Page MenuHomePhorge
Files F225063

No OneTemporary
Actions

View Options

diff --git a/CHANGELOG b/CHANGELOG
index c29db7066..0ba685117 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,507 +1,509 @@
CHANGELOG RoundCube Webmail
===========================
+- Added possibility to encrypt received header, option 'http_received_header_encrypt',
+ added some more logic in encrypt/decrypt functions for security
- Fix Answered/Forwarded flag setting for messages in subfolders
- Fix autocomplete problem with capital letters (#1485792)
- Support UUencode content encoding (#1485839)
- Minimize chance of race condition in session handling (#1485659, #1484678)
- Fix session handling on non-session SQL query error (#1485734)
- Fix html editor mode setting when reopening draft message (#1485834)
- Added quick search box menu (#1484304)
- Fix wrong column sort order icons (#1485823)
- Updated TinyMCE to 3.2.3 version
- Fix attachment names encoding when charset isn't specified in attachment part (#1484969)
- Fix message normal priority problem (#1485820)
- Fix autocomplete spinning wheel does not disappear (#1485804)
- Added log_date_format option (#1485709)
- Fix text wrapping in HTML editor after switching from plain text to HTML (#1485521)
- Fix auto-complete function hangs with plus sign (#1485815)
- Fix AJAX requests errors handler (#1485000)
- Speed up message list displaying on IE
- Fix read/write database recognition (#1485811)
- Fix quicksearchbox look in Chrome and Konqueror (#1484841)
- Fix UTF-8 byte-order mark removing (#1485514)
- Fix folders subscribtions on Konqueror (#1484841)
- Fix debug console on Konqueror and Safari
- Fix messagelist focus issue when modifying status of selected messages (#1485807)
- Support STARTTLS in IMAP connection (#1485284)
- Fix DEL key problem in search boxes (#1485528)
- Support several e-mail addresses per user from virtuser_file (#1485678)
- Fix drag&drop with scrolling on IE (#1485786)
- Fix adding signature separator in html mode (#1485350)
- Fix opening attachment marks message as read (#1485803)
- Fix 'temp_dir' does not support relative path under Windows (#1484529)
- Fix "Initialize Database" button missing from installer (#1485802)
- Fix compose window doesn't fit 1024x768 window (#1485396)
- Fix service not available error when pressing back from compose dialog (#1485552)
- Fix using mail() on Windows (#1485779)
- Fix word wrapping in message-part's <PRE>s for printing (#1485787)
- Fix incorrect word wrapping in outgoing plaintext multibyte messages (#1485714)
- Fix double footer in HTML message with embedded images
- Fix TNEF implementation bug (#1485773)
- Fix incorrect row id parsing for LDAP contacts list (#1485784)
- Fix 'mode' parameter in sqlite DSN (#1485772)
RELEASE 0.2.1
------------------
- Use US-ASCII as failover when Unicode searching fails (#1485762)
- Fix errors handling in IMAP command continuations (#1485762)
- Fix FETCH result parsing for servers returning flags at the end of result (#1485763)
- Fix datetime columns defaults in mysql's DDL (#1485641)
- Fix attaching more than nine inline images (#1485759)
- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#1485758)
- Fix mime-type detection using a hard-coded map (#1485311)
- Don't return empty string if charset conversion failed (#1485757)
- Disable concurrent autocomplete query results display (#1485743)
- Fix new lines stripped from message footer (#1485751)
- Fix IE problem with mouse click autocomplete (#1485739)
- Fix html body washing on reply/forward + fix attachments handling (#1485676)
- Fix multiple recipients input parsing (#1485733)
- Fix replying to message with html attachment (#1485676)
- Use default_charset for messages without specified charset (#1485661, #1484961)
- Support non-standard "GMT-XXXX" literal in date header (#1485729)
- Added TNEF support to decode MS Outlook attachments (winmail.dat)
- Fix "value continuation" MIME headers by adding required semicolon (#1485727)
- Fix pressing select all/unread multiple times (#1485723)
- Fix selecting all unread does not honor new messages (#1485724)
- Fix some base64 encoded attachments handling (#1485725)
- Support NGINX as IMAP backend: better BAD response handling (#1485720)
- Performance fix: don't fetch attachment parts headers twice to parse filename
- Fix checking for recent messages on various IMAP servers (#1485702)
- Performance fix: Don't fetch quota and recent messages in "message view" mode
- Fix displaying of alternative-inside-alternative messages (#1485713)
- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#1485706)
- Fix creation of folders with '&' sign in name
- Fix parsing of email addresses without angle brackets (#1485693)
- Save spellcheck corrections when switching from plain to html editor (and spellchecking is on)
- Fix large search results on server without SORT capability (#1485668)
- Get rid of preg_replace() with eval modifier and create_function usage (#1485686)
- Bring back <base> and <link> tags in HTML messages
- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
- Fix problems with backslash as IMAP hierarchy delimiter (#1484467)
- Secure vcard export by getting rid of preg's 'e' modifier use (#1485689)
- Fix authentication when submitting form with existing session (#1485679)
- Allow absolute URLs to images in HTML messages/sigs (#1485666)
- Fix message body which contains both inline attachments and emotions
- Fix SQL query execution errors handling in rcube_mdb2 class (#1485509)
- Fix address names with '@' sign handling (#1485654)
- Improve messages display performance
- Fix messages searching with 'to:' modifier
RELEASE 0.2-STABLE
------------------
- Fix mark popup in IE 7 (#1485369)
- Fix line-break issue when copy & paste in Firefox (#1485425)
- Fix autocomplete "unknown server error" (#1485637)
- Fix STARTTLS before AUTH in SMTP connection (#1484883)
- Support multiple quota values in QUOTAROOT resonse (#1485626)
- Only abbreviate file name for IE < 7 browsers (#1485063)
- Performance: allow setting imap rootdir and delimiter before connect (#1485172)
- Fix sorting of folders with more than 2 levels (#1485569)
- Fix search results page jumps in LDAP addressbook (#1485253)
- Fix empty line before the signature in IE (#1485351)
- Fix horizontal scrollbar in preview pane on IE (#1484633)
- Add Robots meta tag in login page and installer (#1484846)
- Added 'show_images' option, removed 'addrbook_show_images' (#1485597)
- Option to check for new mails in all folders (#1484374)
- Don't set client busy when checking for new messages (#1485276)
- Allow UTF-8 folder names in config (#1485579)
- Add junk_mbox option configuration in installer (#1485579)
- Do serverside addressbook queries for autocompletion (#1485531)
- Allow setting attachment col position in 'list_cols' option
- Allow override 'list_cols' via skin (#1485577)
- Fix 'cache' table cleanup on session destroy (#1485516)
- Increase speed of session destroy and garbage clean up
- Fix session timeout when DB server got clock skew (#1485490)
- Fix handling of some malformed messages (#1484438)
- Speed up raw message body handling
- Better HTML entities conversion in html2text (#1485519)
- Fix big memory consumption and speed up searching on servers without SORT capability
- Fix setting locale to tr_TR, ku and az_AZ (#1485470)
- Use SORT for searching on servers with SORT capability
- Added message status filter
- Fix empty file sending (#1485389)
- Improved searching with many criterias (calling one SEARCH command)
- Fix HTML editor initialization on IE (#1485304)
- Add warning when switching editor mode from html to plain (#1485488)
- Make identities list scrollable (#1485538)
- Fix problem with numeric folder names (#1485527)
- Added BYE response simple support to prevent from endless loops in imap.inc (#1483956)
- Fix unread message unintentionally marked as read if read_when_deleted=true (#1485409)
- Remove port number from SERVER_NAME in smtp_helo_host (#1485518)
- Don't send disposition notification receipts for messages marked as 'read' (#1485523)
- Added 'keep_alive' and 'min_keep_alive' options (#1485360)
- Added option 'identities_level', removed 'multiple_identities'
- Allow deleting identities when multiple_identities=false (#1485435)
- Added option focus_on_new_message (#1485374)
- Fix html2text class autoloading on Windows (#1485505)
- Fix html signature formatting when identity save error occured (#1485426)
- Add feedback and set busy when moving folder (#1485497)
- Fix 'Empty' link visibility for some languages e.g. Slovak (#1485489)
- Fix messages count bar overlapping (#1485270)
- Fix adding signature in drafts compose mode (#1485484)
- Fix iil_C_Sort() to support very long and/or divided responses (#1485283)
- Fix matching case sensitivity when setting identity on reply (#1485480)
- Prefer default identity on reply
- Fix imap searching on ISMail server (#1485466)
- Add css class for flagged messages (#1485464)
- Write username instead of id in sendmail log (#1485477)
- Fix htmlspecialchars() use for PHP version < 5.2.3 (#1485475)
- Fix js keywords escaping in json_serialize() for IE/Opera (#1485472)
- Added bin/killcache.php script (#1485434)
- Add support for SJIS, GB2312, BIG5 in rc_detect_encoding()
- Fix vCard file encoding detection for non-UTF-8 strings (#1485410)
- Add 'skip_deleted' option in User Preferences (#1485445)
- Minimize "inline" javascript scripts use (#1485433)
- Fix css class setting for folders with names matching defined classes names (#1485355)
- Fix race conditions when changing mailbox
- Fix spellchecking when switching to html editor (#1485362)
- Fix compose window width/height (#1485396)
- Allow calling msgimport.sh/msgexport.sh from any directory (#1485431)
- Localized filesize units (#1485340)
- Better handling of "no identity" and "no email in identity" situations (#1485117)
- Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1485320)
- Added "advanced options" feature in User Preferences
- Fix unread counter when displaying cached massage in preview panel (#1485290)
- Fix htmleditor spellchecking on MS Windows (#1485397)
- Fix problem with non-ascii attachment names in Mail_mime (#1485267, #1485096)
- Fix language autodetection (#1485401)
- Fix button label in folders management (#1485405)
- Fix collapsed folder not indicating unread msgs count of all subfolders (#1485403)
- Fix handling of apostrophes in filenames decoded according to rfc2231
RELEASE 0.2-BETA
----------------
- Made config files location configurable (#1485215)
- Reduced memory footprint when forwarding attachments (#1485345)
- Allow and use spellcheck attribute for input/textarea fields (#1485060)
- Added icons for forwarded/forwarded+replied messages (#1485257)
- Added Reply-To to forwarded emails (#1485315)
- Display progress message for folders create/delete/rename (#1485357)
- Smart Tags and NOBR tag support in html messages (#1485363, #1485327)
- Redesign of the identities settings (#1484042)
- Add config option to disable creation/deletion of identities (#1484498)
- Added 'sendmail_delay' option to restrict messages sending interval (#1484491)
- Added vertical splitter for folders list resizing
- Added possibility to view all headers in message view
- Fixed splitter drag/resize on Opera (#1485170)
- Fixed quota img height/width setting from template (#1484857)
- Refactor drag & drop functionality. Don't rely on browser events anymore (#1484453)
- Insert "virtual" folders in subscription list (#1484779)
- Added link to open message in new window
- Enable export of address book contacts as vCard
- Add feature to import contacts from vcard files (#1326103)
- Respect Content-Location headers in multipart/related messages according to RFC2110 (#1484946)
- Allowed max. attachment size now indicated in compose screen (#1485030)
- Also capture backspace key in list mode (#1484566)
- Allow application/pgp parts to be displayed (#1484753)
- Correctly handle options in mailto-links (#1485228)
- Immediately save sort_col/sort_order in user prefs (#1485265)
- Truncate very long (above 50 characters) attachment filenames when displaying
- Allow to auto-detect client language if none set (#1484434)
- Auto-detect the client timezone (user configurable)
- Add RFC2231 header value continuations support for attachment filenames + hack for servers that not support that feature
- Fix Reply-To header displaying (#1485314)
- Mark form buttons that provide the most obvious operation (mainaction)
- Added option 'quota_zero_as_unlimited' (#1484604)
- Added PRE handling in html2text class (#1484740)
- Added folder hierarchy collapsing
- Added options to use syslog instead of log file (#1484850)
- Added Logging & Debugging section in Installer
- Fix In-Reply-To and References headers when composing saved draft message (#1485288)
- Fix html message charset conversion for charsets with underline (#1485287)
- Fix buttons status after contacts deletion (#1485233)
- Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1484904)
- Use current mailbox name in template (#1485256)
- Better fix for skipping untagged responses (#1485261)
- Added pspell support patch by Kris Steinhoff (#1483960)
- Enable spellchecker for HTML editor (#1485114)
- Respect spellcheck_uri in tinyMCE spellchecker (#1484196)
- Case insensitive contacts searching using PostgreSQL (#1485259)
- Make default imap folders configurable for each user (#1485075)
- Save outgoing mail to selectable folder (#1324581)
- Fix hiding of mark menu when clicking th button again (#1484944)
- Use long date format in print mode (#1485191)
- Updated TinyMCE to version 3.1.0.1
- Re-enable autocomplete attribute for login form (#1485211)
- Check PERMANENTFLAGS before saving $MDNSent flag (#1484963, #1485163)
- Added flag column on messages list (#1484623)
- Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232)
- Allow trash/junk subfolders to be purged (#1485085)
- Store compose parameters in session and redirect to a unique URL
- Fixed CRAM-MD5 authentication (#1484819)
- Fixed forwarding messages with one HTML attachment (#1484442)
- Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1484914)
- Added option to select skin in user preferences
- Added option to configure displaying of attached images below the message body
- Added option to display images in messages from known senders (#1484601)
- User preferences grouped in more fieldsets
- Fix corrupted MIME headers of messages in Sent folder (#1485111)
- Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124
- Use keypress instead of keydown to select list's row (#1484816)
- Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1485002)
RELEASE 0.2-ALPHA
-----------------
- Added option to disable autocompletion from selected LDAP address books (#1484922)
- TLS support in LDAP connections: 'use_tls' property (#1485104)
- Fixed removing messages from search set after deleting them (#1485106)
- imap.inc: Fixed iil_C_FetchStructureString() to handle many
literal strings in response (#1484969)
- Support for subfolders in default/protected folders (#1484665)
- Disallowed delimiter in folder name (#1484803)
- Support " and \ in folder names
- Escape \ in login (#1484614)
- Better HTML sanitization with the DOM-based washtml script (#1484701)
- Fixed sorting of folders with non-ascii characters
- Fixed Mysql DDL for default identities creation (#1485070)
- In Preferences added possibility to configure 'read_when_deleted',
'mdn_requests', 'flag_for_deletion' options
- Made IMAP auth type configurable (#1483825)
- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1485055)
- Fixed attachment list on IE 6/7 (#1484807)
- Fixed JavaScript in compose.html that shows cc/bcc fields if populated
- Make password input fields of type password in installer (#1484886)
- Don't attempt to delete cache entries if enable_caching is FALSE (#1485051)
- Optimized messages sorting on servers without sort capability (#1485049)
- Corrected message headers decoding when charset isn't specified and improved
support for native languages (#1485050, #1485048)
- Expanded LDAP configuration options to support LDAP server writes.
- Installer: encode special characters in DB username/password (#1485042)
- Fixed management of folders with national characters in names (#1485036, #1485001)
- Fixed identities saving when using MDB2 pgsql driver (#1485032)
- Fixed BCC header reset (#1484997)
- Improved messages list performance - patch from Justin Heesemann
- Append skin_path to images location only when it starts with '/' sign (#1484859)
- Fix IMAP response in message body when message has no body (#1484964)
- Fixed non-RFC dates formatting (#1484901)
- Fixed typo in set_charset() (#1484991)
- Decode entities when inserting HTML signature to plain text message (#1484990)
- HTML editing is now working with PHP5 updates and TinyMCE v3.0.6
- Fixed signature loading on Windows (#1484545)
- Added language support to HTML editing (#1484862)
- Fixed remove signature when replying (#1333167)
- Fixed problem with line with a space at the end (#1484916)
- Fixed <!DOCTYPE> tag filtering (#1484391)
- Fixed <?xml> tag filtering (#1484403)
- Added sections (fieldset+label) in Settings interface
- Mark as read in one action with message preview (#1484972)
- Deleted redundant quota reads (#1484972)
- Added options for empty trash and expunge inbox on logout (#1483863)
- Removed lines wrapping when displaying message
- Fixed month localization
- Changed codebase to PHP5 with autoloader
RELEASE 0.1.1
-------------
- Clear selection when selecting single item (#1484942)
- Remove hard-coded image size in skin templates (#1484893)
- Database schema improvements (dropped unnecessary indexes)
- Fixed creating a new folder with a comma in its name (#1484681)
- Fixed sorting of messages when default mailbox is empty (#1484317)
- Improve message previewpane - less loading (#1484316)
- Fixed login form autoompletion (#1484839)
- Fixed virtuser_query option for mdb2 backend (#1484874)
- Fixed attachment resoting from Drafts when message body was empty (#1484506)
- Fixed usage of ob_gzhandler (#1484851)
- Fixed message part window in IE6 (#1484610)
- Fixed decoding of mime-encoded strings (#1484191)
- Fixed some iconv/mb_string problems (#1484598)
- Correctly quote mailbox name when using in URL (#1484313)
- Fixed "headers already sent" errors (#1484860)
RELEASE 0.1-STABLE
------------------
- Added interactive installer script
- Fix folder adding/renaming inspired by #1484800
- Localize folder name in page title (#1484785)
- Fix code using wrong variable name (#1484018)
- Allow to send mail with BCC recipients only
- condense TinyMCE toolbar down to one line, removing table buttons (#1484747)
- Add function to mark the selected messages as read/unread (#1457360)
- Also do charset decoding as suggested in RFC 2231 (fix #1484321)
- Show message count in folder list and hint when creating a subfolder
- Distinguish ssl and tls for imap connections (#1484667)
- Added some charset aliases to fix typical mis-labelling (#1484565)
- Remember decision to display images for a certain message during session (#1484754)
- Truncate attachment filenames to 55 characters due to an IE bug (#1484757)
- Make sending of read receipts configurable
- Respect config when localize folder names (#1484707)
- Also respect receipt and priority settings when re-opening a draft message
- Remember search results (closes #1483883), patch by the_glu
- Add Received header on outgoing mail
- Upgrade to TinyMCE 2.1.3
- Allow inserting image attachments into HTML messages while composing (#1484557)
- Implement Message-Disposition-Notification (Receipts)
- Fix overriding of session vars when register_globals is on (#1484670)
- Fix bug with case-sensitive folder names (#1484245)
- Don't create default folders by default
- Fixed some potential security risks (audited by Andris)
- Only show new messages if they match the current search (#1484176)
- Switch to/from when searcing in Sent folder (#1484555)
- Correctly read the References header (#1484646)
- Unset old cookie before sending a new value (#1484639)
- Correctly decode attachments when downloading them (#1484645 and #1484642)
- Suppress IE errors when clearing attachments form (#1484356)
- Log error when login fails due to auto_create_user turned off
- Filter linked/imported CSS files (closes #1484056)
- Improve message compose screen (closes #1484383)
- Select next row after removing one from list (#1484387)
RELEASE 0.1-RC2
---------------
- Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#1457344)
- Suppress IE errors when clearing attachments form (#1484356)
- Set preferences field in user table to NULL (#1484386)
- Log error when login fails due to auto_create_user turned off
- Filter linked/imported CSS files (closes #1484056)
- Improve message compose screen (closes #1484383)
- Select next row after removing one from list (#1484387)
- Make smtp HELO/EHLO hostname configurable (#1484067)
- IPv6 Compatability (#1484322), Patch #1484373
- Unlock interface when message sending fails (#1484570)
- Eval PHP code in template includes (if configured)
- Show message when folder is empty. Mo more static text in table (#1484395)
- Only display unread count in page title when new messages arrived
- Fixed wrong delete button tooltip (#1483965)
- Fixed charset encoding bug (#1484429)
- Applied patch for LDAP version (#1484552)
- Improved XHTML validation
- Fix message list selection (#1484550)
- Better fix lowercased usernames (#1484473)
- Update pngbehavior Script as suggested in #1484490
- Fixed moving/deleting messages when more than 1 is selected
- Applied patch for LDAP contacts listing by Glen Ogilvie
- Applied patch for more address fields in LDAP contacts (#1484402)
- Add alternative for getallheaders() (fix #1484508)
- Identify mailboxes case-sensitive
- Sort mailbox list case-insensitive (closes #1484338)
- Fix display of multipart messages from Apple Mail (closes #1484027)
- Protect AJAX request from being fetched by a foreign site (XSS)
- Make autocomplete for loginform configurable by the skin template
- Fix compose function from address book (closes #1484426)
- Added //IGNORE to iconv call (patch #1484420, closes #1484023)
- Check if mbstring supports charset (#1484290 and #1484292)
- Prefer iconv over mbstring (as suggested in #1484292)
- Check filesize of template includes (#1484409)
- Fixed bug with buttons not dimming/enabling properly after switching folders
- Fixed compose window becoming unresponsive after saving a draft (#1484487)
- Re-enabled "Back" button in compose window now that bug #1484487 is fixed
- Fixed unresponsive interface issue when downloading attachments (#1484496)
- Lowered status message time from 5 to 3 seconds to improve responsiveness
- Raised .htaccess upload_max_filesize from 2M to 5M to differ from default php.ini
- Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1484499)
- Fix status message bug #1484464 with regard to #1484353
- Fix address adding bug reported by David Koblas
- Applied socket error patch by Thomas Mangin
- Pass-by-reference workarround for PHP5 in sendmail.inc
- Fixed buggy imap_root settings (closes #1484379)
- Prevent default events on subject links (#1484399)
- Use HTTP-POST requests for actions that change state
RELEASE 0.1-RC1
---------------
- Use global filters and bind username/ for Ldap searches (#1484159)
- Hide quota display if imap server does not support it
- Hide address groups if no LDAP servers configured
- Add link to message subjects (closes #1484257)
- Better SQL query for contact listing/search (closes #1484369)
- Fixed marking as read in preview pane (closes #1484364)
- CSS hack to display attachments correctly in IE6
- Wrap message body text (closes #1484148)
- LDAP access is back in address book (closes #1484087)
- Added search function for contacts
- New Template parsing and output encoding
- Fixed bugs #1484119 and #1483978
- Fixed message moving procedure (closes #1484308)
- Fixed display of multiple attachments (closes #1466563)
- Fixed check for new messages (closes #1484310)
- List attachments without filename
- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable.
