githubFork/roundcubemail.git

			@@ -124,8 +124,8 @@
			/**
			* This implements the 'singleton' design pattern
			*
			* @param integer Options to initialize with this instance. See rcube::INIT_WITH_* constants
			* @param string Environment name to run (e.g. live, dev, test)
			* @param integer $mode Options to initialize with this instance. See rcube::INIT_WITH_* constants
			* @param string $env Environment name to run (e.g. live, dev, test)
			*
			* @return rcube The one and only instance
			*/
			@@ -505,7 +505,7 @@
			}

			ini_set('session.cookie_secure', $is_secure);
			ini_set('session.name', $sess_name ? $sess_name : 'roundcube_sessid');
			ini_set('session.name', $sess_name ?: 'roundcube_sessid');
			ini_set('session.use_cookies', 1);
			ini_set('session.use_only_cookies', 1);
			ini_set('session.cookie_httponly', 1);
			@@ -601,7 +601,7 @@
			$attrib = array('name' => $attrib);
			}

			$name = $attrib['name'] ? $attrib['name'] : '';
			$name = (string) $attrib['name'];

			// attrib contain text values: use them from now
			if (($setval = $attrib[strtolower($_SESSION['language'])]) \|\| ($setval = $attrib['en_us'])) {
			@@ -619,7 +619,7 @@
			// replace vars in text
			if (is_array($attrib['vars'])) {
			foreach ($attrib['vars'] as $var_key => $var_value) {
			$text = str_replace($var_key[0]!='$' ? '$'.$var_key : $var_key, $var_value, $text);
			$text = str_replace($var_key[0] != '$' ? '$'.$var_key : $var_key, $var_value, $text);
			}
			}

			@@ -685,7 +685,7 @@
			*/
			public function load_language($lang = null, $add = array(), $merge = array())
			{
			$lang = $this->language_prop(($lang ? $lang : $_SESSION['language']));
			$lang = $this->language_prop($lang ?: $_SESSION['language']);

			// load localized texts
			if (empty($this->texts) \|\| $lang != $_SESSION['language']) {
			@@ -810,26 +810,22 @@
			}

			/**
			* Encrypt using 3DES
			* Encrypt a string
			*
			* @param string $clear Clear text input
			* @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key'
			* @param boolean $base64 Whether or not to base64_encode() the result before returning
			*
			* @return string encrypted text
			* @return string Encrypted text
			*/
			public function encrypt($clear, $key = 'des_key', $base64 = true)
			{
			if (!$clear) {
			if (!is_string($clear) \|\| !strlen($clear)) {
			return '';
			}

			// Add a single canary byte to the end of the clear text, which
			// will help find out how much of padding will need to be removed
			// upon decryption; see http://php.net/mcrypt_generic#68082.
			$clear = pack("a*H2", $clear, "80");
			$ckey = $this->config->get_crypto_key($key);
			$method = 'DES-EDE3-CBC';
			$method = $this->config->get_crypto_method();
			$opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
			$iv = rcube_utils::random_bytes(openssl_cipher_iv_length($method), true);
			$cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv);
			@@ -838,13 +834,13 @@
			}

			/**
			* Decrypt 3DES-encrypted string
			* Decrypt a string
			*
			* @param string $cipher Encrypted text
			* @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key'
			* @param boolean $base64 Whether or not input is base64-encoded
			*
			* @return string decrypted text
			* @return string Decrypted text
			*/
			public function decrypt($cipher, $key = 'des_key', $base64 = true)
			{
			@@ -852,10 +848,9 @@
			return '';
			}

			$cipher = $base64 ? base64_decode($cipher) : $cipher;
			$ckey = $this->config->get_crypto_key($key);

			$method = 'DES-EDE3-CBC';
			$cipher = $base64 ? base64_decode($cipher) : $cipher;
			$ckey = $this->config->get_crypto_key($key);
			$method = $this->config->get_crypto_method();
			$opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
			$iv_size = openssl_cipher_iv_length($method);
			$iv = substr($cipher, 0, $iv_size);
			@@ -867,10 +862,6 @@

			$cipher = substr($cipher, $iv_size);
			$clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv);

			// Trim PHP's padding and the canary byte; see note in
			// rcube::encrypt() and http://php.net/mcrypt_generic#68082
			$clear = substr(rtrim($clear, "\0"), 0, -1);

			return $clear;
			}
			@@ -909,15 +900,14 @@
			*/
			public function get_request_token()
			{
			$sess_id = $_COOKIE[ini_get('session.name')];
			if (!$sess_id) {
			$sess_id = session_id();
			if (empty($_SESSION['request_token'])) {
			$plugin = $this->plugins->exec_hook('request_token', array(
			'value' => rcube_utils::random_bytes(32)));

			$_SESSION['request_token'] = $plugin['value'];
			}

			$plugin = $this->plugins->exec_hook('request_token', array(
			'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id)));

			return $plugin['value'];
			return $_SESSION['request_token'];
			}

			/**
			@@ -1152,12 +1142,16 @@

			// trigger logging hook
			if (is_object(self::$instance) && is_object(self::$instance->plugins)) {
			$log = self::$instance->plugins->exec_hook('write_log', array('name' => $name, 'date' => $date, 'line' => $line));
			$log = self::$instance->plugins->exec_hook('write_log',
			array('name' => $name, 'date' => $date, 'line' => $line));

