From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
bin/msgimport.sh | 63 +++++++------------------------
1 files changed, 15 insertions(+), 48 deletions(-)
diff --git a/bin/msgimport.sh b/bin/msgimport.sh
index a3ae4c3..0c72622 100755
--- a/bin/msgimport.sh
+++ b/bin/msgimport.sh
@@ -1,42 +1,10 @@
-#!/usr/bin/php
+#!/usr/bin/env php
<?php
-define('INSTALL_PATH', preg_replace('/bin\/$/', '', getcwd()) . '/');
+define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
ini_set('memory_limit', -1);
-require_once INSTALL_PATH.'program/include/iniset.php';
-
-/**
- * Parse commandline arguments into a hash array
- */
-function get_opt($aliases=array())
-{
- $args = array();
- for ($i=1; $i<count($_SERVER['argv']); $i++)
- {
- $arg = $_SERVER['argv'][$i];
- if (substr($arg, 0, 2) == '--')
- {
- $sp = strpos($arg, '=');
- $key = substr($arg, 2, $sp - 2);
- $value = substr($arg, $sp+1);
- }
- else if ($arg{0} == '-')
- {
- $key = substr($arg, 1);
- $value = $_SERVER['argv'][++$i];
- }
- else
- continue;
-
- $args[$key] = preg_replace(array('/^["\']/', '/["\']$/'), '', $value);
-
- if ($alias = $aliases[$key])
- $args[$alias] = $args[$key];
- }
-
- return $args;
-}
+require_once INSTALL_PATH.'program/include/clisetup.php';
function print_usage()
{
@@ -49,7 +17,8 @@
// get arguments
-$args = get_opt(array('h' => 'host', 'u' => 'user', 'p' => 'pass', 'm' => 'mbox', 'f' => 'file')) + array('host' => 'localhost', 'mbox' => 'INBOX');
+$opts = array('h' => 'host', 'u' => 'user', 'p' => 'pass', 'm' => 'mbox', 'f' => 'file');
+$args = rcube_utils::get_opt($opts) + array('host' => 'localhost', 'mbox' => 'INBOX');
if ($_SERVER['argv'][1] == 'help')
{
@@ -64,8 +33,7 @@
}
else if (!is_file($args['file']))
{
- print "Cannot read message file\n";
- exit;
+ rcube::raise_error("Cannot read message file.", false, true);
}
// prompt for username if not set
@@ -77,11 +45,10 @@
}
// prompt for password
-echo "Password: ";
-$args['pass'] = trim(fgets(STDIN));
-
-// clear password input
-echo chr(8)."\rPassword: ".str_repeat("*", strlen($args['pass']))."\n";
+if (empty($args['pass']))
+{
+ $args['pass'] = rcube_utils::prompt_silent("Password: ");
+}
// parse $host URL
$a_host = parse_url($args['host']);
@@ -112,14 +79,14 @@
$fp = fopen($args['file'], 'r');
while (($line = fgets($fp)) !== false)
{
- if (preg_match('/^From\s+/', $line) && $lastline == '')
+ if (preg_match('/^From\s+-/', $line) && $lastline == '')
{
if (!empty($message))
{
if ($IMAP->save_message($args['mbox'], rtrim($message)))
$count++;
else
- die("Failed to save message to $mailbox\n");
+ rcube::raise_error("Failed to save message to {$args['mbox']}", false, true);
$message = '';
}
continue;
@@ -134,13 +101,13 @@
// upload message from file
if ($count)
- print "$count messages successfully added to $mailbox.\n";
+ print "$count messages successfully added to {$args['mbox']}.\n";
else
print "Adding messages failed!\n";
}
else
{
- print "IMAP login failed.\n";
+ rcube::raise_error("IMAP login failed.", false, true);
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1