Should close bugs #1483951 and #1484299
- Correctly translate mailbox names (closes #1484276)
- Quote e-mail address links (closes #1484300)
- Updated PEAR::Mail_mime package
- Accept single quotes for HTML attributes when modifying message body (thanks Jason)
- Sanitize input for new users/identities (thanks Colin Alston)
- Don't download HTML message parts
- Convert HTML parts to plaintext if 'prefer_html' is off
- Correctly parse message/rfc822 parts (closes #1484045)
- Also use user_id for unique key in messages table (closes #1484074)
- Hide contacts drop down on blur (closes #1484203)
- Make entries in contacts drop down clickable
- Turn off browser autocompletion on login page
- Quote <? in text/html message parts
- Hide border around radio buttons
- Applied patch for attachment download by crichardson (closes #1484198)
- Fixed bug in Postgres DB handling (closes #1484068)
- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #1484280)
- Fixed array_merge bug (closes #1484281)
- Fixed flag for deletion in list view (closes #1484264)
- Finally support semicolons as recipient separator (closes ##1484251)
- Fixed message headers (subject) encoding
- check if safe mode is on or not (closes #1484269)
- Show "no subject" in message list if subject is missing (closes #1484243)
- Solved page caching of message preview (closes #1484153)
- Only use gzip compression if configured (closes #1484236)
- Fixed priority selector issue (#1484150)
- Fixed some CSS issues in default skin (closes #1484210 and #1484161)
- Prevent from double quoting of numeric HTML character references (closes #1484253)
- Fixed display of HTML message attachments (closes #1484178)
- Applied patch for preview caching (closes #1484186)
- Added error handling for attachment uploads
- Use multibyte safe string functions where necessary (closes #1483988)
- Applied security patch to validate the submitted host value (by Kees Cook)
- Applied security patch to validate input values when deleting contacts (by Kees Cook)
- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook)
- Applied a patch to more aggressively sanitize a HTML message
- Visualize blocked images in HTML messages
- Fixed wrong message listing when showing search results (closes #1484131)
- Show remote images when opening HTML message part as attachment
- Improve memory usage when sending mail (closes #1484098)
- Mark messages as read once the preview is loaded (closes #1484132)
- Include smtp final response in log (closes #1484081)
- Corrected date string in sent message header (closes #1484125)
- Correclty choose "To" column in sent and draft mailboxes (closes #1483943)
- Changed srong tooltips for message browse buttons (closes #1483930)
- Fixed signature delimeter character to be standard (Bug #1484035)
- Fixed XSS vulnerability (Bug #1484109)
- Remove newlines from mail headers (Bug #1484031)
- Selection issues when moving/deleting (Bug #1484044)
- Applied patch of Clement Moulin for imap host auto-selection
- ISO-encode IMAP password for plaintext login (Bugs #1483977 & #1483886)
- Fixed folder name encoding in subscription list (Bug #1484113)
- Fixed JS errors in identity list (Bug #1484120)
- Translate foldernames in folder form (closes #1484113)
- Added first and last buttons to message list, address book
and message detail
- Pressing Shift-Del bypasses Trash folder
- Enable purge command for Junk folder
- Fetch all aliases if virtuser_query is used instead
- Re-enabled multi select of contacts (Bug #1484017)
- Enable contact editing right after creation (Bug #1459641)
- Correct UTF-7 to UTF-8 conversion if mbstring is not available
- Fixed IMAP fetch of message body (Bug #1484019)
- Fixed safe_mode problems (Bug #1418381)
- Fixed wrong header encoding (Bug #1483976)
- Made automatic draft saving configurable
- Fixed JS bug when renaming folders (Bug #1483989)
- Added quota display as image (by Brett Patterson)
- Corrected creation of a message-id
- New indentation for quoted message text
- Improved HTML validity
- Fixed URL character set (Ticket #1445501)
- Fixed saving of contact into MySQL from LDAP query results (Ticket #1483820)
- Fixed folder renaming: unsubscribe before rename (Bug #1483920)
- Finalized new message parsing (+ chaching)
- Fixed wrong usage of mbstring (Bug #1462439)
- Set default spelling language (Ticket #1483938)
- Added support for Nox Spell Server
- Re-built message parsing (Bug #1327068)
Now based on the message structure delivered by the IMAP server.
- Fixed some XSS and SQL injection issues
- Fixed charset problems with folder renaming
diff --git a/bin/decrypt.php b/bin/decrypt.php
new file mode 100644
index 000000000..6c6c4424f
--- /dev/null
+++ b/bin/decrypt.php
@@ -0,0 +1,75 @@
+#!/usr/bin/env php
+<?php
+/*
+
+ +-----------------------------------------------------------------------+
+ | bin/decrypt.php |
+ | |
+ | This file is part of the RoundCube Webmail client |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
+ | Licensed under the GNU GPL |
+ | |
+ | PURPOSE: |
+ | Decrypt the encrypted parts of the HTTP Received: headers |
+ | |
+ +-----------------------------------------------------------------------+
+ | Author: Tomas Tevesz <ice@extreme.hu> |
+ +-----------------------------------------------------------------------+
+
+ $Id$
+*/
+
+/*-
+ * If http_received_header_encrypt is configured, the IP address and the
+ * host name of the added Received: header is encrypted with 3DES, to
+ * protect information that some could consider sensitve, yet their
+ * availability is a must in some circumstances.
+ *
+ * Such an encrypted Received: header might look like:
+ *
+ * Received: from DzgkvJBO5+bw+oje5JACeNIa/uSI4mRw2cy5YoPBba73eyBmjtyHnQ==
+ * [my0nUbjZXKtl7KVBZcsvWOxxtyVFxza4]
+ * with HTTP/1.1 (POST); Thu, 14 May 2009 19:17:28 +0200
+ *
+ * In this example, the two encrypted components are the sender host name
+ * (DzgkvJBO5+bw+oje5JACeNIa/uSI4mRw2cy5YoPBba73eyBmjtyHnQ==) and the IP
+ * address (my0nUbjZXKtl7KVBZcsvWOxxtyVFxza4).
+ *
+ * Using this tool, they can be decrypted into plain text:
+ *
+ * $ bin/decrypt_received.php 'my0nUbjZXKtl7KVBZcsvWOxxtyVFxza4' \
+ * > 'DzgkvJBO5+bw+oje5JACeNIa/uSI4mRw2cy5YoPBba73eyBmjtyHnQ=='
+ * 84.3.187.208
+ * 5403BBD0.catv.pool.telekom.hu
+ * $
+ *
+ * Thus it is known that this particular message was sent by 84.3.187.208,
+ * having, at the time of sending, the name of 5403BBD0.catv.pool.telekom.hu.
+ *
+ * If (most likely binary) junk is shown, then
+ * - either the encryption password has, between the time the mail was sent
+ * and `now', changed, or
+ * - you are dealing with counterfeit header data.
+ */
+
+if (php_sapi_name() != 'cli') {
+ die("Not on the 'shell' (php-cli).\n");
+}
+
+define('INSTALL_PATH', realpath(dirname(__FILE__).'/..') . '/');
+require INSTALL_PATH . 'program/include/iniset.php';
+
+$config = new rcube_config();
+if (!$config->get('http_received_header_encrypt')) {
+ die("http_received_header_encrypt is not configured\n");
+}
+
+if ($argc < 2) {
+ die("Usage: " . basename($argv[0]) . " encrypted-hdr-part [encrypted-hdr-part ...]\n");
+}
+
+$RCMAIL = rcmail::get_instance();
+
+for ($i = 1; $i < $argc; $i++) {
+ printf("%s\n", $RCMAIL->decrypt($argv[$i]));
+};
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index e890ef3ba..01416029a 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -1,425 +1,431 @@
<?php
/*
+-----------------------------------------------------------------------+
| Main configuration file |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
+-----------------------------------------------------------------------+
*/
$rcmail_config = array();
// system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace
$rcmail_config['debug_level'] = 1;
// log driver: 'syslog' or 'file'.
$rcmail_config['log_driver'] = 'file';
// date format for log entries
// (read http://php.net/manual/en/function.date.php for all format characters)
$rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
// Syslog ident string to use, if using the 'syslog' log driver.
$rcmail_config['syslog_id'] = 'roundcube';
// Syslog facility to use, if using the 'syslog' log driver.
// For possible values see installer or http://php.net/manual/en/function.openlog.php
$rcmail_config['syslog_facility'] = LOG_USER;
// use this folder to store log files (must be writeable for apache user)
// This is used by the 'file' log driver.
$rcmail_config['log_dir'] = 'logs/';
// use this folder to store temp files (must be writeable for apache user)
$rcmail_config['temp_dir'] = 'temp/';
// use this folder to search for plugin sources
$rcmail_config['plugins_dir'] = 'plugins/';
// List of active plugins. Add the name of a directory found in 'plugins_dir'
$rcmail_config['plugins'] = array();
// enable caching of messages and mailbox data in the local database.
// this is recommended if the IMAP server does not run on the same machine
$rcmail_config['enable_caching'] = TRUE;
// lifetime of message cache
// possible units: s, m, h, d, w
$rcmail_config['message_cache_lifetime'] = '10d';
// automatically create a new RoundCube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
$rcmail_config['auto_create_user'] = TRUE;
// the mail host chosen to perform the log-in
// leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
$rcmail_config['default_host'] = '';
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
// IMAP auth type. Can be "auth" (CRAM-MD5), "plain" (PLAIN) or "check" to auto detect.
// Optional, defaults to "check"
$rcmail_config['imap_auth_type'] = null;
// If you know your imap's root directory and its folder delimiter,
// you can specify them here. Otherwise they will be determined automatically.
$rcmail_config['imap_root'] = null;
$rcmail_config['imap_delimiter'] = null;
// Automatically add this domain to user names for login
// Only for IMAP servers that require full e-mail addresses for login
// Specify an array with 'host' => 'domain' values to support multiple hosts
$rcmail_config['username_domain'] = '';
// This domain will be used to form e-mail addresses of new users
// Specify an array with 'host' => 'domain' values to support multiple hosts
$rcmail_config['mail_domain'] = '';
// Path to a virtuser table file to resolve user names and e-mail addresses
$rcmail_config['virtuser_file'] = '';
// Query to resolve user names and e-mail addresses from the database
// %u will be replaced with the current username for login.
// The query should select the user's e-mail address as first col
$rcmail_config['virtuser_query'] = '';
// use this host for sending mails.
// to use SSL connection, set ssl://smtp.host.com
// if left blank, the PHP mail() function is used
$rcmail_config['smtp_server'] = '';
// SMTP port (default is 25; 465 for SSL)
$rcmail_config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username RoundCube
// will use the current username for login
$rcmail_config['smtp_user'] = '';
// SMTP password (if required) if you use %p as the password RoundCube
// will use the current user's password for login
$rcmail_config['smtp_pass'] = '';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$rcmail_config['smtp_auth_type'] = '';
// SMTP HELO host
// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages
// Leave this blank and you will get the server variable 'server_name' or
// localhost if that isn't defined.
$rcmail_config['smtp_helo_host'] = '';
// Log sent messages
$rcmail_config['smtp_log'] = TRUE;
// How many seconds must pass between emails sent by a user
$rcmail_config['sendmail_delay'] = 0;
// These cols are shown in the message list. Available cols are:
// subject, from, to, cc, replyto, date, size, flag, attachment
$rcmail_config['list_cols'] = array('subject', 'from', 'date', 'size', 'flag', 'attachment');
// Includes should be interpreted as PHP files
$rcmail_config['skin_include_php'] = FALSE;
// Session lifetime in minutes
// must be greater than 'keep_alive'/60
$rcmail_config['session_lifetime'] = 10;
// check client IP in session athorization
$rcmail_config['ip_check'] = false;
// Use an additional frequently changing cookie to athenticate user sessions.
// There have been problems reported with this feature.
$rcmail_config['double_auth'] = false;
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$rcmail_config['language'] = null;
// use this format for short date display
$rcmail_config['date_short'] = 'D H:i';
// use this format for detailed date/time formatting
$rcmail_config['date_long'] = 'd.m.Y H:i';
// use this format for today's date display
$rcmail_config['date_today'] = 'H:i';
// add this user-agent to message headers when sending
$rcmail_config['useragent'] = 'RoundCube Webmail/0.3-beta';
// use this name to compose page titles
$rcmail_config['product_name'] = 'RoundCube Webmail';
// store draft message is this mailbox
// leave blank if draft messages should not be stored
$rcmail_config['drafts_mbox'] = 'Drafts';
// store spam messages in this mailbox
$rcmail_config['junk_mbox'] = 'Junk';
// store sent message is this mailbox
// leave blank if sent messages should not be stored
$rcmail_config['sent_mbox'] = 'Sent';
// move messages to this folder when deleting them
// leave blank if they should be deleted directly
$rcmail_config['trash_mbox'] = 'Trash';
// display these folders separately in the mailbox list.
// these folders will also be displayed with localized names
$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
// automatically create the above listed default folders on login
$rcmail_config['create_default_folders'] = FALSE;
// protect the default folders from renames, deletes, and subscription changes
$rcmail_config['protect_default_folders'] = TRUE;
// if in your system 0 quota means no limit set this option to TRUE
$rcmail_config['quota_zero_as_unlimited'] = FALSE;
// Behavior if a received message requests a message delivery notification (read receipt)
// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask)
$rcmail_config['mdn_requests'] = 0;
// Use this charset as fallback for message decoding
$rcmail_config['default_charset'] = 'ISO-8859-1';
// Make use of the built-in spell checker. It is based on GoogieSpell.
// Since Google only accepts connections over https your PHP installatation
// requires to be compiled with Open SSL support
$rcmail_config['enable_spellcheck'] = TRUE;
// Set the spell checking engine. 'googie' is the default. 'pspell' is also available,
// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here.
$rcmail_config['spellcheck_engine'] = 'googie';
// For a locally installed Nox Spell Server, please specify the URI to call it.
// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72
// Leave empty to use the Google spell checking service, what means
// that the message content will be sent to Google in order to check spelling
$rcmail_config['spellcheck_uri'] = '';
// These languages can be selected for spell checking.
// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch');
// Leave empty for default set of available language.
$rcmail_config['spellcheck_languages'] = NULL;
// path to a text file which will be added to each sent message
// paths are relative to the RoundCube root folder
$rcmail_config['generic_message_footer'] = '';
// add a received header to outgoing mails containing the creators IP and hostname
$rcmail_config['http_received_header'] = false;
+// Whether or not to encrypt the IP address and the host name
+// these could, in some circles, be considered as sensitive information;
+// however, for the administrator, these could be invaluable help
+// when tracking down issues.
+$rcmail_config['http_received_header_encrypt'] = false;
+
// this string is used as a delimiter for message headers when sending
// leave empty for auto-detection
$rcmail_config['mail_header_delimiter'] = NULL;
// session domain: .example.org
$rcmail_config['session_domain'] = '';
// This indicates which type of address book to use. Possible choises:
// 'sql' (default) and 'ldap'.
// If set to 'ldap' then it will look at using the first writable LDAP
// address book as the primary address book and it will not display the
// SQL address book in the 'Address Book' view.
$rcmail_config['address_book_type'] = 'sql';
// In order to enable public ldap search, configure an array like the Verisign
// example further below. if you would like to test, simply uncomment the example.
$rcmail_config['ldap_public'] = array();
//
// If you are going to use LDAP for individual address books, you will need to
// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
//
// The recommended directory structure for LDAP is to store all the address book entries
// under the users main entry, e.g.:
//
// o=root
// ou=people
// uid=user@domain
// mail=contact@contactdomain
//
// So the base_dn would be uid=%fu,ou=people,o=root
// The bind_dn would be the same as based_dn or some super user login.
/*
* example config for Verisign directory
*
$rcmail_config['ldap_public']['Verisign'] = array(
'name' => 'Verisign.com',
'hosts' => array('directory.verisign.com'),
'port' => 389,
'use_tls' => false,
'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
// %fu - The full username provided, assumes the username is an email
// address, uses the username_domain value if not an email address.
// %u - The username prior to the '@'.
// %d - The domain name after the '@'.
'base_dn' => '',
'bind_dn' => '',
'bind_pass' => '',
'writable' => false, // Indicates if we can write to the LDAP directory or not.
// If writable is true then these fields need to be populated:
// LDAP_Object_Classes, required_fields, LDAP_rdn
'LDAP_Object_Classes' => array("top", "inetOrgPerson"), // To create a new contact these are the object classes to specify (or any other classes you wish to use).
'required_fields' => array("cn", "sn", "mail"), // The required fields needed to build a new contact as required by the object classes (can include additional fields not required by the object classes).
'LDAP_rdn' => 'mail', // The RDN field that is used for new entries, this field needs to be one of the search_fields, the base of base_dn is appended to the RDN to insert into the LDAP directory.
'ldap_version' => 3, // using LDAPv3
'search_fields' => array('mail', 'cn'), // fields to search in
'name_field' => 'cn', // this field represents the contact's name
'email_field' => 'mail', // this field represents the contact's e-mail
'surname_field' => 'sn', // this field represents the contact's last name
'firstname_field' => 'gn', // this field represents the contact's first name
'sort' => 'cn', // The field to sort the listing by.