			$name = $log['name'];
			$line = $log['line'];
			$date = $log['date'];
			if ($log['abort'])

			if ($log['abort']) {
			return true;
			}
			}

			// add session ID to the log
			@@ -1179,32 +1173,25 @@
			// per-user logging is activated
			if (self::$instance && self::$instance->config->get('per_user_logging', false) && self::$instance->get_user_id()) {
			$log_dir = self::$instance->get_user_log_dir();
			if (empty($log_dir))
			if (empty($log_dir) && $name != 'errors') {
			return false;
			}
			}
			else if (!empty($log['dir'])) {
			$log_dir = $log['dir'];
			}
			else if (self::$instance) {
			$log_dir = self::$instance->config->get('log_dir');

			if (empty($log_dir)) {
			if (!empty($log['dir'])) {
			$log_dir = $log['dir'];
			}
			else if (self::$instance) {
			$log_dir = self::$instance->config->get('log_dir');
			}
			}

			if (empty($log_dir)) {
			$log_dir = RCUBE_INSTALL_PATH . 'logs';
			}

			// try to open specific log file for writing
			$logfile = $log_dir.'/'.$name;

			if ($fp = @fopen($logfile, 'a')) {
			fwrite($fp, $line);
			fflush($fp);
			fclose($fp);
			return true;
			}

			trigger_error("Error writing to log file $logfile; Please check permissions", E_USER_WARNING);
			return false;
			return file_put_contents("$log_dir/$name", $line, FILE_APPEND) !== false;
			}

			/**
			@@ -1277,7 +1264,7 @@
			*/
			public static function log_bug($arg_arr)
			{
			$program = strtoupper(!empty($arg_arr['type']) ? $arg_arr['type'] : 'php');
			$program = strtoupper($arg_arr['type'] ?: 'php');
			$level = self::get_instance()->config->get('debug_level');

			// disable errors for ajax requests, write to log instead (#1487831)
			@@ -1287,11 +1274,18 @@

			// write error to local log file
			if (($level & 1) \|\| !empty($arg_arr['fatal'])) {
			$post_query = '';
			if ($_SERVER['REQUEST_METHOD'] == 'POST') {
			$post_query = '?_task='.urlencode($_POST['_task']).'&_action='.urlencode($_POST['_action']);
			}
			else {
			$post_query = '';
			foreach (array('_task', '_action') as $arg) {
			if ($_POST[$arg] && !$_GET[$arg]) {
			$post_query[$arg] = $_POST[$arg];
			}
			}

			if (!empty($post_query)) {
			$post_query = (strpos($_SERVER['REQUEST_URI'], '?') != false ? '&' : '?')
			. http_build_query($post_query, '', '&');
			}
			}

			$log_entry = sprintf("%s Error: %s%s (%s %s)",
			@@ -1503,6 +1497,7 @@
			$host = preg_replace('/:[0-9]+$/', '', $host);
			if ($host && preg_match('/\.[a-z]+$/i', $host)) {
			$domain_part = $host;
			break;
			}
			}
			}
			@@ -1560,8 +1555,7 @@
			$a_recipients[] = $headers['Bcc'];

			// remove Bcc header and get the whole head of the message as string
			$send_headers = array('Bcc' => null);
			$smtp_headers = $message->txtHeaders($send_headers, true);
			$smtp_headers = $this->message_head($message, array('Bcc'));

			if ($message->getParam('delay_file_io')) {
			// use common temp dir
			@@ -1601,15 +1595,13 @@
			}
			// send mail using PHP's mail() function
			else {
			// unset some headers because they will be added by the mail() function
			$headers_enc = $headers;
			$headers_res = array('To' => null, 'Subject' => null);
			$header_str = $message->txtHeaders($headers_res, true);
			// unset To,Subject headers because they will be added by the mail() function
			$header_str = $this->message_head($message, array('To', 'Subject'));

			// #1485779
			if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
			if (preg_match_all('/<([^@]+@[^>]+)>/', $headers_enc['To'], $m)) {
			$headers_enc['To'] = implode(', ', $m[1]);
			if (preg_match_all('/<([^@]+@[^>]+)>/', $headers['To'], $m)) {
			$headers['To'] = implode(', ', $m[1]);
			}
			}

			@@ -1623,8 +1615,8 @@
			}
			else {
			$delim = $this->config->header_delimiter();
			$to = $headers_enc['To'];
			$subject = $headers_enc['Subject'];
			$to = $headers['To'];
			$subject = $headers['Subject'];
			$header_str = rtrim($header_str);

			if ($delim != "\r\n") {
			@@ -1681,6 +1673,20 @@

			return $sent;
			}

			/**
			* Return message headers as a string
			*/
			protected function message_head($message, $unset = array())
			{
			// requires Mail_mime >= 1.9.0
			$headers = array();
			foreach ((array) $unset as $header) {
			$headers[$header] = null;
			}

			return $message->txtHeaders($headers, true);
			}
			}