $this->gettext('noemailwarning'); + } + $this->form['actions'][$i]['address'] = $notifyaddrs[$idx]; + $this->form['actions'][$i]['body'] = $notifybodies[$idx]; + $this->form['actions'][$i]['message'] = $notifymessages[$idx]; + $this->form['actions'][$i]['from'] = $notifyfrom[$idx]; + break; } $this->form['actions'][$i]['type'] = $type; @@ -1479,6 +1499,9 @@ class managesieve extends rcube_plugin if (in_array('variables', $this->exts)) { $select_action->add(Q($this->gettext('setvariable')), 'set'); } + if (in_array('enotify', $this->exts)) { + $select_action->add(Q($this->gettext('notify')), 'notify'); + } $select_action->add(Q($this->gettext('rulestop')), 'stop'); $select_type = $action['type']; @@ -1571,6 +1594,27 @@ class managesieve extends rcube_plugin } $out .= ''; + // notify + // skip :options tag - not used by the mailto method + $out .= '
'; + $out .= '' .Q($this->gettext('notifyaddress')) . '
' + .'error_class($id, 'action', 'address', 'action_notifyaddress') .' />'; + $out .= '
'. Q($this->gettext('notifybody')) .'
' + .'\n"; + $out .= '
' .Q($this->gettext('notifysubject')) . '
' + .'error_class($id, 'action', 'message', 'action_notifymessage') .' />'; + $out .= '
' .Q($this->gettext('notifyfrom')) . '
' + .'error_class($id, 'action', 'from', 'action_notifyfrom') .' />'; + $out .= '
'; + // mailbox select if ($action['type'] == 'fileinto') $mailbox = $this->mod_mailbox($action['target'], 'out'); -- cgit v1.2.3 From 3c99599794948686960ee4e340374b0c3a1527b2 Mon Sep 17 00:00:00 2001 From: Paweł Słowik Date: Fri, 14 Sep 2012 14:27:58 +0200 Subject: Sieve enotify/notify: - GUI for importance setting - make tests usable for checking the GUI --- plugins/managesieve/localization/en_GB.inc | 4 ++++ plugins/managesieve/localization/en_US.inc | 4 ++++ plugins/managesieve/localization/pl_PL.inc | 4 ++++ plugins/managesieve/managesieve.php | 16 ++++++++++++++++ plugins/managesieve/tests/src/parser_notify_a | 5 ++++- plugins/managesieve/tests/src/parser_notify_b | 5 ++++- 6 files changed, 36 insertions(+), 2 deletions(-) (limited to 'plugins/managesieve/managesieve.php') diff --git a/plugins/managesieve/localization/en_GB.inc b/plugins/managesieve/localization/en_GB.inc index 7b02c8218..f9075b8e0 100644 --- a/plugins/managesieve/localization/en_GB.inc +++ b/plugins/managesieve/localization/en_GB.inc @@ -102,6 +102,10 @@ $labels['notifyaddress'] = 'To e-mail address:'; $labels['notifybody'] = 'Notification body:'; $labels['notifysubject'] = 'Notification subject:'; $labels['notifyfrom'] = 'Notification sender:'; +$labels['notifyimportance'] = 'Importance:'; +$labels['notifyimportancelow'] = 'low'; +$labels['notifyimportancenormal'] = 'normal'; +$labels['notifyimportancehigh'] = 'high'; $labels['filtercreate'] = 'Create filter'; $labels['usedata'] = 'Use following data in the filter:'; $labels['nextstep'] = 'Next Step'; diff --git a/plugins/managesieve/localization/en_US.inc b/plugins/managesieve/localization/en_US.inc index bcef9139e..cb223c18f 100644 --- a/plugins/managesieve/localization/en_US.inc +++ b/plugins/managesieve/localization/en_US.inc @@ -93,6 +93,10 @@ $labels['notifyaddress'] = 'To e-mail address:'; $labels['notifybody'] = 'Notification body:'; $labels['notifysubject'] = 'Notification subject:'; $labels['notifyfrom'] = 'Notification sender:'; +$labels['notifyimportance'] = 'Importance:'; +$labels['notifyimportancelow'] = 'low'; +$labels['notifyimportancenormal'] = 'normal'; +$labels['notifyimportancehigh'] = 'high'; $labels['filtercreate'] = 'Create filter'; $labels['usedata'] = 'Use following data in the filter:'; $labels['nextstep'] = 