'scope' => 'sub', // search mode: sub|base|list
'filter' => '', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
'fuzzy_search' => true); // server allows wildcard search
*/
// An ordered array of the ids of the addressbooks that should be searched
// when populating address autocomplete fields server-side. ex: array('sql','Verisign');
$rcmail_config['autocomplete_addressbooks'] = array('sql');
// don't allow these settings to be overriden by the user
$rcmail_config['dont_override'] = array();
// Set identities access level:
// 0 - many identities with possibility to edit all params
// 1 - many identities with possibility to edit all params but not email address
// 2 - one identity with possibility to edit all params
// 3 - one identity with possibility to edit all params but not email address
$rcmail_config['identities_level'] = 0;
// try to load host-specific configuration
// see http://trac.roundcube.net/wiki/Howto_Config for more details
$rcmail_config['include_host_config'] = false;
// don't let users set pagesize to more than this value if set
$rcmail_config['max_pagesize'] = 200;
// mime magic database
$rcmail_config['mime_magic'] = '/usr/share/misc/magic';
// default sort col
$rcmail_config['message_sort_col'] = 'date';
// default sort order
$rcmail_config['message_sort_order'] = 'DESC';
// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
$rcmail_config['enable_installer'] = false;
// Log successful logins
$rcmail_config['log_logins'] = false;
/**
* 'Delete always'
* This setting reflects if mail should be always marked as deleted,
* even if moving to "Trash" fails. This is necessary in some setups
* because a) people may not have a Trash folder or b) they are over
* quota (and Trash is included in the quota).
*
* This is a failover setting for iil_C_Move when a message is moved
* to the Trash.
*/
$rcmail_config['delete_always'] = false;
// Minimal value of user's 'keep_alive' setting (in seconds)
// Must be less than 'session_lifetime'
$rcmail_config['min_keep_alive'] = 60;
/***** these settings can be overwritten by user's preferences *****/
// skin name: folder from skins/
$rcmail_config['skin'] = 'default';
// show up to X items in list view
$rcmail_config['pagesize'] = 40;
// use this timezone to display date/time
$rcmail_config['timezone'] = 'auto';
// is daylight saving On?
$rcmail_config['dst_active'] = (bool)date('I');
// prefer displaying HTML messages
$rcmail_config['prefer_html'] = TRUE;
// display remote inline images
// 0 - Never, always ask
// 1 - Ask if sender is not in address book
// 2 - Always show inline images
$rcmail_config['show_images'] = 0;
// compose html formatted messages by default
$rcmail_config['htmleditor'] = FALSE;
// show pretty dates as standard
$rcmail_config['prettydate'] = TRUE;
// save compose message every 300 seconds (5min)
$rcmail_config['draft_autosave'] = 300;
// default setting if preview pane is enabled
$rcmail_config['preview_pane'] = FALSE;
// focus new window if new message arrives
$rcmail_config['focus_on_new_message'] = true;
// Clear Trash on logout
$rcmail_config['logout_purge'] = FALSE;
// Compact INBOX on logout
$rcmail_config['logout_expunge'] = FALSE;
// Display attached images below the message body
$rcmail_config['inline_images'] = TRUE;
// Encoding of long/non-ascii attachment names:
// 0 - Full RFC 2231 compatible
// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
// 2 - Full 2047 compatible
$rcmail_config['mime_param_folding'] = 0;
// Set TRUE if deleted messages should not be displayed
// This will make the application run slower
$rcmail_config['skip_deleted'] = FALSE;
// Set true to Mark deleted messages as read as well as deleted
// False means that a message's read status is not affected by marking it as deleted
$rcmail_config['read_when_deleted'] = TRUE;
// When a Trash folder is not present and a message is deleted, flag
// the message for deletion rather than deleting it immediately. Setting this to
// false causes deleted messages to be permanantly removed if there is no Trash folder
$rcmail_config['flag_for_deletion'] = FALSE;
// Default interval for keep-alive/check-recent requests (in seconds)
// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime'
$rcmail_config['keep_alive'] = 60;
// If true all folders will be checked for recent messages
$rcmail_config['check_all_folders'] = FALSE;
// end of config file
?>
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 75befc0d1..0920c32f8 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -1,257 +1,256 @@
<?php
/**
* Change Password
*
* Plugin that adds a possibility to change password using a database
* (Settings -> Password tab)
*
* @version 1.1
- * @author Aleksander 'A.L.E.C' Machniak
+ * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
* @editor Daniel Black
*
* Configuration Items (config/main.inc.php):
* password_confirm_current - boolean to determine whether current password
* is required to change password. Defaults to FALSE.
* password_db_dsn - is the PEAR database DSN for performing the query. Defaults
* to the default databse setting in config/db.inc.php
* password_query - the SQL query used to change the password.
* If the SQL query is a SELECT it will return an error message in a row if unsuccessful
* If the SQL query is a UPDATE it will update a single row only.
* An UPDATE where zero rows changed will be inteperated to be a wrong username/password
* More than one row changed will be inteperated as an internal error
* The query can contain the following macros that will be expanded as follows:
* %p is replaced with the plaintext new password
* %c is replaced with the crypt version of the new password, MD5 if available
* otherwise DES.
* %u is replaced with the username (from the session info)
* %o is replaced with the password before the change
* %h is replaced with the imap host (from the session info)
* Escaping of macros is handled by this module.
* Defaults to "SELECT update_passwd(%c, %u)"
* To use this you need to define the update_passwd function in your
* database.
*
* Example SQL queries:
* These will typically need to define a function to change the password:
*
* Example implementations of an update_passwd function:
*
* This is for use with LMS (http://lms.org.pl) database and postgres:
* CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
* DECLARE
* res integer;
* BEGIN
* UPDATE passwd SET password = hash
* WHERE login = split_part(account, '@', 1)
* AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
* RETURNING id INTO res;
* RETURN res;
* END;
* $$ LANGUAGE plpgsql SECURITY DEFINER;
*
* This is for use with a SELECT update_passwd(%o,%c,%u) query
* Uupdates the password only when the old password matches the MD5 password in the database
* CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
* MODIFIES SQL DATA
* BEGIN
* DECLARE currentsalt varchar(20);
* DECLARE error text;
* SET error = 'incorrect current password';
* SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
* SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
* UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
* RETURN error;
* END
*
* Example SQL UPDATEs:
*
* Plain text passwords:
* UPDATE users SET password=%p WHERE username=%u AND password=%o AND domain=%h LIMIT 1
*
* Crypt text passwords:
* UPDATE users SET password=%c WHERE username=%u LIMIT 1
*
* Use a MYSQL crypt function (*nix only) with random 8 character salt
* UPDATE users SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1
*
* MD5 stored passwords:
* UPDATE users SET password=MD5(%p) WHERE username=%u AND password=MD5(%o) LIMIT 1
*
*/
class password extends rcube_plugin
{
public $task = 'settings';
function init()
{
$rcmail = rcmail::get_instance();
// add Tab label
$rcmail->output->add_label('password');
$this->register_action('plugin.password', array($this, 'password_init'));
$this->register_action('plugin.password-save', array($this, 'password_save'));
$this->register_handler('plugin.body', array($this, 'password_form'));
$this->include_script('password.js');
}
function password_init()
{
$this->add_texts('localization/');
rcmail::get_instance()->output->send('plugin');
}
function password_save()
{
$rcmail = rcmail::get_instance();
$confirm = $rcmail->config->get('password_confirm_current');
$this->add_texts('localization/');
if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd']))
$rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
else {
$curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
- if ($confirm && $_SESSION['password'] != $rcmail->encrypt_passwd($curpwd))
+ if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd)
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
else if (!($res = $this->_save($curpwd,$newpwd))) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
- $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+ $_SESSION['password'] = $rcmail->encrypt($newpwd);
} else
$rcmail->output->command('display_message', $res, 'error');
}
rcmail_overwrite_action('plugin.password');
rcmail::get_instance()->output->send('plugin');
}
function password_form()
{
$rcmail = rcmail::get_instance();
$confirm = $rcmail->config->get('password_confirm_current');
// add some labels to client
$rcmail->output->add_label(
'password.nopassword',
'password.nocurpassword',
'password.passwordinconsistency',
'password.changepasswd'
);
// $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
$rcmail->output->set_env('product_name', $rcmail->config->get('product_name'));
// allow the following attributes to be added to the <table> tag
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary'));
// return the complete edit form as table
$out = '<table' . $attrib_str . ">\n\n";
- $a_show_cols = array('newpasswd' => array('type' => 'text'),
- 'confpasswd' => array('type' => 'text'));
-
if ($confirm) {
- $a_show_cols['curpasswd'] = array('type' => 'text');
// show current password selection
$field_id = 'curpasswd';
- $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, 'size' => 20));
+ $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id,
+ 'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
rep_specialchars_output($this->gettext('curpasswd')),
$input_newpasswd->show($rcmail->config->get('curpasswd')));
}
// show new password selection
$field_id = 'newpasswd';
- $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, 'size' => 20));
+ $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id,
+ 'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
rep_specialchars_output($this->gettext('newpasswd')),
$input_newpasswd->show($rcmail->config->get('newpasswd')));
// show confirm password selection
$field_id = 'confpasswd';
- $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, 'size' => 20));
+ $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id,
+ 'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
rep_specialchars_output($this->gettext('confpasswd')),
$input_confpasswd->show($rcmail->config->get('confpasswd')));
$out .= "\n</table>";
$out .= '<br />';
$out .= $rcmail->output->button(array(
'command' => 'plugin.password-save',
'type' => 'input',
'class' => 'button mainaction',
'label' => 'save'
));
$rcmail->output->add_gui_object('passform', 'password-form');
return $rcmail->output->form_tag(array(
'id' => 'password-form',
'name' => 'password-form',
'method' => 'post',
'action' => './?_task=settings&_action=plugin.password-save',
), $out);
}
private function _save($curpass,$passwd)
{
$cfg = rcmail::get_instance()->config;
if (!($sql = $cfg->get('password_query')))
$sql = "SELECT update_passwd(%c, %u)";
if ($dsn = $cfg->get('password_db_dsn')) {
$db = new rcube_mdb2($dsn, '', FALSE);
$db->set_debug((bool)$cfg->get('sql_debug'));
$db->db_connect('w');
} else {
$db = rcmail::get_instance()->get_dbh();
}
if ($err = $db->is_error())
return $err;
if (strpos($sql,'%c') !== FALSE) {
$salt = '';
if (CRYPT_MD5) {
$len = rand(3,CRYPT_SALT_LENGTH);
} else if (CRYPT_STD_DES) {
$len = 2;
} else {
return $this->gettext('nocryptfunction');
}
for ($i = 0; $i < $len ; $i++) {
$salt .= chr(rand(ord('.'),ord('z')));
}
$sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
}
$sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql);
$sql = str_replace('%p', $db->quote($passwd,'text'), $sql);
$sql = str_replace('%o', $db->quote($curpass,'text'), $sql);
$sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql);
$res = $db->query($sql);
if ($err = $db->is_error())
return $err;
if (strtolower(substr(trim($query),0,6))=='select') {
return $db->fetch_array($res);
} else {
$res = $db->affected_rows($res);
if ($res == 0) return $this->gettext('errorsaving');
if ($res == 1) return FALSE; // THis is the good case - 1 row updated
return $this->gettext('internalerror');
}
}
}
?>
diff --git a/plugins/sasl_password/sasl_password.php b/plugins/sasl_password/sasl_password.php
index 3a23557e9..ed1624e71 100644
--- a/plugins/sasl_password/sasl_password.php
+++ b/plugins/sasl_password/sasl_password.php
@@ -1,144 +1,144 @@
<?php
/**
* Change SASL Password
*
* Plugin that adds functionality ty to change the users Cyrus/SASL password.
* The code is derrived from the Squirrelmail "Change SASL Password" Plugin
* by Galen Johnson.
*
* It only works with saslpasswd2 on the same host where RoundCube runs
* and requires shell access and gcc in order to compile the binary.
*
* For installation instructions please read the README file.
*
* @version 1.0
* @author Thomas Bruederli
*/
class sasl_password extends rcube_plugin
{
public $task = 'settings';
function init()
{
$rcmail = rcmail::get_instance();
// add Tab label
$rcmail->output->add_label('password');
$this->register_action('plugin.saslpassword', array($this, 'password_init'));
$this->register_action('plugin.saslpassword-save', array($this, 'password_save'));
$this->register_handler('plugin.body', array($this, 'password_form'));
$this->include_script('sasl_password.js');
}
function password_init()
{
$this->add_texts('locale/');
$rcmail = rcmail::get_instance();
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
$rcmail->output->send('plugin');
}
function password_save()
{
$rcmail = rcmail::get_instance();
$this->add_texts('locale/');
if (!isset($_POST['_curpasswd']) || !isset($_POST['_newpasswd'])) {
$rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
}
else {
$curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
- if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) {
+ if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
}
else if ($this->_save($newpwd)) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
- $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+ $_SESSION['password'] = $rcmail->encrypt($newpwd);
}
else {
$rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error');
}
}
rcmail_overwrite_action('plugin.saslpassword');
rcmail::get_instance()->output->send('plugin');
}
function password_form()
{
$rcmail = rcmail::get_instance();
// add some labels to client
$rcmail->output->add_label(
'sasl_password.nopassword',
'sasl_password.nocurpassword',
'sasl_password.passwordinconsistency',
'sasl_password.changepasswd'
);
$table = new html_table(array('cols' => 2));
// show current password selection
$field_id = 'saslcurpasswd';
$input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, 'size' => 25));
$table->add('title', html::label($field_id, Q($this->gettext('curpasswd'))));
$table->add(null, $input_newpasswd->show());
// show new password selection
$field_id = 'saslnewpasswd';
$input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, 'size' => 25));
$table->add('title', html::label($field_id, Q($this->gettext('newpasswd'))));
$table->add(null, $input_newpasswd->show());
// show confirm password selection
$field_id = 'saslconfpasswd';
$input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, 'size' => 25));
$table->add('title', html::label($field_id, Q($this->gettext('confpasswd'))));
$table->add(null, $input_confpasswd->show());
$out = html::div(array('class' => "settingsbox", 'style' => "margin:0"),
html::div(array('id' => "userprefs-title"), $this->gettext('changepasswd')) .
html::div(array('style' => "padding:15px"), $table->show() .
html::p(null,
$rcmail->output->button(array(
'command' => 'plugin.saslpassword-save',
'type' => 'input',
'class' => 'button mainaction',
'label' => 'save'
)))
)
);
$rcmail->output->add_gui_object('passform', 'password-form');
return $rcmail->output->form_tag(array(
'id' => 'password-form',
'name' => 'password-form',
'method' => 'post',
'action' => './?_task=settings&_action=plugin.saslpassword-save',
), $out);
}
private function _save($passwd)
{
$curdir = realpath(dirname(__FILE__));
$username = escapeshellcmd($_SESSION['username']);
$code = 1;
if ($fh = popen("$curdir/chgsaslpasswd -p $username", 'w')) {
fwrite($fh, $passwd."\n");
$code = pclose($fh);
}
return ($code == 0);
}
}
?>
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 06f50a13f..ec0a6f445 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1,979 +1,1018 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/include/rcmail.php |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2008-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Application class providing core functions and holding |
| instances of all 'global' objects like db- and imap-connections |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id: rcmail.php 328 2006-08-30 17:41:21Z thomasb $
*/
/**
* Application class of RoundCube Webmail
* implemented as singleton
*
* @package Core
*/
class rcmail
{
static public $main_tasks = array('mail','settings','addressbook','login','logout');
static private $instance;
public $config;
public $user;
public $db;
public $imap;
public $output;
public $plugins;
public $task = 'mail';
public $action = '';
public $comm_path = './';
private $texts;
/**
* This implements the 'singleton' design pattern
*
* @return object rcmail The one and only instance
*/
static function get_instance()
{
if (!self::$instance) {
self::$instance = new rcmail();
self::$instance->startup(); // init AFTER object was linked with self::$instance
}
return self::$instance;
}
/**
* Private constructor
*/
private function __construct()
{
// load configuration
$this->config = new rcube_config();
register_shutdown_function(array($this, 'shutdown'));
}
/**
* Initial startup function
* to register session, create database and imap connections
*
* @todo Remove global vars $DB, $USER
*/
private function startup()
{
$config_all = $this->config->all();
// initialize syslog
if ($this->config->get('log_driver') == 'syslog') {
$syslog_id = $this->config->get('syslog_id', 'roundcube');
$syslog_facility = $this->config->get('syslog_facility', LOG_USER);
openlog($syslog_id, LOG_ODELAY, $syslog_facility);
}
// set task and action properties
$this->set_task(get_input_value('_task', RCUBE_INPUT_GPC));
$this->action = asciiwords(get_input_value('_action', RCUBE_INPUT_GPC));
// connect to database
$GLOBALS['DB'] = $this->get_dbh();
// use database for storing session data
include_once('include/session.inc');
// set session domain
if (!empty($config_all['session_domain'])) {
ini_set('session.cookie_domain', $config_all['session_domain']);
}
// set session garbage collecting time according to session_lifetime
if (!empty($config_all['session_lifetime'])) {
ini_set('session.gc_maxlifetime', ($config_all['session_lifetime']) * 120);
}
// start PHP session (if not in CLI mode)
if ($_SERVER['REMOTE_ADDR'])
session_start();
// set initial session vars
if (!isset($_SESSION['auth_time'])) {
$_SESSION['auth_time'] = time();
$_SESSION['temp'] = true;
}
// create user object
$this->set_user(new rcube_user($_SESSION['user_id']));
// reset some session parameters when changing task
if ($_SESSION['task'] != $this->task)
rcube_sess_unset('page');
// set current task to session
$_SESSION['task'] = $this->task;
// create IMAP object
if ($this->task == 'mail')
$this->imap_init();
// create plugin API and load plugins
$this->plugins = rcube_plugin_api::get_instance();
}
/**
* Setter for application task
*
* @param string Task to set
*/
public function set_task($task)
{
$task = asciiwords($task);
$this->task = $task ? $task : 'mail';
$this->comm_path = $this->url(array('task' => $this->task));
if ($this->output)
$this->output->set_env('task', $this->task);
}
/**
* Setter for system user object
*
* @param object rcube_user Current user instance
*/
public function set_user($user)
{
if (is_object($user)) {
$this->user = $user;
$GLOBALS['USER'] = $this->user;
// overwrite config with user preferences
$this->config->merge((array)$this->user->get_prefs());
}
$_SESSION['language'] = $this->user->language = $this->language_prop($this->config->get('language', $_SESSION['language']));
// set localization
setlocale(LC_ALL, $_SESSION['language'] . '.utf8', 'en_US.utf8');
// workaround for http://bugs.php.net/bug.php?id=18556
if (in_array($_SESSION['language'], array('tr_TR', 'ku', 'az_AZ')))
setlocale(LC_CTYPE, 'en_US' . '.utf8');
}
/**
* Check the given string and return a valid language code
*
* @param string Language code
* @return string Valid language code
*/
private function language_prop($lang)
{
static $rcube_languages, $rcube_language_aliases;
// user HTTP_ACCEPT_LANGUAGE if no language is specified
if (empty($lang) || $lang == 'auto') {
$accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
$lang = str_replace('-', '_', $accept_langs[0]);
}
if (empty($rcube_languages)) {
@include(INSTALL_PATH . 'program/localization/index.inc');
}
// check if we have an alias for that language
if (!isset($rcube_languages[$lang]) && isset($rcube_language_aliases[$lang])) {
$lang = $rcube_language_aliases[$lang];
}
// try the first two chars
else if (!isset($rcube_languages[$lang])) {
$short = substr($lang, 0, 2);
// check if we have an alias for the short language code
if (!isset($rcube_languages[$short]) && isset($rcube_language_aliases[$short])) {
$lang = $rcube_language_aliases[$short];
}
// expand 'nn' to 'nn_NN'
else if (!isset($rcube_languages[$short])) {
$lang = $short.'_'.strtoupper($short);
}
}
if (!isset($rcube_languages[$lang]) || !is_dir(INSTALL_PATH . 'program/localization/' . $lang)) {
$lang = 'en_US';
}
return $lang;
}
/**
* Get the current database connection
*
* @return object rcube_mdb2 Database connection object
*/
public function get_dbh()
{
if (!$this->db) {
$config_all = $this->config->all();
$this->db = new rcube_mdb2($config_all['db_dsnw'], $config_all['db_dsnr'], $config_all['db_persistent']);
$this->db->sqlite_initials = INSTALL_PATH . 'SQL/sqlite.initial.sql';
$this->db->set_debug((bool)$config_all['sql_debug']);
$this->db->db_connect('w');
}
return $this->db;
}
/**
* Return instance of the internal address book class
*
* @param boolean True if the address book needs to be writeable
* @return object rcube_contacts Address book object
*/
public function get_address_book($id, $writeable = false)
{
$contacts = null;
$ldap_config = (array)$this->config->get('ldap_public');
$abook_type = strtolower($this->config->get('address_book_type'));
$plugin = $this->plugins->exec_hook('get_address_book', array('id' => $id, 'writeable' => $writeable));
// plugin returned instance of a rcube_addressbook
if ($plugin['instance'] instanceof rcube_addressbook) {
$contacts = $plugin['instance'];
}
else if ($id && $ldap_config[$id]) {
$contacts = new rcube_ldap($ldap_config[$id]);
}
else if ($id === '0') {
$contacts = new rcube_contacts($this->db, $this->user->ID);
}
else if ($abook_type == 'ldap') {
// Use the first writable LDAP address book.
foreach ($ldap_config as $id => $prop) {
if (!$writeable || $prop['writable']) {
$contacts = new rcube_ldap($prop);
break;
}
}
}
else {
$contacts = new rcube_contacts($this->db, $this->user->ID);
}
return $contacts;
}
/**
* Init output object for GUI and add common scripts.
