githubFork/roundcubemail.git

			@@ -124,8 +124,8 @@
			/**
			* This implements the 'singleton' design pattern
			*
			* @param integer Options to initialize with this instance. See rcube::INIT_WITH_* constants
			* @param string Environment name to run (e.g. live, dev, test)
			* @param integer $mode Options to initialize with this instance. See rcube::INIT_WITH_* constants
			* @param string $env Environment name to run (e.g. live, dev, test)
			*
			* @return rcube The one and only instance
			*/
			@@ -810,26 +810,22 @@
			}

			/**
			* Encrypt using 3DES
			* Encrypt a string
			*
			* @param string $clear Clear text input
			* @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key'
			* @param boolean $base64 Whether or not to base64_encode() the result before returning
			*
			* @return string encrypted text
			* @return string Encrypted text
			*/
			public function encrypt($clear, $key = 'des_key', $base64 = true)
			{
			if (!$clear) {
			if (!is_string($clear) \|\| !strlen($clear)) {
			return '';
			}

			// Add a single canary byte to the end of the clear text, which
			// will help find out how much of padding will need to be removed
			// upon decryption; see http://php.net/mcrypt_generic#68082.
			$clear = pack("a*H2", $clear, "80");
			$ckey = $this->config->get_crypto_key($key);
			$method = 'DES-EDE3-CBC';
			$method = $this->config->get_crypto_method();
			$opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
			$iv = rcube_utils::random_bytes(openssl_cipher_iv_length($method), true);
			$cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv);
			@@ -838,13 +834,13 @@
			}

			/**
			* Decrypt 3DES-encrypted string
			* Decrypt a string
			*
			* @param string $cipher Encrypted text
			* @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key'
			* @param boolean $base64 Whether or not input is base64-encoded
			*
			* @return string decrypted text
			* @return string Decrypted text
			*/
			public function decrypt($cipher, $key = 'des_key', $base64 = true)
			{
			@@ -852,10 +848,9 @@
			return '';
			}

			$cipher = $base64 ? base64_decode($cipher) : $cipher;
			$ckey = $this->config->get_crypto_key($key);

			$method = 'DES-EDE3-CBC';
			$cipher = $base64 ? base64_decode($cipher) : $cipher;
			$ckey = $this->config->get_crypto_key($key);
			$method = $this->config->get_crypto_method();
			$opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
			$iv_size = openssl_cipher_iv_length($method);
			$iv = substr($cipher, 0, $iv_size);
			@@ -867,10 +862,6 @@

			$cipher = substr($cipher, $iv_size);
			$clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv);

			// Trim PHP's padding and the canary byte; see note in
			// rcube::encrypt() and http://php.net/mcrypt_generic#68082
			$clear = substr(rtrim($clear, "\0"), 0, -1);

			return $clear;
			}
			@@ -909,15 +900,14 @@
			*/
			public function get_request_token()
			{
			$sess_id = $_COOKIE[ini_get('session.name')];
			if (!$sess_id) {
			$sess_id = session_id();
			if (empty($_SESSION['request_token'])) {
			$plugin = $this->plugins->exec_hook('request_token', array(
			'value' => rcube_utils::random_bytes(32)));

			$_SESSION['request_token'] = $plugin['value'];
			}

			$plugin = $this->plugins->exec_hook('request_token', array(
			'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id)));

			return $plugin['value'];
			return $_SESSION['request_token'];
			}

			/**
			@@ -1559,13 +1549,8 @@
			if (strlen($headers['Bcc']))
			$a_recipients[] = $headers['Bcc'];

			// clean Bcc from header for recipients
			$send_headers = $headers;
			unset($send_headers['Bcc']);
			// here too, it because txtHeaders() below use $message->_headers not only $send_headers
			unset($message->_headers['Bcc']);

			$smtp_headers = $message->txtHeaders($send_headers, true);
			// remove Bcc header and get the whole head of the message as string
			$smtp_headers = $this->message_head($message, array('Bcc'));

			if ($message->getParam('delay_file_io')) {
			// use common temp dir
			@@ -1605,19 +1590,13 @@
			}
			// send mail using PHP's mail() function
			else {
			// unset some headers because they will be added by the mail() function
			$headers_enc = $message->headers($headers);
			$headers_php = $message->_headers;
			unset($headers_php['To'], $headers_php['Subject']);

			// reset stored headers and overwrite
			$message->_headers = array();
			$header_str = $message->txtHeaders($headers_php);
			// unset To,Subject headers because they will be added by the mail() function
			$header_str = $this->message_head($message, array('To', 'Subject'));

			// #1485779
			if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
			if (preg_match_all('/<([^@]+@[^>]+)>/', $headers_enc['To'], $m)) {
			$headers_enc['To'] = implode(', ', $m[1]);
			if (preg_match_all('/<([^@]+@[^>]+)>/', $headers['To'], $m)) {
			$headers['To'] = implode(', ', $m[1]);
			}
			}

			@@ -1631,8 +1610,8 @@
			}
			else {
			$delim = $this->config->header_delimiter();
			$to = $headers_enc['To'];
			$subject = $headers_enc['Subject'];
			$to = $headers['To'];
			$subject = $headers['Subject'];
			$header_str = rtrim($header_str);

			if ($delim != "\r\n") {
			@@ -1685,11 +1664,24 @@
			fclose($msg_body);
			}

			$message->_headers = array();
			$message->headers($headers);
			$message->headers($headers, true);

			return $sent;
			}

			/**
			* Return message headers as a string
			*/
			protected function message_head($message, $unset = array())
			{
			// requires Mail_mime >= 1.9.0
			$headers = array();
			foreach ((array) $unset as $header) {
			$headers[$header] = null;
			}

			return $message->txtHeaders($headers, true);
			}
			}