From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_smtp.php | 39 ++++++++++++++++++++++-----------------
1 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php
index a2d130e..fc3f28c 100644
--- a/program/lib/Roundcube/rcube_smtp.php
+++ b/program/lib/Roundcube/rcube_smtp.php
@@ -47,7 +47,7 @@
*
* @return bool Returns true on success, or false on error
*/
- public function connect($host=null, $port=null, $user=null, $pass=null)
+ public function connect($host = null, $port = null, $user = null, $pass = null)
{
$rcube = rcube::get_instance();
@@ -59,10 +59,10 @@
// let plugins alter smtp connection config
$CONFIG = $rcube->plugins->exec_hook('smtp_connect', array(
- 'smtp_server' => $host ? $host : $rcube->config->get('smtp_server'),
- 'smtp_port' => $port ? $port : $rcube->config->get('smtp_port', 25),
- 'smtp_user' => $user ? $user : $rcube->config->get('smtp_user'),
- 'smtp_pass' => $pass ? $pass : $rcube->config->get('smtp_pass'),
+ 'smtp_server' => $host ?: $rcube->config->get('smtp_server'),
+ 'smtp_port' => $port ?: $rcube->config->get('smtp_port', 25),
+ 'smtp_user' => $user !== null ? $user : $rcube->config->get('smtp_user'),
+ 'smtp_pass' => $pass !== null ? $pass : $rcube->config->get('smtp_pass'),
'smtp_auth_cid' => $rcube->config->get('smtp_auth_cid'),
'smtp_auth_pw' => $rcube->config->get('smtp_auth_pw'),
'smtp_auth_type' => $rcube->config->get('smtp_auth_type'),
@@ -127,9 +127,12 @@
$result = $this->conn->connect($CONFIG['smtp_timeout']);
if (is_a($result, 'PEAR_Error')) {
- $this->response[] = "Connection failed: ".$result->getMessage();
- $this->error = array('label' => 'smtpconnerror', 'vars' => array('code' => $this->conn->_code));
+ $this->response[] = "Connection failed: " . $result->getMessage();
+
+ list($code,) = $this->conn->getResponse();
+ $this->error = array('label' => 'smtpconnerror', 'vars' => array('code' => $code));
$this->conn = null;
+
return false;
}
@@ -142,7 +145,7 @@
$smtp_user = str_replace('%u', $rcube->get_user_name(), $CONFIG['smtp_user']);
$smtp_pass = str_replace('%p', $rcube->get_user_password(), $CONFIG['smtp_pass']);
- $smtp_auth_type = empty($CONFIG['smtp_auth_type']) ? NULL : $CONFIG['smtp_auth_type'];
+ $smtp_auth_type = $CONFIG['smtp_auth_type'] ?: null;
if (!empty($CONFIG['smtp_auth_cid'])) {
$smtp_authz = $smtp_user;
@@ -160,10 +163,14 @@
$result = $this->conn->auth($smtp_user, $smtp_pass, $smtp_auth_type, $use_tls, $smtp_authz);
if (is_a($result, 'PEAR_Error')) {
- $this->error = array('label' => 'smtpautherror', 'vars' => array('code' => $this->conn->_code));
- $this->response[] .= 'Authentication failure: ' . $result->getMessage() . ' (Code: ' . $result->getCode() . ')';
+ list($code,) = $this->conn->getResponse();
+ $this->error = array('label' => 'smtpautherror', 'vars' => array('code' => $code));
+ $this->response[] = 'Authentication failure: ' . $result->getMessage()
+ . ' (Code: ' . $result->getCode() . ')';
+
$this->reset();
$this->disconnect();
+
return false;
}
}
@@ -207,11 +214,6 @@
}
else if (is_string($headers)) {
$text_headers = $headers;
- }
- else {
- $this->reset();
- $this->response[] = "Invalid message headers";
- return false;
}
// exit if no from address is given
@@ -275,8 +277,11 @@
if (is_resource($body)) {
// file handle
- $data = $body;
- $text_headers = preg_replace('/[\r\n]+$/', '', $text_headers);
+ $data = $body;
+
+ if ($text_headers) {
+ $text_headers = preg_replace('/[\r\n]+$/', '', $text_headers);
+ }
}
else {
// Concatenate headers and body so it can be passed by reference to SMTP_CONN->data
--
Gitblit v1.9.1