* This will instantiate a rcmail_template object and set
* environment vars according to the current session and configuration
*
* @param boolean True if this request is loaded in a (i)frame
* @return object rcube_template Reference to HTML output object
*/
public function load_gui($framed = false)
{
// init output page
if (!($this->output instanceof rcube_template))
$this->output = new rcube_template($this->task, $framed);
foreach (array('flag_for_deletion','read_when_deleted') as $js_config_var) {
$this->output->set_env($js_config_var, $this->config->get($js_config_var));
}
// set keep-alive/check-recent interval
if ($keep_alive = $this->config->get('keep_alive')) {
// be sure that it's less than session lifetime
if ($session_lifetime = $this->config->get('session_lifetime'))
$keep_alive = min($keep_alive, $session_lifetime * 60 - 30);
$this->output->set_env('keep_alive', max(60, $keep_alive));
}
if ($framed) {
$this->comm_path .= '&_framed=1';
$this->output->set_env('framed', true);
}
$this->output->set_env('task', $this->task);
$this->output->set_env('action', $this->action);
$this->output->set_env('comm_path', $this->comm_path);
$this->output->set_charset($this->config->get('charset', RCMAIL_CHARSET));
// add some basic label to client
$this->output->add_label('loading');
return $this->output;
}
/**
* Create an output object for JSON responses
*
* @return object rcube_json_output Reference to JSON output object
*/
public function init_json()
{
if (!($this->output instanceof rcube_json_output))
$this->output = new rcube_json_output($this->task);
return $this->output;
}
/**
* Create global IMAP object and connect to server
*
* @param boolean True if connection should be established
* @todo Remove global $IMAP
*/
public function imap_init($connect = false)
{
$this->imap = new rcube_imap($this->db);
$this->imap->debug_level = $this->config->get('debug_level');
$this->imap->skip_deleted = $this->config->get('skip_deleted');
// enable caching of imap data
if ($this->config->get('enable_caching')) {
$this->imap->set_caching(true);
}
// set pagesize from config
$this->imap->set_pagesize($this->config->get('pagesize', 50));
// Setting root and delimiter before iil_Connect can save time detecting them
// using NAMESPACE and LIST
$options = array(
'imap' => $this->config->get('imap_auth_type', 'check'),
'delimiter' => isset($_SESSION['imap_delimiter']) ? $_SESSION['imap_delimiter'] : $this->config->get('imap_delimiter'),
'rootdir' => isset($_SESSION['imap_root']) ? $_SESSION['imap_root'] : $this->config->get('imap_root'),
);
$this->imap->set_options($options);
// set global object for backward compatibility
$GLOBALS['IMAP'] = $this->imap;
if ($connect)
$this->imap_connect();
}
/**
* Connect to IMAP server with stored session data
*
* @return bool True on success, false on error
*/
public function imap_connect()
{
$conn = false;
if ($_SESSION['imap_host'] && !$this->imap->conn) {
- if (!($conn = $this->imap->connect($_SESSION['imap_host'], $_SESSION['username'], $this->decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']))) {
+ if (!($conn = $this->imap->connect($_SESSION['imap_host'], $_SESSION['username'], $this->decrypt($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']))) {
if ($this->output)
$this->output->show_message($this->imap->error_code == -1 ? 'imaperror' : 'sessionerror', 'error');
}
$this->set_imap_prop();
}
return $conn;
}
/**
* Perfom login to the IMAP server and to the webmail service.
* This will also create a new user entry if auto_create_user is configured.
*
* @param string IMAP user name
* @param string IMAP password
* @param string IMAP host
* @return boolean True on success, False on failure
*/
function login($username, $pass, $host=NULL)
{
$user = NULL;
$config = $this->config->all();
if (!$host)
$host = $config['default_host'];
// Validate that selected host is in the list of configured hosts
if (is_array($config['default_host'])) {
$allowed = false;
foreach ($config['default_host'] as $key => $host_allowed) {
if (!is_numeric($key))
$host_allowed = $key;
if ($host == $host_allowed) {
$allowed = true;
break;
}
}
if (!$allowed)
return false;
}
else if (!empty($config['default_host']) && $host != $config['default_host'])
return false;
// parse $host URL
$a_host = parse_url($host);
if ($a_host['host']) {
$host = $a_host['host'];
$imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null;
if(!empty($a_host['port']))
$imap_port = $a_host['port'];
else if ($imap_ssl && $imap_ssl != 'tls')
$imap_port = 993;
}
$imap_port = $imap_port ? $imap_port : $config['default_port'];
/* Modify username with domain if required
Inspired by Marco <P0L0_notspam_binware.org>
*/
// Check if we need to add domain
if (!empty($config['username_domain']) && !strpos($username, '@')) {
if (is_array($config['username_domain']) && isset($config['username_domain'][$host]))
$username .= '@'.$config['username_domain'][$host];
else if (is_string($config['username_domain']))
$username .= '@'.$config['username_domain'];
}
// try to resolve email address from virtuser table
if (strpos($username, '@'))
if ($virtuser = rcube_user::email2user($username))
$username = $virtuser;
// lowercase username if it's an e-mail address (#1484473)
if (strpos($username, '@'))
$username = rc_strtolower($username);
// user already registered -> overwrite username
if ($user = rcube_user::query($username, $host))
$username = $user->data['username'];
// exit if IMAP login failed
if (!($imap_login = $this->imap->connect($host, $username, $pass, $imap_port, $imap_ssl)))
return false;
// user already registered -> update user's record
if (is_object($user)) {
$user->touch();
}
// create new system user
else if ($config['auto_create_user']) {
if ($created = rcube_user::create($username, $host)) {
$user = $created;
// get existing mailboxes (but why?)
// $a_mailboxes = $this->imap->list_mailboxes();
}
else {
raise_error(array(
'code' => 600,
'type' => 'php',
'message' => "Failed to create a user record. Maybe aborted by a plugin?"
), true, false);
}
}
else {
raise_error(array(
'code' => 600,
'type' => 'php',
'file' => RCMAIL_CONFIG_DIR."/main.inc.php",
'message' => "Acces denied for new user $username. 'auto_create_user' is disabled"
), true, false);
}
// login succeeded
if (is_object($user) && $user->ID) {
$this->set_user($user);
// set session vars
$_SESSION['user_id'] = $user->ID;
$_SESSION['username'] = $user->data['username'];
$_SESSION['imap_host'] = $host;
$_SESSION['imap_port'] = $imap_port;
$_SESSION['imap_ssl'] = $imap_ssl;
- $_SESSION['password'] = $this->encrypt_passwd($pass);
+ $_SESSION['password'] = $this->encrypt($pass);
$_SESSION['login_time'] = mktime();
if ($_REQUEST['_timezone'] != '_default_')
$_SESSION['timezone'] = floatval($_REQUEST['_timezone']);
// force reloading complete list of subscribed mailboxes
$this->set_imap_prop();
$this->imap->clear_cache('mailboxes');
if ($config['create_default_folders'])
$this->imap->create_default_folders();
return true;
}
return false;
}
/**
* Set root dir and last stored mailbox
* This must be done AFTER connecting to the server!
*/
public function set_imap_prop()
{
$this->imap->set_charset($this->config->get('default_charset', RCMAIL_CHARSET));
if ($default_folders = $this->config->get('default_imap_folders')) {
$this->imap->set_default_mailboxes($default_folders);
}
if (!empty($_SESSION['mbox'])) {
$this->imap->set_mailbox($_SESSION['mbox']);
}
if (isset($_SESSION['page'])) {
$this->imap->set_page($_SESSION['page']);
}
// cache IMAP root and delimiter in session for performance reasons
$_SESSION['imap_root'] = $this->imap->root_dir;
$_SESSION['imap_delimiter'] = $this->imap->delimiter;
}
/**
* Auto-select IMAP host based on the posted login information
*
* @return string Selected IMAP host
*/
public function autoselect_host()
{
$default_host = $this->config->get('default_host');
$host = null;
if (is_array($default_host)) {
$post_host = get_input_value('_host', RCUBE_INPUT_POST);
// direct match in default_host array
if ($default_host[$post_host] || in_array($post_host, array_values($default_host))) {
$host = $post_host;
}
// try to select host by mail domain
list($user, $domain) = explode('@', get_input_value('_user', RCUBE_INPUT_POST));
if (!empty($domain)) {
foreach ($default_host as $imap_host => $mail_domains) {
if (is_array($mail_domains) && in_array($domain, $mail_domains)) {
$host = $imap_host;
break;
}
}
}
// take the first entry if $host is still an array
if (empty($host)) {
$host = array_shift($default_host);
}
}
else if (empty($default_host)) {
$host = get_input_value('_host', RCUBE_INPUT_POST);
}
else
$host = $default_host;
return $host;
}
/**
* Get localized text in the desired language
*
* @param mixed Named parameters array or label name
* @return string Localized text
*/
public function gettext($attrib, $domain=null)
{
// load localization files if not done yet
if (empty($this->texts))
$this->load_language();
// extract attributes
if (is_string($attrib))
$attrib = array('name' => $attrib);
$nr = is_numeric($attrib['nr']) ? $attrib['nr'] : 1;
$vars = isset($attrib['vars']) ? $attrib['vars'] : '';
$command_name = !empty($attrib['command']) ? $attrib['command'] : NULL;
$alias = $attrib['name'] ? $attrib['name'] : ($command_name && $command_label_map[$command_name] ? $command_label_map[$command_name] : '');
// check for text with domain
if ($domain && ($text_item = $this->texts[$domain.'.'.$alias]))
;
// text does not exist
else if (!($text_item = $this->texts[$alias])) {
/*
raise_error(array(
'code' => 500,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => "Missing localized text for '$alias' in '$sess_user_lang'"), TRUE, FALSE);
*/
return "[$alias]";
}
// make text item array
$a_text_item = is_array($text_item) ? $text_item : array('single' => $text_item);
// decide which text to use
if ($nr == 1) {
$text = $a_text_item['single'];
}
else if ($nr > 0) {
$text = $a_text_item['multiple'];
}
else if ($nr == 0) {
if ($a_text_item['none'])
$text = $a_text_item['none'];
else if ($a_text_item['single'])
$text = $a_text_item['single'];
else if ($a_text_item['multiple'])
$text = $a_text_item['multiple'];
}
// default text is single
if ($text == '') {
$text = $a_text_item['single'];
}
// replace vars in text
if (is_array($attrib['vars'])) {
foreach ($attrib['vars'] as $var_key => $var_value)
$a_replace_vars[$var_key{0}=='$' ? substr($var_key, 1) : $var_key] = $var_value;
}
if ($a_replace_vars)
$text = preg_replace('/\$\{?([_a-z]{1}[_a-z0-9]*)\}?/ei', '$a_replace_vars["\1"]', $text);
// format output
if (($attrib['uppercase'] && strtolower($attrib['uppercase']=='first')) || $attrib['ucfirst'])
return ucfirst($text);
else if ($attrib['uppercase'])
return strtoupper($text);
else if ($attrib['lowercase'])
return strtolower($text);
return $text;
}
/**
* Load a localization package
*
* @param string Language ID
*/
public function load_language($lang = null, $add = array())
{
$lang = $this->language_prop(($lang ? $lang : $_SESSION['language']));
// load localized texts
if (empty($this->texts) || $lang != $_SESSION['language']) {
$this->texts = array();
// get english labels (these should be complete)
@include(INSTALL_PATH . 'program/localization/en_US/labels.inc');
@include(INSTALL_PATH . 'program/localization/en_US/messages.inc');
if (is_array($labels))
$this->texts = $labels;
if (is_array($messages))
$this->texts = array_merge($this->texts, $messages);
// include user language files
if ($lang != 'en' && is_dir(INSTALL_PATH . 'program/localization/' . $lang)) {
include_once(INSTALL_PATH . 'program/localization/' . $lang . '/labels.inc');
include_once(INSTALL_PATH . 'program/localization/' . $lang . '/messages.inc');
if (is_array($labels))
$this->texts = array_merge($this->texts, $labels);
if (is_array($messages))
$this->texts = array_merge($this->texts, $messages);
}
$_SESSION['language'] = $lang;
}
// append additional texts (from plugin)
if (is_array($add) && !empty($add))
$this->texts += $add;
}
/**
* Read directory program/localization and return a list of available languages
*
* @return array List of available localizations
*/
public function list_languages()
{
static $sa_languages = array();
if (!sizeof($sa_languages)) {
@include(INSTALL_PATH . 'program/localization/index.inc');
if ($dh = @opendir(INSTALL_PATH . 'program/localization')) {
while (($name = readdir($dh)) !== false) {
if ($name{0}=='.' || !is_dir(INSTALL_PATH . 'program/localization/' . $name))
continue;
if ($label = $rcube_languages[$name])
$sa_languages[$name] = $label ? $label : $name;
}
closedir($dh);
}
}
return $sa_languages;
}
/**
* Check the auth hash sent by the client against the local session credentials
*
* @return boolean True if valid, False if not
*/
function authenticate_session()
{
global $SESS_CLIENT_IP, $SESS_CHANGED;
// advanced session authentication
if ($this->config->get('double_auth')) {
$now = time();
$valid = ($_COOKIE['sessauth'] == $this->get_auth_hash(session_id(), $_SESSION['auth_time']) ||
$_COOKIE['sessauth'] == $this->get_auth_hash(session_id(), $_SESSION['last_auth']));
// renew auth cookie every 5 minutes (only for GET requests)
if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) {
$_SESSION['last_auth'] = $_SESSION['auth_time'];
$_SESSION['auth_time'] = $now;
rcmail::setcookie('sessauth', $this->get_auth_hash(session_id(), $now), 0);
}
}
else {
$valid = $this->config->get('ip_check') ? $_SERVER['REMOTE_ADDR'] == $SESS_CLIENT_IP : true;
}
// check session filetime
$lifetime = $this->config->get('session_lifetime');
if (!empty($lifetime) && isset($SESS_CHANGED) && $SESS_CHANGED + $lifetime*60 < time()) {
$valid = false;
}
return $valid;
}
/**
* Destroy session data and remove cookie
*/
public function kill_session()
{
rcube_sess_unset();
$_SESSION = array('language' => $this->user->language, 'auth_time' => time(), 'temp' => true);
rcmail::setcookie('sessauth', '-del-', time() - 60);
$this->user->reset();
}
/**
* Do server side actions on logout
*/
public function logout_actions()
{
$config = $this->config->all();
// on logout action we're not connected to imap server
if (($config['logout_purge'] && !empty($config['trash_mbox'])) || $config['logout_expunge']) {
if (!$this->authenticate_session())
return;
$this->imap_init(true);
}
if ($config['logout_purge'] && !empty($config['trash_mbox'])) {
$this->imap->clear_mailbox($config['trash_mbox']);
}
if ($config['logout_expunge']) {
$this->imap->expunge('INBOX');
}
}
/**
* Function to be executed in script shutdown
* Registered with register_shutdown_function()
*/
public function shutdown()
{
if (is_object($this->imap)) {
$this->imap->close();
$this->imap->write_cache();
}
if (is_object($this->contacts))
$this->contacts->close();
// before closing the database connection, write session data
if ($_SERVER['REMOTE_ADDR'])
session_write_close();
}
/**
* Create unique authorization hash
*
* @param string Session ID
* @param int Timestamp
* @return string The generated auth hash
*/
private function get_auth_hash($sess_id, $ts)
{
$auth_string = sprintf('rcmail*sess%sR%s*Chk:%s;%s',
$sess_id,
$ts,
$this->config->get('ip_check') ? $_SERVER['REMOTE_ADDR'] : '***.***.***.***',
$_SERVER['HTTP_USER_AGENT']);
if (function_exists('sha1'))
return sha1($auth_string);
else
return md5($auth_string);
}
+
/**
- * Encrypt IMAP password using DES encryption
+ * Encrypt using 3DES
+ *
+ * @param string $clear clear text input
+ * @param string $key encryption key to retrieve from the configuration, defaults to 'des_key'
+ * @param boolean $base64 whether or not to base64_encode() the result before returning
*
- * @param string Password to encrypt
- * @return string Encryprted string
+ * @return string encrypted text
*/
- public function encrypt_passwd($pass)
+ public function encrypt($clear, $key = 'des_key', $base64 = true)
{
- if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""))) {
+ /*-
+ * Add a single canary byte to the end of the clear text, which
+ * will help find out how much of padding will need to be removed
+ * upon decryption; see http://php.net/mcrypt_generic#68082
+ */
+ $clear = pack("a*H2", $clear, "80");
+
+ if (function_exists('mcrypt_module_open') &&
+ ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
+ {
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
- mcrypt_generic_init($td, $this->config->get_des_key(), $iv);
- $cypher = mcrypt_generic($td, $pass);
+ mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
+ $cipher = $iv . mcrypt_generic($td, $clear);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
}
- else if (function_exists('des')) {
- $cypher = des($this->config->get_des_key(), $pass, 1, 0, NULL);
+ else if (function_exists('des'))
+ {
+ define('DES_IV_SIZE', 8);
+ $iv = '';
+ for ($i = 0; $i < constant('DES_IV_SIZE'); $i++)
+ $iv .= sprintf("%c", mt_rand(0, 255));
+ $cipher = $iv . des($this->config->get_crypto_key($key), $clear, 1, 1, $iv);
}
- else {
- $cypher = $pass;
-
+ else
+ {
raise_error(array(
'code' => 500,
'type' => 'php',
'file' => __FILE__,
- 'message' => "Could not convert encrypt password. Make sure Mcrypt is installed or lib/des.inc is available"
- ), true, false);
+ 'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available"
+ ), true, true);
}
-
- return base64_encode($cypher);
+
+ return $base64 ? base64_encode($cipher) : $cipher;
}
-
/**
- * Decrypt IMAP password using DES encryption
+ * Decrypt 3DES-encrypted string
+ *
+ * @param string $cipher encrypted text
+ * @param string $key encryption key to retrieve from the configuration, defaults to 'des_key'
+ * @param boolean $base64 whether or not input is base64-encoded
*
- * @param string Encrypted password
- * @return string Plain password
+ * @return string decrypted text
*/
- public function decrypt_passwd($cypher)
+ public function decrypt($cipher, $key = 'des_key', $base64 = true)
{
- if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""))) {
- $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
- mcrypt_generic_init($td, $this->config->get_des_key(), $iv);
- $pass = mdecrypt_generic($td, base64_decode($cypher));
+ $cipher = $base64 ? base64_decode($cipher) : $cipher;
+
+ if (function_exists('mcrypt_module_open') &&
+ ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
+ {
+ $iv = substr($cipher, 0, mcrypt_enc_get_iv_size($td));
+ $cipher = substr($cipher, mcrypt_enc_get_iv_size($td));
+ mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
+ $clear = mdecrypt_generic($td, $cipher);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
}
- else if (function_exists('des')) {
- $pass = des($this->config->get_des_key(), base64_decode($cypher), 0, 0, NULL);
+ else if (function_exists('des'))
+ {
+ define('DES_IV_SIZE', 8);
+ $iv = substr($cipher, 0, constant('DES_IV_SIZE'));
+ $cipher = substr($cipher, constant('DES_IV_SIZE'));
+ $clear = des($this->config->get_crypto_key($key), $cipher, 0, 1, $iv);
}
- else {
- $pass = base64_decode($cypher);
+ else
+ {
+ raise_error(array(
+ 'code' => 500,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'message' => "Could not perform decryption; make sure Mcrypt is installed or lib/des.inc is available"
+ ), true, true);
}
-
- return preg_replace('/\x00/', '', $pass);
+
+ /*-
+ * Trim PHP's padding and the canary byte; see note in
+ * rcmail::encrypt() and http://php.net/mcrypt_generic#68082
+ */
+ $clear = substr(rtrim($clear, "\0"), 0, -1);
+
+ return $clear;
}
-
/**
* Build a valid URL to this instance of RoundCube
*
* @param mixed Either a string with the action or url parameters as key-value pairs
* @return string Valid application URL
*/
public function url($p)
{
if (!is_array($p))
$p = array('_action' => @func_get_arg(0));
$task = $p['_task'] ? $p['_task'] : ($p['task'] ? $p['task'] : $this->task);
$p['_task'] = $task;
unset($p['task']);
$url = './';
$delm = '?';
foreach (array_reverse($p) as $key => $val)
{
if (!empty($val)) {
$par = $key[0] == '_' ? $key : '_'.$key;
$url .= $delm.urlencode($par).'='.urlencode($val);
$delm = '&';
}
}
return $url;
}
/**
* Helper method to set a cookie with the current path and host settings
*
* @param string Cookie name
* @param string Cookie value
* @param string Expiration time
*/
public static function setcookie($name, $value, $exp = 0)
{
$cookie = session_get_cookie_params();
setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'],
($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off')));
}
}
diff --git a/program/include/rcube_config.php b/program/include/rcube_config.php
index 1312a73de..60064e7f5 100644
--- a/program/include/rcube_config.php
+++ b/program/include/rcube_config.php
@@ -1,254 +1,268 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/include/rcube_config.php |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2008-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Class to read configuration settings |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id: $
*/
/**
* Configuration class for RoundCube
*
* @package Core
*/
class rcube_config
{
private $prop = array();
private $errors = array();
/**
* Object constructor
*/
public function __construct()
{
$this->load();
}
/**
* Load config from local config file
*
* @todo Remove global $CONFIG
*/
private function load()
{
// start output buffering, we don't need any output yet,
// it'll be cleared after reading of config files, etc.
