From 3e55a2d9cb476c536ac132b16fb688ff031e3425 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 01 Feb 2016 08:25:31 -0500
Subject: [PATCH] Fix bug in long recipients list parsing for cases where recipient name contained @-char (#1490653)
---
program/lib/Roundcube/rcube_smtp.php | 75 +++++++++++++++++++++++++------------
1 files changed, 50 insertions(+), 25 deletions(-)
diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php
index 5f1200b..14cbf82 100644
--- a/program/lib/Roundcube/rcube_smtp.php
+++ b/program/lib/Roundcube/rcube_smtp.php
@@ -29,6 +29,7 @@
private $conn = null;
private $response;
private $error;
+ private $anonymize_log = 0;
// define headers delimiter
const SMTP_MIME_CRLF = "\r\n";
@@ -111,6 +112,7 @@
if ($rcube->config->get('smtp_debug')) {
$this->conn->setDebug(true, array($this, 'debug_handler'));
+ $this->anonymize_log = 0;
}
// register authentication methods
@@ -124,10 +126,13 @@
// try to connect to server and exit on failure
$result = $this->conn->connect($CONFIG['smtp_timeout']);
- if (PEAR::isError($result)) {
- $this->response[] = "Connection failed: ".$result->getMessage();
- $this->error = array('label' => 'smtpconnerror', 'vars' => array('code' => $this->conn->_code));
+ if (is_a($result, 'PEAR_Error')) {
+ $this->response[] = "Connection failed: " . $result->getMessage();
+
+ list($code,) = $this->conn->getResponse();
+ $this->error = array('label' => 'smtpconnerror', 'vars' => array('code' => $code));
$this->conn = null;
+
return false;
}
@@ -157,11 +162,15 @@
$result = $this->conn->auth($smtp_user, $smtp_pass, $smtp_auth_type, $use_tls, $smtp_authz);
- if (PEAR::isError($result)) {
- $this->error = array('label' => 'smtpautherror', 'vars' => array('code' => $this->conn->_code));
- $this->response[] .= 'Authentication failure: ' . $result->getMessage() . ' (Code: ' . $result->getCode() . ')';
+ if (is_a($result, 'PEAR_Error')) {
+ list($code,) = $this->conn->getResponse();
+ $this->error = array('label' => 'smtpautherror', 'vars' => array('code' => $code));
+ $this->response[] = 'Authentication failure: ' . $result->getMessage()
+ . ' (Code: ' . $result->getCode() . ')';
+
$this->reset();
$this->disconnect();
+
return false;
}
}
@@ -206,11 +215,6 @@
else if (is_string($headers)) {
$text_headers = $headers;
}
- else {
- $this->reset();
- $this->response[] = "Invalid message headers";
- return false;
- }
// exit if no from address is given
if (!isset($from)) {
@@ -238,18 +242,20 @@
}
// set From: address
- if (PEAR::isError($this->conn->mailFrom($from, $from_params))) {
+ $result = $this->conn->mailFrom($from, $from_params);
+ if (is_a($result, 'PEAR_Error')) {
$err = $this->conn->getResponse();
$this->error = array('label' => 'smtpfromerror', 'vars' => array(
- 'from' => $from, 'code' => $this->conn->_code, 'msg' => $err[1]));
- $this->response[] = "Failed to set sender '$from'";
+ 'from' => $from, 'code' => $err[0], 'msg' => $err[1]));
+ $this->response[] = "Failed to set sender '$from'. "
+ . $err[1] . ' (Code: ' . $err[0] . ')';
$this->reset();
return false;
}
// prepare list of recipients
$recipients = $this->_parse_rfc822($recipients);
- if (PEAR::isError($recipients)) {
+ if (is_a($recipients, 'PEAR_Error')) {
$this->error = array('label' => 'smtprecipientserror');
$this->reset();
return false;
@@ -257,11 +263,13 @@
// set mail recipients
foreach ($recipients as $recipient) {
- if (PEAR::isError($this->conn->rcptTo($recipient, $recipient_params))) {
+ $result = $this->conn->rcptTo($recipient, $recipient_params);
+ if (is_a($result, 'PEAR_Error')) {
$err = $this->conn->getResponse();
$this->error = array('label' => 'smtptoerror', 'vars' => array(
- 'to' => $recipient, 'code' => $this->conn->_code, 'msg' => $err[1]));
- $this->response[] = "Failed to add recipient '$recipient'";
+ 'to' => $recipient, 'code' => $err[0], 'msg' => $err[1]));
+ $this->response[] = "Failed to add recipient '$recipient'. "
+ . $err[1] . ' (Code: ' . $err[0] . ')';
$this->reset();
return false;
}
@@ -269,8 +277,11 @@
if (is_resource($body)) {
// file handle
- $data = $body;
- $text_headers = preg_replace('/[\r\n]+$/', '', $text_headers);
+ $data = $body;
+
+ if ($text_headers) {
+ $text_headers = preg_replace('/[\r\n]+$/', '', $text_headers);
+ }
}
else {
// Concatenate headers and body so it can be passed by reference to SMTP_CONN->data
@@ -284,7 +295,8 @@
}
// Send the message's headers and the body as SMTP data.
- if (PEAR::isError($result = $this->conn->data($data, $text_headers))) {
+ $result = $this->conn->data($data, $text_headers);
+ if (is_a($result, 'PEAR_Error')) {
$err = $this->conn->getResponse();
if (!in_array($err[0], array(354, 250, 221))) {
$msg = sprintf('[%d] %s', $err[0], $err[1]);
@@ -294,7 +306,7 @@
}
$this->error = array('label' => 'smtperror', 'vars' => array('msg' => $msg));
- $this->response[] = "Failed to send data";
+ $this->response[] = "Failed to send data. " . $msg;
$this->reset();
return false;
}
@@ -330,6 +342,15 @@
*/
public function debug_handler(&$smtp, $message)
{
+ // catch AUTH commands and set anonymization flag for subsequent sends
+ if (preg_match('/^Send: AUTH ([A-Z]+)/', $message, $m)) {
+ $this->anonymize_log = $m[1] == 'LOGIN' ? 2 : 1;
+ }
+ // anonymize this log entry
+ else if ($this->anonymize_log > 0 && strpos($message, 'Send:') === 0 && --$this->anonymize_log == 0) {
+ $message = sprintf('Send: ****** [%d]', strlen($message) - 8);
+ }
+
if (($len = strlen($message)) > self::DEBUG_LINE_LENGTH) {
$diff = $len - self::DEBUG_LINE_LENGTH;
$message = substr($message, 0, self::DEBUG_LINE_LENGTH)
@@ -439,15 +460,19 @@
}
$addresses = array();
+ $recipients = preg_replace('/[\s\t]*\r?\n/', '', $recipients);
$recipients = rcube_utils::explode_quoted_string(',', $recipients);
reset($recipients);
foreach ($recipients as $recipient) {
$a = rcube_utils::explode_quoted_string(' ', $recipient);
foreach ($a as $word) {
- if (strpos($word, "@") > 0 && $word[strlen($word)-1] != '"') {
- $word = preg_replace('/^<|>$/', '', trim($word));
- if (in_array($word, $addresses) === false) {
+ $word = trim($word);
+ $len = strlen($word);
+
+ if ($len && strpos($word, "@") > 0 && $word[$len-1] != '"') {
+ $word = preg_replace('/^<|>$/', '', $word);
+ if (!in_array($word, $addresses)) {
array_push($addresses, $word);
}
}
--
Gitblit v1.9.1