'Next Step'; diff --git a/plugins/managesieve/localization/pl_PL.inc b/plugins/managesieve/localization/pl_PL.inc index 5b51900e6..734a4ebcf 100644 --- a/plugins/managesieve/localization/pl_PL.inc +++ b/plugins/managesieve/localization/pl_PL.inc @@ -108,6 +108,10 @@ $labels['notifyaddress'] = 'Na adres e-mail:'; $labels['notifybody'] = 'Treść powiadomienia:'; $labels['notifysubject'] = 'Temat powiadomienia:'; $labels['notifyfrom'] = 'Nadawca powiadomienia:'; +$labels['notifyimportance'] = 'Priorytet:'; +$labels['notifyimportancelow'] = 'niski'; +$labels['notifyimportancenormal'] = 'normalny'; +$labels['notifyimportancehigh'] = 'wysoki'; $labels['filtercreate'] = 'Utwórz filtr'; $labels['usedata'] = 'Użyj następujących danych do utworzenia filtra:'; $labels['nextstep'] = 'Następny krok'; diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php index 16c451845..e3033016b 100644 --- a/plugins/managesieve/managesieve.php +++ b/plugins/managesieve/managesieve.php @@ -629,6 +629,7 @@ class managesieve extends rcube_plugin $notifybodies = get_input_value('_action_notifybody', RCUBE_INPUT_POST); $notifymessages = get_input_value('_action_notifymessage', RCUBE_INPUT_POST); $notifyfrom = get_input_value('_action_notifyfrom', RCUBE_INPUT_POST); + $notifyimp = get_input_value('_action_notifyimportance', RCUBE_INPUT_POST); // we need a "hack" for radiobuttons foreach ($sizeitems as $item) @@ -897,6 +898,7 @@ class managesieve extends rcube_plugin $this->form['actions'][$i]['body'] = $notifybodies[$idx]; $this->form['actions'][$i]['message'] = $notifymessages[$idx]; $this->form['actions'][$i]['from'] = $notifyfrom[$idx]; + $this->form['actions'][$i]['importance'] = $notifyimp[$idx]; break; } @@ -1613,6 +1615,20 @@ class managesieve extends rcube_plugin .'error_class($id, 'action', 'from', 'action_notifyfrom') .' />'; + $importance_options = array( + 3 => 'notifyimportancelow', + 2 => 'notifyimportancenormal', + 1 => 'notifyimportancehigh' + ); + $select_importance = new html_select(array( + 'name' => '_action_notifyimportance[' . $id . ']', + 'id' => '_action_notifyimportance' . $id, + 'class' => $this->error_class($id, 'action', 'importance', 'action_notifyimportance'))); + foreach ($importance_options as $io_v => $io_n) { + $select_importance->add(Q($this->gettext($io_n)), $io_v); + } + $out .= '
' . Q($this->gettext('notifyimportance')) . '
'; + $out .= $select_importance->show(array(intval($action['importance']))); $out .= ''; // mailbox select diff --git a/plugins/managesieve/tests/src/parser_notify_a b/plugins/managesieve/tests/src/parser_notify_a index 324805ad4..68a9ef5cc 100644 --- a/plugins/managesieve/tests/src/parser_notify_a +++ b/plugins/managesieve/tests/src/parser_notify_a @@ -1,16 +1,19 @@ require ["enotify","variables"]; +# rule:[notify1] if header :contains "from" "boss@example.org" { notify :importance "1" :message "This is probably very important" "mailto:alm@example.com"; stop; } +# rule:[subject] if header :matches "Subject" "*" { set "subject" "${1}"; } +# rule:[from notify2] if header :matches "From" "*" { set "from" "${1}"; + notify :importance "3" :message "${from}: ${subject}" "mailto:alm@example.com"; } -notify :importance "3" :message "${from}: ${subject}" "mailto:alm@example.com"; diff --git a/plugins/managesieve/tests/src/parser_notify_b b/plugins/managesieve/tests/src/parser_notify_b index 537898567..8854658f4 100644 --- a/plugins/managesieve/tests/src/parser_notify_b +++ b/plugins/managesieve/tests/src/parser_notify_b @@ -1,15 +1,18 @@ require ["envelope","variables","enotify"]; +# rule:[from] if envelope :all :matches "from" "*" { set "env_from" " [really: ${1}]"; } +# rule:[subject] if header :matches "Subject" "*" { set "subject" "${1}"; } +# rule:[from notify] if address :all :matches "from" "*" { set "from_addr" "${1}"; + notify :message "${from_addr}${env_from}: ${subject}" "mailto:alm@example.com"; } -notify :message "${from_addr}${env_from}: ${subject}" "mailto:alm@example.com"; -- cgit v1.2.3 From 270da4b87b3601b558d37721aae9e4816359aca5 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Thu, 20 Sep 2012 12:39:52 +0200 Subject: Enable notify action for notify extension --- plugins/managesieve/managesieve.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/managesieve/managesieve.php') diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php index e3033016b..055e1b4cb 100644 --- a/plugins/managesieve/managesieve.php +++ b/plugins/managesieve/managesieve.php @@ -1501,7 +1501,7 @@ class managesieve extends rcube_plugin if (in_array('variables', $this->exts)) { $select_action->add(Q($this->gettext('setvariable')), 'set'); } - if (in_array('enotify', $this->exts)) { + if (in_array('enotify', $this->exts) || in_array('notify', $this->exts)) { $select_action->add(Q($this->gettext('notify')), 'notify'); } $select_action->add(Q($this->gettext('rulestop')), 'stop'); -- cgit v1.2.3 From b41cd7cc37159ee69c96202faa84eb8a86eb379e Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Thu, 20 Sep 2012 13:17:24 +0200 Subject: Set default importance to normal --- plugins/managesieve/managesieve.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/managesieve/managesieve.php') diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php index 055e1b4cb..ccfc95076 100644 --- a/plugins/managesieve/managesieve.php +++ b/plugins/managesieve/managesieve.php @@ -1628,7 +1628,7 @@ class managesieve extends rcube_plugin $select_importance->add(Q($this->gettext($io_n)), $io_v); } $out .= '
' . Q($this->gettext('notifyimportance')) . '
'; - $out .= $select_importance->show(array(intval($action['importance']))); + $out .= $select_importance->show($action['importance'] ? $action['importance'] : 2); $out .= ''; // mailbox select -- cgit v1.2.3 From e695162ef76054050e4181e4d28f28cf1981386b Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Fri, 21 Sep 2012 20:57:53 +0200 Subject: Change default port to 4190 (IANA-allocated), add port auto-detection (#1488713) --- plugins/managesieve/Changelog | 1 + plugins/managesieve/config.inc.php.dist | 5 +++-- plugins/managesieve/managesieve.php | 19 +++++++++++++------ 3 files changed, 17 insertions(+), 8 deletions(-) (limited to 'plugins/managesieve/managesieve.php') diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog index 6fcd17a95..a1dd7e0ca 100644 --- a/plugins/managesieve/Changelog +++ b/plugins/managesieve/Changelog @@ -1,5 +1,6 @@ - Fixed issue with DBMail bug [http://pear.php.net/bugs/bug.php?id=19077] (#1488594) - Added support for enotify/notify (RFC5435, RFC5436, draft-ietf-sieve-notify-00) +- Change default port to 4190 (IANA-allocated), add port auto-detection (#1488713) * version 5.2 [2012-07-24] ----------------------------------------------------------- diff --git a/plugins/managesieve/config.inc.php.dist b/plugins/managesieve/config.inc.php.dist index cb9b2a97f..1f34564c5 100644 --- a/plugins/managesieve/config.inc.php.dist +++ b/plugins/managesieve/config.inc.php.dist @@ -1,7 +1,8 @@ * * Configuration (see config.inc.php.dist) * - * Copyright (C) 2008-2011, The Roundcube Dev Team - * Copyright (C) 2011, Kolab Systems AG + * Copyright (C) 2008-2012, The Roundcube Dev Team + * Copyright (C) 