ob_start();
// load main config file
if (include(RCMAIL_CONFIG_DIR . '/main.inc.php'))
$this->prop = (array)$rcmail_config;
else
$this->errors[] = 'main.inc.php was not found.';
// load database config
if (include(RCMAIL_CONFIG_DIR . '/db.inc.php'))
$this->prop += (array)$rcmail_config;
else
$this->errors[] = 'db.inc.php was not found.';
// load host-specific configuration
$this->load_host_config();
// set skin (with fallback to old 'skin_path' property)
if (empty($this->prop['skin']) && !empty($this->prop['skin_path']))
$this->prop['skin'] = str_replace('skins/', '', unslashify($this->prop['skin_path']));
else if (empty($this->prop['skin']))
$this->prop['skin'] = 'default';
// fix paths
$this->prop['log_dir'] = $this->prop['log_dir'] ? unslashify($this->prop['log_dir']) : INSTALL_PATH . 'logs';
$this->prop['temp_dir'] = $this->prop['temp_dir'] ? unslashify($this->prop['temp_dir']) : INSTALL_PATH . 'temp';
$this->prop['plugins_dir'] = $this->prop['plugins_dir'] ? unslashify($this->prop['plugins_dir']) : INSTALL_PATH . 'plugins';
// fix default imap folders encoding
foreach (array('drafts_mbox', 'junk_mbox', 'sent_mbox', 'trash_mbox') as $folder)
$this->prop[$folder] = rcube_charset_convert($this->prop[$folder], RCMAIL_CHARSET, 'UTF-7');
if (!empty($this->prop['default_imap_folders']))
foreach ($this->prop['default_imap_folders'] as $n => $folder)
$this->prop['default_imap_folders'][$n] = rcube_charset_convert($folder, RCMAIL_CHARSET, 'UTF-7');
// set PHP error logging according to config
if ($this->prop['debug_level'] & 1) {
ini_set('log_errors', 1);
if ($this->prop['log_driver'] == 'syslog') {
ini_set('error_log', 'syslog');
} else {
ini_set('error_log', $this->prop['log_dir'].'/errors');
}
}
if ($this->prop['debug_level'] & 4) {
ini_set('display_errors', 1);
}
else {
ini_set('display_errors', 0);
}
// clear output buffer
ob_end_clean();
// export config data
$GLOBALS['CONFIG'] = &$this->prop;
}
/**
* Load a host-specific config file if configured
* This will merge the host specific configuration with the given one
*/
private function load_host_config()
{
$fname = null;
if (is_array($this->prop['include_host_config'])) {
$fname = $this->prop['include_host_config'][$_SERVER['HTTP_HOST']];
}
else if (!empty($this->prop['include_host_config'])) {
$fname = preg_replace('/[^a-z0-9\.\-_]/i', '', $_SERVER['HTTP_HOST']) . '.inc.php';
}
if ($fname && is_file(RCMAIL_CONFIG_DIR . '/' . $fname)) {
include(RCMAIL_CONFIG_DIR . '/' . $fname);
$this->prop = array_merge($this->prop, (array)$rcmail_config);
}
}
/**
* Getter for a specific config parameter
*
* @param string Parameter name
* @param mixed Default value if not set
* @return mixed The requested config value
*/
public function get($name, $def = null)
{
return isset($this->prop[$name]) ? $this->prop[$name] : $def;
}
/**
* Setter for a config parameter
*
* @param string Parameter name
* @param mixed Parameter value
*/
public function set($name, $value)
{
$this->prop[$name] = $value;
}
/**
* Override config options with the given values (eg. user prefs)
*
* @param array Hash array with config props to merge over
*/
public function merge($prefs)
{
$this->prop = array_merge($this->prop, $prefs);
}
/**
* Getter for all config options
*
* @return array Hash array containg all config properties
*/
public function all()
{
return $this->prop;
}
-
-
+
/**
- * Return a 24 byte key for the DES encryption
+ * Return requested DES crypto key.
*
- * @return string DES encryption key
+ * @param string Crypto key name
+ * @return string Crypto key
*/
- public function get_des_key()
+ public function get_crypto_key($key)
{
- $key = !empty($this->prop['des_key']) ? $this->prop['des_key'] : 'rcmail?24BitPwDkeyF**ECB';
- $len = strlen($key);
-
- // make sure the key is exactly 24 chars long
- if ($len<24)
- $key .= str_repeat('_', 24-$len);
- else if ($len>24)
- substr($key, 0, 24);
+ // Bomb out if the requested key does not exist
+ if (!array_key_exists($key, $this->prop))
+ {
+ raise_error(array(
+ 'code' => 500,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'message' => "Request for unconfigured crypto key \"$key\""
+ ), true, true);
+ }
+
+ $key = $this->prop[$key];
+
+ // Bomb out if the configured key is not exactly 24 bytes long
+ if (strlen($key) != 24)
+ {
+ raise_error(array(
+ 'code' => 500,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'message' => "Configured crypto key \"$key\" is not exactly 24 bytes long"
+ ), true, true);
+ }
return $key;
}
-
-
+
/**
* Try to autodetect operating system and find the correct line endings
*
* @return string The appropriate mail header delimiter
*/
public function header_delimiter()
{
// use the configured delimiter for headers
if (!empty($this->prop['mail_header_delimiter']))
return $this->prop['mail_header_delimiter'];
else if (strtolower(substr(PHP_OS, 0, 3) == 'win'))
return "\r\n";
else if (strtolower(substr(PHP_OS, 0, 3) == 'mac'))
return "\r\n";
else
return "\n";
}
/**
* Return the mail domain configured for the given host
*
* @param string IMAP host
* @return string Resolved SMTP host
*/
public function mail_domain($host)
{
$domain = $host;
if (is_array($this->prop['mail_domain'])) {
if (isset($this->prop['mail_domain'][$host]))
$domain = $this->prop['mail_domain'][$host];
}
else if (!empty($this->prop['mail_domain']))
$domain = $this->prop['mail_domain'];
return $domain;
}
/**
* Getter for error state
*
* @return mixed Error message on error, False if no errors
*/
public function get_error()
{
return empty($this->errors) ? false : join("\n", $this->errors);
}
}
diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php
index 544c7f744..8e035c5d7 100644
--- a/program/include/rcube_ldap.php
+++ b/program/include/rcube_ldap.php
@@ -1,597 +1,597 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/include/rcube_ldap.php |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2006-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Interface to an LDAP address directory |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id$
*/
/**
* Model class to access an LDAP address directory
*
* @package Addressbook
*/
class rcube_ldap extends rcube_addressbook
{
var $conn;
var $prop = array();
var $fieldmap = array();
var $filter = '';
var $result = null;
var $ldap_result = null;
var $sort_col = '';
/** public properties */
var $primary_key = 'ID';
var $readonly = true;
var $list_page = 1;
var $page_size = 10;
var $ready = false;
/**
* Object constructor
*
* @param array LDAP connection properties
* @param integer User-ID
*/
function __construct($p)
{
$this->prop = $p;
foreach ($p as $prop => $value)
if (preg_match('/^(.+)_field$/', $prop, $matches))
$this->fieldmap[$matches[1]] = $value;
$this->sort_col = $p["sort"];
$this->connect();
}
/**
* Establish a connection to the LDAP server
*/
function connect()
{
global $RCMAIL;
if (!function_exists('ldap_connect'))
raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "No ldap support in this installation of PHP"), true);
if (is_resource($this->conn))
return true;
if (!is_array($this->prop['hosts']))
$this->prop['hosts'] = array($this->prop['hosts']);
if (empty($this->prop['ldap_version']))
$this->prop['ldap_version'] = 3;
foreach ($this->prop['hosts'] as $host)
{
if ($lc = @ldap_connect($host, $this->prop['port']))
{
if ($this->prop['use_tls']===true)
if (!ldap_start_tls($lc))
continue;
ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this->prop['ldap_version']);
$this->prop['host'] = $host;
$this->conn = $lc;
break;
}
}
if (is_resource($this->conn))
{
$this->ready = true;
// User specific access, generate the proper values to use.
if ($this->prop["user_specific"]) {
// No password set, use the session password
if (empty($this->prop['bind_pass'])) {
- $this->prop['bind_pass'] = $RCMAIL->decrypt_passwd($_SESSION["password"]);
+ $this->prop['bind_pass'] = $RCMAIL->decrypt($_SESSION['password']);
}
// Get the pieces needed for variable replacement.
$fu = $RCMAIL->user->get_username();
list($u, $d) = explode('@', $fu);
// Replace the bind_dn and base_dn variables.
$replaces = array('%fu' => $fu, '%u' => $u, '%d' => $d);
$this->prop['bind_dn'] = strtr($this->prop['bind_dn'], $replaces);
$this->prop['base_dn'] = strtr($this->prop['base_dn'], $replaces);
}
if (!empty($this->prop['bind_dn']) && !empty($this->prop['bind_pass']))
$this->ready = $this->bind($this->prop['bind_dn'], $this->prop['bind_pass']);
}
else
raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "Could not connect to any LDAP server, tried $host:{$this->prop[port]} last"), true);
// See if the directory is writeable.
if ($this->prop['writable']) {
$this->readonly = false;
} // end if
}
/**
* Bind connection with DN and password
*
* @param string Bind DN
* @param string Bind password
* @return boolean True on success, False on error
*/
function bind($dn, $pass)
{
if (!$this->conn) {
return false;
}
if (@ldap_bind($this->conn, $dn, $pass)) {
return true;
}
raise_error(array(
'code' => ldap_errno($this->conn),
'type' => 'ldap',
'message' => "Bind failed for dn=$dn: ".ldap_error($this->conn)),
true);
return false;
}
/**
* Close connection to LDAP server
*/
function close()
{
if ($this->conn)
{
@ldap_unbind($this->conn);
$this->conn = null;
}
}
/**
* Set internal list page
*
* @param number Page number to list
* @access public
*/
function set_page($page)
{
$this->list_page = (int)$page;
}
/**
* Set internal page size
*
* @param number Number of messages to display on one page
* @access public
*/
function set_pagesize($size)
{
$this->page_size = (int)$size;
}
/**
* Save a search string for future listings
*
* @param string Filter string
*/
function set_search_set($filter)
{
$this->filter = $filter;
}
/**
* Getter for saved search properties
*
* @return mixed Search properties used by this class
*/
function get_search_set()
{
return $this->filter;
}
/**
* Reset all saved results and search parameters
*/
function reset()
{
$this->result = null;
$this->ldap_result = null;
$this->filter = '';
}
/**
* List the current set of contact records
*
* @param array List of cols to show
* @param int Only return this number of records
* @return array Indexed list of contact records, each a hash array
*/
function list_records($cols=null, $subset=0)
{
// add general filter to query
if (!empty($this->prop['filter']) && empty($this->filter))
{
$filter = $this->prop['filter'];
$this->set_search_set($filter);
}
// exec LDAP search if no result resource is stored
if ($this->conn && !$this->ldap_result)
$this->_exec_search();
// count contacts for this user
$this->result = $this->count();
// we have a search result resource
if ($this->ldap_result && $this->result->count > 0)
{
if ($this->sort_col && $this->prop['scope'] !== "base")
@ldap_sort($this->conn, $this->ldap_result, $this->sort_col);
$start_row = $subset < 0 ? $this->result->first + $this->page_size + $subset : $this->result->first;
$last_row = $this->result->first + $this->page_size;
$last_row = $subset != 0 ? $start_row + abs($subset) : $last_row;
$entries = ldap_get_entries($this->conn, $this->ldap_result);
for ($i = $start_row; $i < min($entries['count'], $last_row); $i++)
$this->result->add($this->_ldap2result($entries[$i]));
}
return $this->result;
}
/**
* Search contacts
*
* @param array List of fields to search in
* @param string Search value
* @param boolean True if results are requested, False if count only
* @return array Indexed list of contact records and 'count' value
*/
function search($fields, $value, $strict=false, $select=true)
{
// special treatment for ID-based search
if ($fields == 'ID' || $fields == $this->primary_key)
{
$ids = explode(',', $value);
$result = new rcube_result_set();
foreach ($ids as $id)
if ($rec = $this->get_record($id, true))
{
$result->add($rec);
$result->count++;
}
return $result;
}
$filter = '(|';
$wc = !$strict && $this->prop['fuzzy_search'] ? '*' : '';
if (is_array($this->prop['search_fields']))
{
foreach ($this->prop['search_fields'] as $k => $field)
$filter .= "($field=$wc" . rcube_ldap::quote_string($value) . "$wc)";
}
else
{
foreach ((array)$fields as $field)
if ($f = $this->_map_field($field))
$filter .= "($f=$wc" . rcube_ldap::quote_string($value) . "$wc)";
}
$filter .= ')';
// avoid double-wildcard if $value is empty
$filter = preg_replace('/\*+/', '*', $filter);
// add general filter to query
if (!empty($this->prop['filter']))
$filter = '(&(' . preg_replace('/^\(|\)$/', '', $this->prop['filter']) . ')' . $filter . ')';
// set filter string and execute search
$this->set_search_set($filter);
$this->_exec_search();
if ($select)
$this->list_records();
else
$this->result = $this->count();
return $this->result;
}
/**
* Count number of available contacts in database
*
* @return object rcube_result_set Resultset with values for 'count' and 'first'
*/
function count()
{
$count = 0;
if ($this->conn && $this->ldap_result) {
$count = ldap_count_entries($this->conn, $this->ldap_result);
} // end if
elseif ($this->conn) {
// We have a connection but no result set, attempt to get one.
if (empty($this->filter)) {
// The filter is not set, set it.
$this->filter = $this->prop['filter'];
} // end if
$this->_exec_search();
if ($this->ldap_result) {
$count = ldap_count_entries($this->conn, $this->ldap_result);
} // end if
} // end else
return new rcube_result_set($count, ($this->list_page-1) * $this->page_size);
}
/**
* Return the last result set
*
* @return object rcube_result_set Current resultset or NULL if nothing selected yet
*/
function get_result()
{
return $this->result;
}
/**
* Get a specific contact record
*
* @param mixed Record identifier
* @param boolean Return as associative array
* @return mixed Hash array or rcube_result_set with all record fields
*/
function get_record($dn, $assoc=false)
{
$res = null;
if ($this->conn && $dn)
{
$this->ldap_result = @ldap_read($this->conn, base64_decode($dn), "(objectclass=*)", array_values($this->fieldmap));
$entry = @ldap_first_entry($this->conn, $this->ldap_result);
if ($entry && ($rec = ldap_get_attributes($this->conn, $entry)))
{
// Add in the dn for the entry.
$rec["dn"] = base64_decode($dn);
$res = $this->_ldap2result($rec);
$this->result = new rcube_result_set(1);
$this->result->add($res);
}
}
return $assoc ? $res : $this->result;
}
/**
* Create a new contact record
*
* @param array Hash array with save data
* @return encoded record ID on success, False on error
*/
function insert($save_cols)
{
// Map out the column names to their LDAP ones to build the new entry.
$newentry = array();
$newentry["objectClass"] = $this->prop["LDAP_Object_Classes"];
foreach ($save_cols as $col => $val) {
$fld = "";
$fld = $this->_map_field($col);
if ($fld != "") {
// The field does exist, add it to the entry.
$newentry[$fld] = $val;
} // end if
} // end foreach
// Verify that the required fields are set.
// We know that the email address is required as a default of rcube, so
// we will default its value into any unfilled required fields.
foreach ($this->prop["required_fields"] as $fld) {
if (!isset($newentry[$fld])) {
$newentry[$fld] = $newentry[$this->_map_field("email")];
} // end if
} // end foreach
// Build the new entries DN.
$dn = $this->prop["LDAP_rdn"]."=".$newentry[$this->prop["LDAP_rdn"]].",".$this->prop['base_dn'];
$res = @ldap_add($this->conn, $dn, $newentry);
if ($res === FALSE) {
return false;
} // end if
return base64_encode($dn);
}
/**
* Update a specific contact record
*
* @param mixed Record identifier
* @param array Hash array with save data
* @return boolean True on success, False on error
*/
function update($id, $save_cols)
{
$record = $this->get_record($id, true);
$result = $this->get_result();
$record = $result->first();
$newdata = array();
$replacedata = array();
$deletedata = array();
foreach ($save_cols as $col => $val) {
$fld = "";
$fld = $this->_map_field($col);
if ($fld != "") {
// The field does exist compare it to the ldap record.
if ($record[$col] != $val) {
// Changed, but find out how.
if (!isset($record[$col])) {
// Field was not set prior, need to add it.
$newdata[$fld] = $val;
} // end if
elseif ($val == "") {
// Field supplied is empty, verify that it is not required.
if (!in_array($fld, $this->prop["required_fields"])) {
// It is not, safe to clear.
$deletedata[$fld] = $record[$col];
} // end if
} // end elseif
else {
// The data was modified, save it out.
$replacedata[$fld] = $val;
} // end else
} // end if
} // end if
} // end foreach
// Update the entry as required.
$dn = base64_decode($id);
if (!empty($deletedata)) {
// Delete the fields.
$res = @ldap_mod_del($this->conn, $dn, $deletedata);
if ($res === FALSE) {
return false;
} // end if
} // end if
if (!empty($replacedata)) {
// Replace the fields.
$res = @ldap_mod_replace($this->conn, $dn, $replacedata);
if ($res === FALSE) {
return false;
} // end if
} // end if
if (!empty($newdata)) {
// Add the fields.
$res = @ldap_mod_add($this->conn, $dn, $newdata);
if ($res === FALSE) {
return false;
} // end if
} // end if
return true;
}
/**
* Mark one or more contact records as deleted
*
* @param array Record identifiers
* @return boolean True on success, False on error
*/
function delete($ids)
{
if (!is_array($ids)) {
// Not an array, break apart the encoded DNs.
$dns = explode(",", $ids);
} // end if
foreach ($dns as $id) {
$dn = base64_decode($id);
// Delete the record.
$res = @ldap_delete($this->conn, $dn);
if ($res === FALSE) {
return false;
} // end if
} // end foreach
return true;
}
/**
* Execute the LDAP search based on the stored credentials
*
* @access private
*/
function _exec_search()
{
if ($this->ready && $this->filter)
{
$function = $this->prop['scope'] == 'sub' ? 'ldap_search' : ($this->prop['scope'] == 'base' ? 'ldap_read' : 'ldap_list');
$this->ldap_result = $function($this->conn, $this->prop['base_dn'], $this->filter, array_values($this->fieldmap), 0, 0);
return true;
}
else
return false;
}
/**
* @access private
*/
function _ldap2result($rec)
{
$out = array();
if ($rec['dn'])
$out[$this->primary_key] = base64_encode($rec['dn']);
foreach ($this->fieldmap as $rf => $lf)
{
if ($rec[$lf]['count'])
$out[$rf] = $rec[$lf][0];
}
return $out;
}
/**
* @access private
*/
function _map_field($field)
{
return $this->fieldmap[$field];
}
/**
* @static
*/
function quote_string($str)
{
return strtr($str, array('*'=>'\2a', '('=>'\28', ')'=>'\29', '\\'=>'\5c'));
}
}
diff --git a/program/include/rcube_smtp.inc b/program/include/rcube_smtp.inc
index ad6a6e0af..77195e96f 100644
--- a/program/include/rcube_smtp.inc
+++ b/program/include/rcube_smtp.inc
@@ -1,349 +1,349 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/include/rcube_smtp.inc |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005-2007, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Provide SMTP functionality using socket connections |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id$
*/
/**
* SMTP delivery functions
*
* @package Mail
*/
// include required PEAR classes
require_once('Net/SMTP.php');
// define headers delimiter
define('SMTP_MIME_CRLF', "\r\n");
$SMTP_CONN = null;
/**
* Function for sending mail using SMTP.
*
* @param string Sender e-Mail address
*
* @param mixed Either a comma-seperated list of recipients
* (RFC822 compliant), or an array of recipients,
* each RFC822 valid. This may contain recipients not
* specified in the headers, for Bcc:, resending
* messages, etc.
*
* @param mixed The message headers to send with the mail
* Either as an associative array or a finally
* formatted string
*
* @param string The full text of the message body, including any Mime parts, etc.
*
* @return bool Returns TRUE on success, or FALSE on error
*/
function smtp_mail($from, $recipients, &$headers, &$body, &$response)
{
global $SMTP_CONN, $CONFIG, $RCMAIL;
$smtp_timeout = null;
$smtp_host = $CONFIG['smtp_server'];
$smtp_port = is_numeric($CONFIG['smtp_port']) ? $CONFIG['smtp_port'] : 25;
$smtp_host_url = parse_url($CONFIG['smtp_server']);
// overwrite port
if (isset($smtp_host_url['host']) && isset($smtp_host_url['port']))
{
$smtp_host = $smtp_host_url['host'];
$smtp_port = $smtp_host_url['port'];
}
// re-write smtp host
if (isset($smtp_host_url['host']) && isset($smtp_host_url['scheme']))
$smtp_host = sprintf('%s://%s', $smtp_host_url['scheme'], $smtp_host_url['host']);
// create Net_SMTP object and connect to server
if (!is_object($SMTP_CONN))
{
if (!empty($CONFIG['smtp_helo_host']))
$helo_host = $CONFIG['smtp_helo_host'];
else if (!empty($_SERVER['SERVER_NAME']))
$helo_host = preg_replace('/:\d+$/', '', $_SERVER['SERVER_NAME']);
else
$helo_host = 'localhost';
$SMTP_CONN = new Net_SMTP($smtp_host, $smtp_port, $helo_host);
// try to connect to server and exit on failure
$result = $SMTP_CONN->connect($smtp_timeout);
if (PEAR::isError($result))
{
$SMTP_CONN = null;
$response[] = "Connection failed: ".$result->getMessage();
return FALSE;
}
// attempt to authenticate to the SMTP server
if ($CONFIG['smtp_user'] && $CONFIG['smtp_pass'])
{
if (strstr($CONFIG['smtp_user'], '%u'))
$smtp_user = str_replace('%u', $_SESSION['username'], $CONFIG['smtp_user']);
else
$smtp_user = $CONFIG['smtp_user'];
if (strstr($CONFIG['smtp_pass'], '%p'))
- $smtp_pass = str_replace('%p', $RCMAIL->decrypt_passwd($_SESSION['password']), $CONFIG['smtp_pass']);
+ $smtp_pass = str_replace('%p', $RCMAIL->decrypt($_SESSION['password']), $CONFIG['smtp_pass']);
else
$smtp_pass = $CONFIG['smtp_pass'];
$smtp_auth_type = empty($CONFIG['smtp_auth_type']) ? NULL : $CONFIG['smtp_auth_type'];
$result = $SMTP_CONN->auth($smtp_user, $smtp_pass, $smtp_auth_type);
if (PEAR::isError($result))
{
smtp_reset();
$response[] .= 'Authentication failure: ' . $result->getMessage() . ' (Code: ' . $result->getCode() . ')';
return FALSE;
}
}
}
// prepare message headers as string
if (is_array($headers))
{
$headerElements = smtp_prepare_headers($headers);
if (!$headerElements)
{
smtp_reset();
return FALSE;
}
list($from, $text_headers) = $headerElements;
}
else if (is_string($headers))
$text_headers = $headers;
else
{
smtp_reset();
$response[] .= "Invalid message headers";
return FALSE;
}
// exit if no from address is given
if (!isset($from))
{
smtp_reset();
$response[] .= "No From address has been provided";
return FALSE;
}
// set From: address
if (PEAR::isError($SMTP_CONN->mailFrom($from)))
{
smtp_reset();
$response[] .= "Failed to set sender '$from'";
return FALSE;
}
// prepare list of recipients
$recipients = smtp_parse_rfc822($recipients);
if (PEAR::isError($recipients))
{
smtp_reset();
return FALSE;
}
// set mail recipients
foreach ($recipients as $recipient)
{
if (PEAR::isError($SMTP_CONN->rcptTo($recipient)))
{
smtp_reset();
$response[] .= "Failed to add recipient '$recipient'";
return FALSE;
}
}
// Concatenate headers and body so it can be passed by reference to SMTP_CONN->data
// so preg_replace in SMTP_CONN->quotedata will store a reference instead of a copy.
// We are still forced to make another copy here for a couple ticks so we don't really
// get to save a copy in the method call.
$data = $text_headers . "\r\n" . $body;
// unset old vars to save data and so we can pass into SMTP_CONN->data by reference.
unset($text_headers, $body);
// Send the message's headers and the body as SMTP data.
if (PEAR::isError($SMTP_CONN->data($data)))
{
smtp_reset();
$response[] .= "Failed to send data";
return FALSE;
}
$response[] = join(': ', $SMTP_CONN->getResponse());
return TRUE;
}
/**
* Reset the global SMTP connection
* @access public
*/
function smtp_reset()
{
global $SMTP_CONN;
if (is_object($SMTP_CONN))
{
$SMTP_CONN->rset();
smtp_disconnect();
}
}
/**
* Disconnect the global SMTP connection and destroy object
* @access public
*/
function smtp_disconnect()
{
global $SMTP_CONN;
if (is_object($SMTP_CONN))
{
$SMTP_CONN->disconnect();
$SMTP_CONN = null;
}
}
/**
* Take an array of mail headers and return a string containing
* text usable in sending a message.
*
* @param array $headers The array of headers to prepare, in an associative
* array, where the array key is the header name (ie,
* 'Subject'), and the array value is the header
* value (ie, 'test'). The header produced from those
* values would be 'Subject: test'.
*
* @return mixed Returns false if it encounters a bad address,
* otherwise returns an array containing two
* elements: Any From: address found in the headers,
* and the plain text version of the headers.
* @access private
*/
function smtp_prepare_headers($headers)
{
$lines = array();
$from = null;
foreach ($headers as $key => $value)
{
if (strcasecmp($key, 'From') === 0)
{
$addresses = smtp_parse_rfc822($value);
if (is_array($addresses))
$from = $addresses[0];
// Reject envelope From: addresses with spaces.
if (strstr($from, ' '))
return FALSE;
$lines[] = $key . ': ' . $value;
}
else if (strcasecmp($key, 'Received') === 0)
{
$received = array();
if (is_array($value))
{
foreach ($value as $line)
$received[] = $key . ': ' . $line;
}
else
{
$received[] = $key . ': ' . $value;
}
// Put Received: headers at the top. Spam detectors often
// flag messages with Received: headers after the Subject:
// as spam.
$lines = array_merge($received, $lines);
}
else
{
// If $value is an array (i.e., a list of addresses), convert
// it to a comma-delimited string of its elements (addresses).
if (is_array($value))
$value = implode(', ', $value);
$lines[] = $key . ': ' . $value;
}
}
return array($from, join(SMTP_MIME_CRLF, $lines) . SMTP_MIME_CRLF);
}
/**
* Take a set of recipients and parse them, returning an array of
* bare addresses (forward paths) that can be passed to sendmail
* or an smtp server with the rcpt to: command.
*
* @param mixed Either a comma-seperated list of recipients
* (RFC822 compliant), or an array of recipients,
* each RFC822 valid.
*
* @return array An array of forward paths (bare addresses).
* @access private
*/
function smtp_parse_rfc822($recipients)
{
// if we're passed an array, assume addresses are valid and implode them before parsing.
if (is_array($recipients))
$recipients = implode(', ', $recipients);
$addresses = array();
$recipients = rcube_explode_quoted_string(',', $recipients);
reset($recipients);
while (list($k, $recipient) = each($recipients))
{
$a = explode(" ", $recipient);
while (list($k2, $word) = each($a))
{
if ((strpos($word, "@") > 0) && (strpos($word, "\"")===false))
{
$word = preg_replace('/^<|>$/', '', trim($word));
if (in_array($word, $addresses)===false)
array_push($addresses, $word);
}
}
}
return $addresses;
}
?>
diff --git a/program/localization/en_GB/messages.inc b/program/localization/en_GB/messages.inc
index ddb6a2990..9f7d66240 100644
--- a/program/localization/en_GB/messages.inc
+++ b/program/localization/en_GB/messages.inc
@@ -1,98 +1,99 @@
<?php
/*
+-----------------------------------------------------------------------+
| language/en_GB/messages.inc |
| |
| Language file of the RoundCube Webmail client |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
+-----------------------------------------------------------------------+
| Author: Weiran Zhang (weiran@weiran.co.uk) |
+-----------------------------------------------------------------------+
@version $Id$
*/
$messages = array();
$messages['loginfailed'] = 'Login failed';
$messages['cookiesdisabled'] = 'Your browser does not accept cookies';
$messages['sessionerror'] = 'Your session is invalid or has expired';
$messages['imaperror'] = 'Connection to IMAP server failed';
$messages['nomessagesfound'] = 'No messages found in this mailbox';
$messages['loggedout'] = 'You have successfully terminated the session. Good bye!';
$messages['mailboxempty'] = 'Mailbox is empty';
$messages['loading'] = 'Loading...';
$messages['loadingdata'] = 'Loading data...';
$messages['checkingmail'] = 'Checking for new messages...';
$messages['sendingmessage'] = 'Sending message...';
$messages['messagesent'] = 'Message sent successfully';
$messages['savingmessage'] = 'Saving message...';
$messages['messagesaved'] = 'Message saved to Drafts';
$messages['successfullysaved'] = 'Successfully saved';
$messages['addedsuccessfully'] = 'Contact successfully added to address book';
$messages['contactexists'] = 'A contact with this e-mail address already exists';
$messages['blockedimages'] = 'To protect your privacy, remote images are blocked in this message.';
$messages['encryptedmessage'] = 'This is an encrypted message and can not be displayed. Sorry!';
$messages['nocontactsfound'] = 'No contacts found';
$messages['contactnotfound'] = 'The requested contact was not found';
$messages['sendingfailed'] = 'Failed to send message';
$messages['senttooquickly'] = 'Please wait $sec sec(s). before sending this message';
$messages['errorsavingsent'] = 'An error occurred while saving sent message';
$messages['errorsaving'] = 'An error occurred while saving';
$messages['errormoving'] = 'Could not move the message';
$messages['errordeleting'] = 'Could not delete the message';
$messages['deletecontactconfirm'] = 'Do you really want to delete the selected contact(s)?';
$messages['deletemessagesconfirm'] = 'Do you really want to delete the selected message(s)?';
$messages['deletefolderconfirm'] = 'Do you really want to delete this folder?';
$messages['purgefolderconfirm'] = 'Do you really want to delete all messages in this folder?';
$messages['foldercreating'] = 'Creating folder...';
$messages['folderdeleting'] = 'Deleting folder...';
$messages['folderrenaming'] = 'Renaming folder...';
$messages['foldermoving'] = 'Moving folder...';
$messages['formincomplete'] = 'The form was not completely filled out';
$messages['noemailwarning'] = 'Please enter a valid email address';
$messages['nonamewarning'] = 'Please enter a name';
$messages['nopagesizewarning'] = 'Please enter a page size';
$messages['nosenderwarning'] = 'Please enter sender e-mail address';
$messages['norecipientwarning'] = 'Please enter at least one recipient';
$messages['nosubjectwarning'] = 'The "Subject" field is empty. Would you like to enter one now?';
$messages['nobodywarning'] = 'Send this message without any text?';
$messages['notsentwarning'] = 'Your message has not been sent. Do you want to discard it?';
$messages['noldapserver'] = 'Please select an LDAP server to search';
$messages['nocontactsreturned'] = 'No contacts were found';
$messages['nosearchname'] = 'Please enter a contact name or email address';
$messages['searchsuccessful'] = '$nr messages found';
$messages['searchnomatch'] = 'Search found no matches';
$messages['searching'] = 'Searching...';
$messages['checking'] = 'Checking...';
$messages['nospellerrors'] = 'No spelling errors found';
$messages['folderdeleted'] = 'Folder successfully deleted';
$messages['deletedsuccessfully'] = 'Successfully deleted';
$messages['converting'] = 'Removing formatting...';
$messages['messageopenerror'] = 'Could not load message from server';
$messages['fileuploaderror'] = 'File upload failed';
$messages['filesizeerror'] = 'The uploaded file exceeds the maximum size of $size';
$messages['copysuccess'] = 'Successfully copied $nr addresses';
$messages['copyerror'] = 'Could not copy any addresses';
$messages['sourceisreadonly'] = 'This address source is read-only';
$messages['errorsavingcontact'] = 'Could not save the contact address';
$messages['movingmessage'] = 'Moving message...';
$messages['receiptsent'] = 'Successfully sent a read receipt';
$messages['errorsendingreceipt'] = 'Could not send the receipt';
$messages['nodeletelastidentity'] = 'You cannot delete this identity, it\'s your last one.';
$messages['addsubfolderhint'] = 'This folder will be created as subfolder of the currently selected one';
$messages['forbiddencharacter'] = 'Folder name contains a forbidden character';
$messages['selectimportfile'] = 'Please select a file to upload';
$messages['addresswriterror'] = 'The selected address book is not writeable';
$messages['importwait'] = 'Importing, please wait...';
$messages['importerror'] = 'Import failed! The uploaded file is not a valid vCard file.';
$messages['importconfirm'] = '<b>Successfully imported $inserted contacts, $skipped existing entries skipped</b>:<p><em>$names</em></p>';
$messages['opnotpermitted'] = 'Operation not permitted!';
$messages['nofromaddress'] = 'Missing e-mail address in selected identity';
$messages['editorwarning'] = 'Switching to the plain text editor will cause all text formatting to be lost. Do you wish to continue?';
+$messages['httpreceivedencrypterror'] = 'A fatal configuration error occurred. Contact your administrator immediately. <b>Your message can not be sent.</b>';
?>
diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc
index ed63c7c47..af7443eaa 100644
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@@ -1,98 +1,99 @@
<?php
/*
+-----------------------------------------------------------------------+
| language/en_US/messages.inc |
| |
| Language file of the RoundCube Webmail client |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
@version $Id$
*/
$messages = array();
$messages['loginfailed'] = 'Login failed';
$messages['cookiesdisabled'] = 'Your browser does not accept cookies';
$messages['sessionerror'] = 'Your session is invalid or expired';
$messages['imaperror'] = 'Connection to IMAP server failed';
$messages['nomessagesfound'] = 'No messages found in this mailbox';
$messages['loggedout'] = 'You have successfully terminated the session. Good bye!';
$messages['mailboxempty'] = 'Mailbox is empty';
$messages['loading'] = 'Loading...';
$messages['loadingdata'] = 'Loading data...';
$messages['checkingmail'] = 'Checking for new messages...';
$messages['sendingmessage'] = 'Sending message...';
$messages['messagesent'] = 'Message sent successfully';
$messages['savingmessage'] = 'Saving message...';
$messages['messagesaved'] = 'Message saved to Drafts';
$messages['successfullysaved'] = 'Successfully saved';
$messages['addedsuccessfully'] = 'Contact added successfully to address book';
$messages['contactexists'] = 'A contact with this e-mail address already exists';
$messages['blockedimages'] = 'To protect your privacy, remote images are blocked in this message.';
$messages['encryptedmessage'] = 'This is an encrypted message and can not be displayed. Sorry!';
$messages['nocontactsfound'] = 'No contacts found';
$messages['contactnotfound'] = 'The requested contact was not found';