2011-2012, Kolab Systems AG * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -62,8 +62,9 @@ class managesieve extends rcube_plugin "x-beenthere", ); - const VERSION = '5.2'; + const VERSION = '5.2'; const PROGNAME = 'Roundcube (Managesieve)'; + const PORT = 4190; function init() @@ -200,10 +201,16 @@ class managesieve extends rcube_plugin set_include_path($include_path); $host = rcube_parse_host($this->rc->config->get('managesieve_host', 'localhost')); - $port = $this->rc->config->get('managesieve_port', 2000); - $host = rcube_idn_to_ascii($host); + $port = $this->rc->config->get('managesieve_port'); + if (empty($port)) { + $port = getservbyname('sieve', 'tcp'); + if (empty($port)) { + $port = self::PORT; + } + } + $plugin = $this->rc->plugins->exec_hook('managesieve_connect', array( 'user' => $_SESSION['username'], 'password' => $this->rc->decrypt($_SESSION['password']), -- cgit v1.2.3 From 30f10bfe1685c18fa43f64603e1989355dc9b665 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Mon, 24 Sep 2012 10:03:34 +0200 Subject: Added request size limits detection and script corruption prevention (#1488648) --- plugins/managesieve/Changelog | 1 + plugins/managesieve/managesieve.php | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) (limited to 'plugins/managesieve/managesieve.php') diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog index a1dd7e0ca..c0428c4fc 100644 --- a/plugins/managesieve/Changelog +++ b/plugins/managesieve/Changelog @@ -1,6 +1,7 @@ - Fixed issue with DBMail bug [http://pear.php.net/bugs/bug.php?id=19077] (#1488594) - Added support for enotify/notify (RFC5435, RFC5436, draft-ietf-sieve-notify-00) - Change default port to 4190 (IANA-allocated), add port auto-detection (#1488713) +- Added request size limits detection and script corruption prevention (#1488648) * version 5.2 [2012-07-24] ----------------------------------------------------------- diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php index 0ddeba542..7282ff2e0 100644 --- a/plugins/managesieve/managesieve.php +++ b/plugins/managesieve/managesieve.php @@ -530,9 +530,37 @@ class managesieve extends rcube_plugin // Init plugin and handle managesieve connection $error = $this->managesieve_start(); - // filters set add action - if (!empty($_POST['_newset'])) { + // get request size limits (#1488648) + $max_post = max(array( + ini_get('max_input_vars'), + ini_get('suhosin.request.max_vars'), + ini_get('suhosin.post.max_vars'), + )); + $max_depth = max(array( + ini_get('suhosin.request.max_array_depth'), + ini_get('suhosin.post.max_array_depth'), + )); + // check request size limit + if ($max_post && count($_POST, COUNT_RECURSIVE) >= $max_post) { + rcube::raise_error(array( + 'code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Request size limit exceeded (one of max_input_vars/suhosin.request.max_vars/suhosin.post.max_vars)" + ), true, false); + $this->rc->output->show_message('managesieve.filtersaveerror', 'error'); + } + // check request depth limits + else if ($max_depth && count($_POST['_header']) > $max_depth) { + rcube::raise_error(array( + 'code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Request size limit exceeded (one of suhosin.request.max_array_depth/suhosin.post.max_array_depth)" + ), true, false); + $this->rc->output->show_message('managesieve.filtersaveerror', 'error'); + } + // filters set add action + else if (!empty($_POST['_newset'])) { $name = get_input_value('_name', RCUBE_INPUT_POST, true); $copy = get_input_value('_copy', RCUBE_INPUT_POST, true); $from = get_input_value('_from', RCUBE_INPUT_POST); -- cgit v1.2.3