$messages['sendingfailed'] = 'Failed to send message';
$messages['senttooquickly'] = 'Please wait $sec sec(s). before sending this message';
$messages['errorsavingsent'] = 'An error occured while saving sent message';
$messages['errorsaving'] = 'An error occured while saving';
$messages['errormoving'] = 'Could not move the message';
$messages['errordeleting'] = 'Could not delete the message';
$messages['deletecontactconfirm'] = 'Do you really want to delete the selected contact(s)?';
$messages['deletemessagesconfirm'] = 'Do you really want to delete the selected message(s)?';
$messages['deletefolderconfirm'] = 'Do you really want to delete this folder?';
$messages['purgefolderconfirm'] = 'Do you really want to delete all messages in this folder?';
$messages['foldercreating'] = 'Creating folder...';
$messages['folderdeleting'] = 'Deleting folder...';
$messages['folderrenaming'] = 'Renaming folder...';
$messages['foldermoving'] = 'Moving folder...';
$messages['formincomplete'] = 'The form was not completely filled out';
$messages['noemailwarning'] = 'Please enter a valid email address';
$messages['nonamewarning'] = 'Please enter a name';
$messages['nopagesizewarning'] = 'Please enter a page size';
$messages['nosenderwarning'] = 'Please enter sender e-mail address';
$messages['norecipientwarning'] = 'Please enter at least one recipient';
$messages['nosubjectwarning'] = 'The "Subject" field is empty. Would you like to enter one now?';
$messages['nobodywarning'] = 'Send this message without text?';
$messages['notsentwarning'] = 'Message has not been sent. Do you want to discard your message?';
$messages['noldapserver'] = 'Please select an ldap server to search';
$messages['nocontactsreturned'] = 'No contacts were found';
$messages['nosearchname'] = 'Please enter a contact name or email address';
$messages['searchsuccessful'] = '$nr messages found';
$messages['searchnomatch'] = 'Search returned no matches';
$messages['searching'] = 'Searching...';
$messages['checking'] = 'Checking...';
$messages['nospellerrors'] = 'No spelling errors found';
$messages['folderdeleted'] = 'Folder successfully deleted';
$messages['deletedsuccessfully'] = "Successfully deleted";
$messages['converting'] = 'Removing formatting...';
$messages['messageopenerror'] = 'Could not load message from server';
$messages['fileuploaderror'] = 'File upload failed';
$messages['filesizeerror'] = 'The uploaded file exceeds the maximum size of $size';
$messages['copysuccess'] = 'Successfully copied $nr addresses';
$messages['copyerror'] = 'Could not copy any addresses';
$messages['sourceisreadonly'] = 'This address source is read only';
$messages['errorsavingcontact'] = 'Could not save the contact address';
$messages['movingmessage'] = 'Moving message...';
$messages['receiptsent'] = 'Successfully sent a read receipt';
$messages['errorsendingreceipt'] = 'Could not send the receipt';
$messages['nodeletelastidentity'] = 'You cannot delete this identity, it\'s your last one.';
$messages['addsubfolderhint'] = 'This folder will be created as subfolder of the currently selected one';
$messages['forbiddencharacter'] = 'Folder name contains a forbidden character';
$messages['selectimportfile'] = 'Please select a file to upload';
$messages['addresswriterror'] = 'The selected address book is not writeable';
$messages['importwait'] = 'Importing, please wait...';
$messages['importerror'] = 'Import failed! The uploaded file is not a valid vCard file.';
$messages['importconfirm'] = '<b>Successfully imported $inserted contacts, $skipped existing entries skipped</b>:<p><em>$names</em></p>';
$messages['opnotpermitted'] = 'Operation not permitted!';
$messages['nofromaddress'] = 'Missing e-mail address in selected identity';
$messages['editorwarning'] = 'Switching to the plain text editor will cause all text formatting to be lost. Do you wish to continue?';
+$messages['httpreceivedencrypterror'] = 'A fatal configuration error occurred. Contact your administrator immediately. <b>Your message can not be sent.</b>';
?>
diff --git a/program/localization/hu_HU/messages.inc b/program/localization/hu_HU/messages.inc
index 5acea06a1..092001cb0 100644
--- a/program/localization/hu_HU/messages.inc
+++ b/program/localization/hu_HU/messages.inc
@@ -1,99 +1,100 @@
<?php
/*
+-----------------------------------------------------------------------+
| language/hu_HU/messages.inc |
| |
| Language file of the RoundCube Webmail client |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
+-----------------------------------------------------------------------+
| Author: Levente Farkas <lfarkas at lfarkas dot org> |
| Ervin Hegedüs <airween@damson.hu> |
+-----------------------------------------------------------------------+
@version $Id$
*/
$messages = array();
$messages['loginfailed'] = 'Sikertelen belépés';
$messages['cookiesdisabled'] = 'A böngésző nem támogatja a sütik használatát';
$messages['sessionerror'] = 'Érvénytelen vagy lejárt munkamenet';
$messages['imaperror'] = 'Nem sikerült a kapcsolódás az IMAP szerverhez';
$messages['nomessagesfound'] = 'A fiók nem tartalmaz leveleket';
$messages['loggedout'] = 'Sikeres kijelentkezés. Viszont látásra!';
$messages['mailboxempty'] = 'A fiók üres';
$messages['loading'] = 'Betöltés...';
$messages['loadingdata'] = 'Az adatok betöltése...';
$messages['checkingmail'] = 'Új üzenetek keresése...';
$messages['sendingmessage'] = 'Az üzenet küldése...';
$messages['messagesent'] = 'Az üzenet elküldve';
$messages['savingmessage'] = 'Az üzenet mentése...';
$messages['messagesaved'] = 'Az üzenet elmentve a Piszkozatokhoz';
$messages['successfullysaved'] = 'A mentés sikerült';
$messages['addedsuccessfully'] = 'A cím hozzáadása a címjegyzékhez megtörtént';
$messages['contactexists'] = 'A kapcsolat már létezik ezzel az e-mail címmel';
$messages['blockedimages'] = 'Biztonsági okokból a távoli képek letöltése tiltott.';
$messages['encryptedmessage'] = 'Az üzenet titkosított, emiatt nem tudom megjeleníteni.';
$messages['nocontactsfound'] = 'Nincs kapcsolat';
$messages['contactnotfound'] = 'A kiválasztott kapcsolat nem található';
$messages['sendingfailed'] = 'Az üzenet elküldése nem sikerült';
$messages['senttooquickly'] = 'Kérem várjon még $sec másodpercet az üzenet elküldése előtt';
$messages['errorsavingsent'] = 'Hiba történt az elküldött üzenet mentése közben';
$messages['errorsaving'] = 'A mentés során hiba lépett fel';
$messages['errormoving'] = 'Az üzenetet nem sikerült áthelyezni';
$messages['errordeleting'] = 'Az üzenetet nem sikerült törölni';
$messages['deletecontactconfirm'] = 'Biztos, hogy törölni szeretnéd a kijelölt címe(ke)t?';
$messages['deletemessagesconfirm'] = 'Biztos, hogy törölni szeretnéd a kijelölt üzenete(ke)t?';
$messages['deletefolderconfirm'] = 'Biztos, hogy törölni szeretnéd ezt a mappát?';
$messages['purgefolderconfirm'] = 'Biztos vagy benne, hogy az összes üzenet törölhető?';
$messages['foldercreating'] = 'Mappa létrehozása...';
$messages['folderdeleting'] = 'Mappa törlése...';
$messages['folderrenaming'] = 'Mappa átnevezése...';
$messages['foldermoving'] = 'Mappa mozgatása...';
$messages['formincomplete'] = 'Az űrlap hiányosan lett kitöltve';
$messages['noemailwarning'] = 'Adj meg egy valós e-mail címet';
$messages['nonamewarning'] = 'Adj meg egy nevet';
$messages['nopagesizewarning'] = 'Add meg a papír méretét';
$messages['nosenderwarning'] = 'Kérem adja meg a feladó email címét';
$messages['norecipientwarning'] = 'Legalább egy címzettet adj meg';
$messages['nosubjectwarning'] = 'A \"Tárgy\" mező üres. Szeretnéd most kitölteni?';
$messages['nobodywarning'] = 'Elküldöd az üzenetet tárgy nélkül?';
$messages['notsentwarning'] = 'Az üzenet még nem küldtem el. Eldobod az üzenetet?';
$messages['noldapserver'] = 'Adj meg egy LDAP szervert a kereséshez';
$messages['nocontactsreturned'] = 'Nem találtam kapcsolatot';
$messages['nosearchname'] = 'Add meg a kapcsolat nevét vagy e-mail címét';
$messages['searchsuccessful'] = '$nr üzenetet találtam';
$messages['searchnomatch'] = 'Nincs találat';
$messages['searching'] = 'Keresés...';
$messages['checking'] = 'Ellenőrzés...';
$messages['nospellerrors'] = 'Nem találtam helyesírási hibát';
$messages['folderdeleted'] = 'A mappa sikeresen törölve';
$messages['deletedsuccessfully'] = 'Törölve';
$messages['converting'] = 'Formázás eltávolítása az üzenetből...';
$messages['messageopenerror'] = 'Nem tudom letölteni a leveleket a szerverről';
$messages['fileuploaderror'] = 'Feltöltés sikertelen';
$messages['filesizeerror'] = 'A feltöltött file mérete meghaladja a maximális méretet $size';
$messages['copysuccess'] = 'Sikeresen másoltunk $nr címet';
$messages['copyerror'] = 'Nem tudtunk másolni egyetlen címet sem';
$messages['sourceisreadonly'] = 'Ez a címforrás csak olvasható';
$messages['errorsavingcontact'] = 'Nem tudtuk menteni a kapcsolat címét';
$messages['movingmessage'] = 'Üzenet mozgatása...';
$messages['receiptsent'] = 'Az Olvasási Értesítést elküldtük';
$messages['errorsendingreceipt'] = 'Az Olvasási Értesítést nem sikerült elküldeni';
$messages['nodeletelastidentity'] = 'Nem törölheti ezt a profilt, ez az egyetlen';
$messages['addsubfolderhint'] = 'Az új könyvtárat az aktuálisan kiválasztott alkönyvtáraként fogjuk létrehozni';
$messages['forbiddencharacter'] = 'A mappa neve tiltott karaktert tartalmaz';
$messages['selectimportfile'] = 'Kérjük válassza ki a feltölteni kívánt fájlt';
$messages['addresswriterror'] = 'A kiválasztott címjegyzék nem írható';
$messages['importwait'] = 'Importálás folyamatban, kérem várjon...';
$messages['importerror'] = 'Az importálás sikertelen! A feltöltött állomány nem egy érvényes vCard fájl.';
$messages['importconfirm'] = '<b>Sikeresen importálásra került $inserted kapcsolat, kihagyva $skipped már létező bejegyzés</b>:<p><em>$names</em></p>';
$messages['opnotpermitted'] = 'A művelet nem megengedett!';
$messages['nofromaddress'] = 'Hiányzó email cím a kiválasztott feladónál';
$messages['editorwarning'] = 'Az egyszerű szöveges formátumra való váltás az összes formázás elvesztésével jár. Biztosan folytatja?';
+$messages['httpreceivedencrypterror'] = 'Végzetes konfigurációs hiba történt, azonnal lépjen kapcsolatba az üzemeltetővel. <b>Az üzenet nem küldhető el.</b>';
?>
diff --git a/program/localization/pl_PL/messages.inc b/program/localization/pl_PL/messages.inc
index 897c16b01..ac76383ac 100644
--- a/program/localization/pl_PL/messages.inc
+++ b/program/localization/pl_PL/messages.inc
@@ -1,103 +1,104 @@
<?php
/*
+-----------------------------------------------------------------------+
| language/pl_PL/messages.inc |
| |
| Language file of the RoundCube Webmail client |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
+-----------------------------------------------------------------------+
| Author: Tomasz Pajor <t.pajor@kei.pl> |
| Author: Sławomir Cichoń <slawek.cichon@gmail.com> |
| Janusz Zamecki <janusz@zamecki.eu> |
| Mariusz Szulerecki <nob@force.eu.org> |
| Wojciech Szczepucha <donkoyote@gmail.com> |
| Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
@version $Id: messages.inc 1245 2008-04-03 13:17:34Z alec $
*/
$messages = array();
$messages['loginfailed'] = 'Błąd logowania!';
$messages['cookiesdisabled'] = 'Twoja przeglądarka nie obsługuje ciasteczek!';
$messages['sessionerror'] = 'Błąd sesji bądź sesja wygasła!';
$messages['imaperror'] = 'Błąd połączenia z serwerem!';
$messages['nomessagesfound'] = 'Brak wiadomości w skrzynce.';
$messages['loggedout'] = 'Użytkownik wylogował się poprawnie.';
$messages['mailboxempty'] = 'Skrzynka jest pusta!';
$messages['loading'] = 'Ładowanie...';
$messages['loadingdata'] = 'Ładowanie danych...';
$messages['checkingmail'] = 'Sprawdzanie nowych wiadomości...';
$messages['sendingmessage'] = 'Wysyłanie wiadomości...';
$messages['messagesent'] = 'Wiadomość została wysłana.';
$messages['savingmessage'] = 'Zapisywanie wiadomości...';
$messages['messagesaved'] = 'Wiadomość została zapisana w folderze Kopie robocze.';
$messages['successfullysaved'] = 'Zapisano.';
$messages['addedsuccessfully'] = 'Kontakt został dodany.';
$messages['contactexists'] = 'Kontakt o podanym adresie e-mail już istnieje!';
$messages['blockedimages'] = 'Ze względów bezpieczeństwa zewnętrzne obrazki zostały zablokowane.';
$messages['encryptedmessage'] = 'Przepraszamy, nie można wyświetlić zaszyfrowanej wiadomości!';
$messages['nocontactsfound'] = 'Nie znaleziono kontaktu!';
$messages['contactnotfound'] = 'Szukany kontakt nie został odnaleziony';
$messages['sendingfailed'] = 'Nie udało się wysłać wiadomości!';
$messages['senttooquickly'] = 'Musisz poczekać $sec sek. aby móc wysłać tą wiadomość!';
$messages['errorsavingsent'] = 'Wystąpił błąd podczas zapisu wysłanej wiadomości!';
$messages['errorsaving'] = 'Wystąpił błąd podczas zapisu!';
$messages['errormoving'] = 'Nie można przenieść wybranej wiadomości!';
$messages['errordeleting'] = 'Nie można usunąć wiadomości!';
$messages['deletecontactconfirm'] = 'Czy na pewno chcesz usunąć wybrane kontakty?';
$messages['deletemessagesconfirm'] = 'Czy na pewno chcesz usunąć wybrane wiadomości?';
$messages['deletefolderconfirm'] = 'Czy na pewno chcesz usunąć wybrany folder?';
$messages['purgefolderconfirm'] = 'Czy na pewno chcesz usunąć wszystkie wiadomości w tym folderze?';
$messages['foldercreating'] = 'Dodawanie folderu...';
$messages['folderdeleting'] = 'Usuwanie folderu...';
$messages['folderrenaming'] = 'Zmiana nazwy folderu...';
$messages['foldermoving'] = 'Przenoszenie folderu...';
$messages['formincomplete'] = 'Uzupełnij formularz!';
$messages['noemailwarning'] = 'Podaj poprawny adres e-mail!';
$messages['nonamewarning'] = 'Podaj nazwę!';
$messages['nopagesizewarning'] = 'Podaj poprawną wartość!';
$messages['nosenderwarning'] = 'Podaj adres nadawcy!';
$messages['norecipientwarning'] = 'Podaj co najmniej jednego odbiorcę!';
$messages['nosubjectwarning'] = 'Nie podano tematu wiadomości. Czy chcesz go teraz uzupełnić?';
$messages['nobodywarning'] = 'Ta wiadomość jest pusta, czy mimo to chcesz ją wysłać?';
$messages['notsentwarning'] = 'Wiadomość nie została wysłana. Czy chcesz usunąć tę wiadomość?';
$messages['noldapserver'] = 'Wybierz serwer LDAP!';
$messages['nocontactsreturned'] = 'Nie znaleziono kontaktów!';
$messages['nosearchname'] = 'Podaj nazwę kontaktu lub jego adres e-mail.';
$messages['searchsuccessful'] = 'Liczba znalezionych wiadomości: $nr';
$messages['searchnomatch'] = 'Nic nie znaleziono.';
$messages['searching'] = 'Wyszukiwanie...';
$messages['checking'] = 'Sprawdzanie...';
$messages['nospellerrors'] = 'Nie znaleziono błędów w pisowni.';
$messages['folderdeleted'] = 'Folder został pomyślnie usunięty.';
$messages['deletedsuccessfully'] = 'Usunięto';
$messages['converting'] = 'Konwertowanie tekstu...';
$messages['messageopenerror'] = 'Nie można załadować wiadomości z serwera';
$messages['fileuploaderror'] = 'Załączanie pliku nie powiodło się';
$messages['filesizeerror'] = 'Plik przekracza maksymalną wielkość $size';
$messages['copysuccess'] = 'Pomyślnie skopiowano następującą liczbę adresów: $nr';
$messages['copyerror'] = 'Nie można skopiować żadnego adresu';
$messages['sourceisreadonly'] = 'Źródło adresu jest tylko do odczytu';
$messages['errorsavingcontact'] = 'Nie można było zapisać adresu kontaktu';
$messages['movingmessage'] = 'Przenoszenie wiadomości...';
$messages['receiptsent'] = 'Pomyślnie wysłano potwierdzenie dostarczenia';
$messages['errorsendingreceipt'] = 'Nie można wysłać potwierdzenia';
$messages['nodeletelastidentity'] = 'Nie można skasować tej tożsamości, ponieważ jest ostatnią.';
$messages['addsubfolderhint'] = 'Ten folder zostanie utworzony jako podfolder aktualnie wybranego.';
$messages['forbiddencharacter'] = 'Nazwa folderu zawiera niedozwolony znak';
$messages['selectimportfile'] = 'Proszę wybrać plik do wysłania';
$messages['addresswriterror'] = 'Wybrana książka adresowa jest tylko-do-odczytu';
$messages['importwait'] = 'Importowanie, proszę czekać...';
$messages['importerror'] = 'Błąd! Pobrany plik nie jest poprawnym plikiem vCard.';
$messages['importconfirm'] = '<b>Pomyślnie dodano $inserted kontaktów, pominięto $skipped istniejących wpisów</b>:<p><em>$names</em></p>';
$messages['opnotpermitted'] = 'Niedozwolona operacja!';
$messages['nofromaddress'] = 'Brak adresu e-mail w wybranej tożsamości';
$messages['editorwarning'] = 'Zmiana edytora spowoduje utratę formatowania tekstu. Czy jesteś pewien, że chcesz to zrobić?';
+$messages['httpreceivedencrypterror'] = 'Wystąpił błąd systemu. Skontaktuj się z administratorem. <b>Nie można wysłać wiadomości.</b>';
?>
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index 4ebf4893c..f1745acfe 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -1,524 +1,545 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/steps/mail/sendmail.inc |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Compose a new mail message with all headers and attachments |
| and send it using the PEAR::Net_SMTP class or with PHP mail() |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id$
*/
// remove all scripts and act as called in frame
$OUTPUT->reset();
$OUTPUT->framed = TRUE;
$savedraft = !empty($_POST['_draft']) ? TRUE : FALSE;
/****** checks ********/
if (!isset($_SESSION['compose']['id'])) {
raise_error(array('code' => 500, 'type' => 'smtp', 'file' => __FILE__, 'message' => "Invalid compose ID"), true, false);
console("Sendmail error", $_SESSION['compose']);
$OUTPUT->show_message("An internal error occured. Please try again.", 'error');
$OUTPUT->send('iframe');
}
if (!$savedraft) {
if (empty($_POST['_to']) && empty($_POST['_cc']) && empty($_POST['_bcc'])
&& empty($_POST['_subject']) && $_POST['_message']) {
$OUTPUT->show_message('sendingfailed', 'error');
$OUTPUT->send('iframe');
}
if(!empty($CONFIG['sendmail_delay'])) {
$wait_sec = time() - intval($CONFIG['sendmail_delay']) - intval($CONFIG['last_message_time']);
if($wait_sec < 0) {
$OUTPUT->show_message('senttooquickly', 'error', array('sec' => $wait_sec * -1));
$OUTPUT->send('iframe');
}
}
}
/****** message sending functions ********/
+// encrypt parts of the header
+function rcmail_encrypt_header($what)
+{
+ global $CONFIG, $RCMAIL;
+ if (!$CONFIG['http_received_header_encrypt'])
+ {
+ return $what;
+ }
+ return $RCMAIL->encrypt($what);
+}
+
// get identity record
function rcmail_get_identity($id)
{
global $USER, $OUTPUT;
if ($sql_arr = $USER->get_identity($id))
{
$out = $sql_arr;
$out['mailto'] = $sql_arr['email'];
// Special chars as defined by RFC 822 need to in quoted string (or escaped).
if (preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $sql_arr['name']))
$name = '"' . addcslashes($sql_arr['name'], '"') . '"';
else
$name = $sql_arr['name'];
$out['string'] = rcube_charset_convert($name, RCMAIL_CHARSET, $OUTPUT->get_charset());
if ($sql_arr['email'])
$out['string'] .= ' <' . $sql_arr['email'] . '>';
return $out;
}
return FALSE;
}
/**
* go from this:
* <img src=".../tiny_mce/plugins/emotions/images/smiley-cool.gif" border="0" alt="Cool" title="Cool" />
*
* to this:
*
* <IMG src="cid:smiley-cool.gif"/>
* ...
* ------part...
* Content-Type: image/gif
* Content-Transfer-Encoding: base64
* Content-ID: <smiley-cool.gif>
*/
function rcmail_attach_emoticons(&$mime_message)
{
global $CONFIG;
$body = $mime_message->getHtmlBody();
// remove any null-byte characters before parsing
$body = preg_replace('/\x00/', '', $body);
$searchstr = 'program/js/tiny_mce/plugins/emotions/img/';
$offset = 0;
// keep track of added images, so they're only added once
$included_images = array();
if (preg_match_all('# src=[\'"]([^\'"]+)#', $body, $matches, PREG_OFFSET_CAPTURE)) {
foreach ($matches[1] as $m) {
// find emoticon image tags
if (preg_match('#'.$searchstr.'(.*)$#', $m[0], $imatches)) {
$image_name = $imatches[1];
// sanitize image name so resulting attachment doesn't leave images dir
$image_name = preg_replace('/[^a-zA-Z0-9_\.\-]/i', '', $image_name);
$img_file = INSTALL_PATH . '/' . $searchstr . $image_name;
if (! in_array($image_name, $included_images)) {
// add the image to the MIME message
if(! $mime_message->addHTMLImage($img_file, 'image/gif', '', true, $image_name))
$OUTPUT->show_message("emoticonerror", 'error');
array_push($included_images, $image_name);
}
$body = substr_replace($body, $img_file, $m[1] + $offset, strlen($m[0]));
$offset += strlen($img_file) - strlen($m[0]);
}
}
}
$mime_message->setHTMLBody($body);
return $body;
}
// parse email address input
function rcmail_mailto_format($mailto)
{
$regexp = array('/[,;]\s*[\r\n]+/', '/[\r\n]+/', '/[,;]\s*$/m', '/;/', '/(\S{1})(<\S+@\S+>)/U');
$replace = array(', ', ', ', '', ',', '\\1 \\2');
// replace new lines and strip ending ', ', make address input more valid
$mailto = trim(preg_replace($regexp, $replace, $mailto));
$result = array();
$items = rcube_explode_quoted_string(',', $mailto);
foreach($items as $item) {
$item = trim($item);
// address in brackets without name (do nothing)
if (preg_match('/^<\S+@\S+>$/', $item)) {
$result[] = $item;
// address without brackets and without name (add brackets)
} else if (preg_match('/^\S+@\S+$/', $item)) {
$result[] = '<'.$item.'>';
// address with name (handle name)
} else if (preg_match('/\S+@\S+>*$/', $item, $matches)) {
$address = $matches[0];
$name = str_replace($address, '', $item);
$name = trim($name);
if ($name && ($name[0] != '"' || $name[strlen($name)-1] != '"')
&& preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name)) {
$name = '"'.addcslashes($name, '"').'"';
}
if (!preg_match('/^<\S+@\S+>$/', $address))
$address = '<'.$address.'>';
$result[] = $name.' '.$address;
} else if (trim($item)) {
// @TODO: handle errors
}
}
return implode(', ', $result);
}
/****** compose message ********/
if (strlen($_POST['_draft_saveid']) > 3)
$olddraftmessageid = get_input_value('_draft_saveid', RCUBE_INPUT_POST);
$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host']));
// set default charset
$input_charset = $OUTPUT->get_charset();
$message_charset = isset($_POST['_charset']) ? $_POST['_charset'] : $input_charset;
$mailto = rcmail_mailto_format(get_input_value('_to', RCUBE_INPUT_POST, TRUE, $message_charset));
$mailcc = rcmail_mailto_format(get_input_value('_cc', RCUBE_INPUT_POST, TRUE, $message_charset));
$mailbcc = rcmail_mailto_format(get_input_value('_bcc', RCUBE_INPUT_POST, TRUE, $message_charset));
if (empty($mailto) && !empty($mailcc)) {
$mailto = $mailcc;
$mailcc = null;
}
else if (empty($mailto))
$mailto = 'undisclosed-recipients:;';
// get sender name and address
$from = get_input_value('_from', RCUBE_INPUT_POST);
$identity_arr = rcmail_get_identity($from);
if ($identity_arr)
$from = $identity_arr['mailto'];
if (empty($identity_arr['string']))
$identity_arr['string'] = $from;
// compose headers array
-$headers = array('Date' => date('r'),
- 'From' => rcube_charset_convert($identity_arr['string'], RCMAIL_CHARSET, $message_charset),
- 'To' => $mailto);
+$headers = array();
+
+// if configured, the Received headers goes to top, for good measure
+if ($CONFIG['http_received_header'])
+{
+ $nldlm = $RCMAIL->config->header_delimiter() . "\t";
+ $http_header = 'from ';
+ if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $http_header .= rcmail_encrypt_header(gethostbyaddr($_SERVER['HTTP_X_FORWARDED_FOR'])) .
+ ' [' . rcmail_encrypt_header($_SERVER['HTTP_X_FORWARDED_FOR']) . ']';
+ $http_header .= $nldlm . ' via ';
+ }
+ $http_header .= rcmail_encrypt_header(gethostbyaddr($_SERVER['REMOTE_ADDR'])) .
+ ' [' . rcmail_encrypt_header($_SERVER['REMOTE_ADDR']) .']';
+ $http_header .= $nldlm . 'with ' . $_SERVER['SERVER_PROTOCOL'] .
+ ' ('.$_SERVER['REQUEST_METHOD'] . '); ' . date('r');
+ $http_header = wordwrap($http_header, 69, $nldlm);
+ $headers['Received'] = $http_header;
+}
+
+$headers['Date'] = date('r');
+$headers['From'] = rcube_charset_convert($identity_arr['string'], RCMAIL_CHARSET, $message_charset);
+$headers['To'] = $mailto;
// additional recipients
if (!empty($mailcc))
$headers['Cc'] = $mailcc;
if (!empty($mailbcc))
$headers['Bcc'] = $mailbcc;
if (!empty($identity_arr['bcc']))
$headers['Bcc'] = ($headers['Bcc'] ? $headers['Bcc'].', ' : '') . $identity_arr['bcc'];
// add subject
$headers['Subject'] = trim(get_input_value('_subject', RCUBE_INPUT_POST, TRUE, $message_charset));
if (!empty($identity_arr['organization']))
$headers['Organization'] = $identity_arr['organization'];
if (!empty($_POST['_replyto']))
$headers['Reply-To'] = rcmail_mailto_format(get_input_value('_replyto', RCUBE_INPUT_POST, TRUE, $message_charset));
else if (!empty($identity_arr['reply-to']))
$headers['Reply-To'] = $identity_arr['reply-to'];
if (!empty($_SESSION['compose']['reply_msgid']))
$headers['In-Reply-To'] = $_SESSION['compose']['reply_msgid'];
if (!empty($_SESSION['compose']['references']))
$headers['References'] = $_SESSION['compose']['references'];
if (!empty($_POST['_priority']))
{
$priority = intval($_POST['_priority']);
$a_priorities = array(1=>'highest', 2=>'high', 4=>'low', 5=>'lowest');
if ($str_priority = $a_priorities[$priority])
$headers['X-Priority'] = sprintf("%d (%s)", $priority, ucfirst($str_priority));
}
if (!empty($_POST['_receipt']))
{
$headers['Return-Receipt-To'] = $identity_arr['string'];
$headers['Disposition-Notification-To'] = $identity_arr['string'];
}
// additional headers
-if ($CONFIG['http_received_header'])
-{
- $nldlm = $RCMAIL->config->header_delimiter() . "\t";
- $headers['Received'] = wordwrap('from ' . (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
- gethostbyaddr($_SERVER['HTTP_X_FORWARDED_FOR']).' ['.$_SERVER['HTTP_X_FORWARDED_FOR'].']'.$nldlm.' via ' : '') .
- gethostbyaddr($_SERVER['REMOTE_ADDR']).' ['.$_SERVER['REMOTE_ADDR'].']'.$nldlm.'with ' .
- $_SERVER['SERVER_PROTOCOL'].' ('.$_SERVER['REQUEST_METHOD'].'); ' . date('r'),
- 69, $nldlm);
-}
-
$headers['Message-ID'] = $message_id;
$headers['X-Sender'] = $from;
if (!empty($CONFIG['useragent']))
$headers['User-Agent'] = $CONFIG['useragent'];
$isHtmlVal = strtolower(get_input_value('_is_html', RCUBE_INPUT_POST));
$isHtml = ($isHtmlVal == "1");
// fetch message body
$message_body = get_input_value('_message', RCUBE_INPUT_POST, TRUE, $message_charset);
if (!$savedraft) {
// remove signature's div ID
if ($isHtml)
$message_body = preg_replace('/\s*id="_rc_sig"/', '', $message_body);
// generic footer for all messages
if (!empty($CONFIG['generic_message_footer'])) {
$footer = file_get_contents(realpath($CONFIG['generic_message_footer']));
$footer = rcube_charset_convert($footer, 'UTF-8', $message_charset);
}
}
// create extended PEAR::Mail_mime instance
$MAIL_MIME = new rcube_mail_mime($RCMAIL->config->header_delimiter());
// For HTML-formatted messages, construct the MIME message with both
// the HTML part and the plain-text part
if ($isHtml) {
$plugin = $RCMAIL->plugins->exec_hook('outgoing_message_body', array('body' => $message_body, 'type' => 'html', 'message' => $MAIL_MIME));
$MAIL_MIME->setHTMLBody($plugin['body'] . ($footer ? "\r\n<pre>".$footer.'</pre>' : ''));
// add a plain text version of the e-mail as an alternative part.
$h2t = new html2text($plugin['body'], false, true, 0);
$plainTextPart = rc_wordwrap($h2t->get_text(), 75, "\r\n") . ($footer ? "\r\n".$footer : '');
$plainTextPart = wordwrap($plainTextPart, 998, "\r\n", true);
if (!strlen($plainTextPart)) {
// empty message body breaks attachment handling in drafts
$plainTextPart = "\r\n";
}
$plugin = $RCMAIL->plugins->exec_hook('outgoing_message_body', array('body' => $plainTextPart, 'type' => 'alternative', 'message' => $MAIL_MIME));
$MAIL_MIME->setTXTBody($plugin['body']);
// look for "emoticon" images from TinyMCE and copy into message as attachments
$message_body = rcmail_attach_emoticons($MAIL_MIME);
}
else
{
$message_body = rc_wordwrap($message_body, 75, "\r\n");
if ($footer)
$message_body .= "\r\n" . $footer;
$message_body = wordwrap($message_body, 998, "\r\n", true);
if (!strlen($message_body)) {
// empty message body breaks attachment handling in drafts
$message_body = "\r\n";
}
$plugin = $RCMAIL->plugins->exec_hook('outgoing_message_body', array('body' => $message_body, 'type' => 'plain', 'message' => $MAIL_MIME));
$MAIL_MIME->setTXTBody($plugin['body'], false, true);
}
// chose transfer encoding
$charset_7bit = array('ASCII', 'ISO-2022-JP', 'ISO-8859-1', 'ISO-8859-2', 'ISO-8859-15');
$transfer_encoding = in_array(strtoupper($message_charset), $charset_7bit) ? '7bit' : '8bit';
// add stored attachments, if any
if (is_array($_SESSION['compose']['attachments'])) {
foreach ($_SESSION['compose']['attachments'] as $id => $attachment) {
// This hook retrieves the attachment contents from the file storage backend
$attachment = $RCMAIL->plugins->exec_hook('get_attachment', $attachment);
$dispurl = '/\ssrc\s*=\s*[\'"]*\S+display-attachment\S+file=rcmfile' . preg_quote($attachment['id']) . '[\s\'"]\s*/';
$message_body = $MAIL_MIME->getHTMLBody();
if ($isHtml && (preg_match($dispurl, $message_body) > 0)) {
$message_body = preg_replace($dispurl, ' src="'.$attachment['name'].'" ', $message_body);
$MAIL_MIME->setHTMLBody($message_body);
if ($attachment['data'])
$MAIL_MIME->addHTMLImage($attachment['data'], $attachment['mimetype'], $attachment['name'], false);
else
$MAIL_MIME->addHTMLImage($attachment['path'], $attachment['mimetype'], $attachment['name'], true);
}
else {
$ctype = str_replace('image/pjpeg', 'image/jpeg', $attachment['mimetype']); // #1484914
$file = $attachment['data'] ? $attachment['data'] : $attachment['path'];
// .eml attachments send inline
$MAIL_MIME->addAttachment($file,
$ctype,
$attachment['name'],
($attachment['data'] ? false : true),
($ctype == 'message/rfc822' ? $transfer_encoding : 'base64'),
($ctype == 'message/rfc822' ? 'inline' : 'attachment'),
$message_charset, '', '',
$CONFIG['mime_param_folding'] ? 'quoted-printable' : NULL,
$CONFIG['mime_param_folding'] == 2 ? 'quoted-printable' : NULL
);
}
}
}
// add submitted attachments
if (is_array($_FILES['_attachments']['tmp_name'])) {
foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {
$ctype = $files['type'][$i];
$ctype = str_replace('image/pjpeg', 'image/jpeg', $ctype); // #1484914
$MAIL_MIME->addAttachment($filepath, $ctype, $files['name'][$i], true,
$ctype == 'message/rfc822' ? $transfer_encoding : 'base64',
'attachment', $message_charset, '', '',
$CONFIG['mime_param_folding'] ? 'quoted-printable' : NULL,
$CONFIG['mime_param_folding'] == 2 ? 'quoted-printable' : NULL
);
}
}
// encoding settings for mail composing
$MAIL_MIME->setParam(array(
'text_encoding' => $transfer_encoding,
'html_encoding' => 'quoted-printable',
'head_encoding' => 'quoted-printable',
'head_charset' => $message_charset,
'html_charset' => $message_charset,
'text_charset' => $message_charset,
));
$data = $RCMAIL->plugins->exec_hook('outgoing_message_headers', array('headers' => $headers));
$headers = $data['headers'];
// encoding subject header with mb_encode provides better results with asian characters
if (function_exists("mb_encode_mimeheader"))
{
mb_internal_encoding($message_charset);
$headers['Subject'] = mb_encode_mimeheader($headers['Subject'], $message_charset, 'Q');
mb_internal_encoding(RCMAIL_CHARSET);
}
// pass headers to message object
$MAIL_MIME->headers($headers);
// Begin SMTP Delivery Block
if (!$savedraft)
{
// check for 'From' address (identity may be incomplete)
if ($identity_arr && !$identity_arr['mailto']) {
$OUTPUT->show_message('nofromaddress', 'error');
$OUTPUT->send('iframe');
}
$sent = rcmail_deliver_message($MAIL_MIME, $from, $mailto);
// return to compose page if sending failed
if (!$sent)
{
$OUTPUT->show_message("sendingfailed", 'error');
$OUTPUT->send('iframe');
}
// save message sent time
if (!empty($CONFIG['sendmail_delay']))
$RCMAIL->user->save_prefs(array('last_message_time' => time()));
// set replied/forwarded flag
if ($_SESSION['compose']['reply_uid'])
$IMAP->set_flag($_SESSION['compose']['reply_uid'], 'ANSWERED', $_SESSION['compose']['mailbox']);
else if ($_SESSION['compose']['forward_uid'])
$IMAP->set_flag($_SESSION['compose']['forward_uid'], 'FORWARDED', $_SESSION['compose']['mailbox']);
} // End of SMTP Delivery Block
// Determine which folder to save message
if ($savedraft)
$store_target = $CONFIG['drafts_mbox'];
else
$store_target = isset($_POST['_store_target']) ? get_input_value('_store_target', RCUBE_INPUT_POST) : $CONFIG['sent_mbox'];
if ($store_target)
{
// check if mailbox exists
if (!in_array_nocase($store_target, $IMAP->list_mailboxes()))
{
// folder may be existing but not subscribed (#1485241)
if (!in_array_nocase($store_target, $IMAP->list_unsubscribed()))
$store_folder = $IMAP->create_mailbox($store_target, TRUE);
else if ($IMAP->subscribe($store_target))
$store_folder = TRUE;
}
else
$store_folder = TRUE;
// append message to sent box
if ($store_folder)
$saved = $IMAP->save_message($store_target, $MAIL_MIME->getMessage());
// raise error if saving failed
if (!$saved)
{
raise_error(array('code' => 800, 'type' => 'imap', 'file' => __FILE__,
'message' => "Could not save message in $store_target"), TRUE, FALSE);
if ($savedraft) {
$OUTPUT->show_message('errorsaving', 'error');
$OUTPUT->send('iframe');
}
}
if ($olddraftmessageid)
{
// delete previous saved draft
$a_deleteid = $IMAP->search($CONFIG['drafts_mbox'], 'HEADER Message-ID '.$olddraftmessageid);
$deleted = $IMAP->delete_message($IMAP->get_uid($a_deleteid[0], $CONFIG['drafts_mbox']), $CONFIG['drafts_mbox']);
// raise error if deletion of old draft failed
if (!$deleted)
raise_error(array('code' => 800, 'type' => 'imap', 'file' => __FILE__,
'message' => "Could not delete message from ".$CONFIG['drafts_mbox']), TRUE, FALSE);
}
}
if ($savedraft)
{
$msgid = strtr($message_id, array('>' => '', '<' => ''));
// remember new draft-uid
$draftids = $IMAP->search($CONFIG['drafts_mbox'], 'HEADER Message-ID '.$msgid);
$_SESSION['compose']['param']['_draft_uid'] = $IMAP->get_uid($draftids[0], $CONFIG['drafts_mbox']);
// display success
$OUTPUT->show_message('messagesaved', 'confirmation');
// update "_draft_saveid" and the "cmp_hash" to prevent "Unsaved changes" warning
$OUTPUT->command('set_draft_id', $msgid);
$OUTPUT->command('compose_field_hash', true);
// start the auto-save timer again
$OUTPUT->command('auto_save_start');
$OUTPUT->send('iframe');
}
else
{
rcmail_compose_cleanup();
if ($store_folder && !$saved)
$OUTPUT->command('sent_successfully', 'error', rcube_label('errorsavingsent'));
else
$OUTPUT->command('sent_successfully', 'confirmation', rcube_label('messagesent'));
$OUTPUT->send('iframe');
}
?>

File Metadata

Mime Type
text/x-diff
Expires
Sat, Mar 1, 2:17 PM (13 m, 17 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
167243
Default Alt Text
(178 KB)

Event Timeline