/** * This function takes in an array of the address objects generated by the message headers and turns them into an * associative array. * * @param array $addresses * @return array */ protected function processAddressObject($addresses) { $outputAddresses = array(); if (is_array($addresses)) { foreach ($addresses as $address) { if (property_exists($address, 'mailbox') && $address->mailbox != 'undisclosed-recipients') { $currentAddress = array(); $currentAddress['address'] = $address->mailbox . '@' . $address->host; if (isset($address->personal)) { $currentAddress['name'] = MIME::decode($address->personal, self::$charset); } $outputAddresses[] = $currentAddress; } } } return $outputAddresses; }
/** * Check that the From header is not trying to impersonate a valid * user that is not $sasluser. * * @param string $sasluser The current, authenticated user. * @param string $sender Sender address * @param string $fromhdr From header * @param string $client_addr Client IP * * @return mixed A PEAR_Error in case of an error, true if From * can be accepted, false if From must be rejected, * or a string with a corrected From header that * makes From acceptable */ function _verify_sender($sasluser, $sender, $fromhdr, $client_addr) { global $conf; if (isset($conf['kolab']['filter']['email_domain'])) { $domains = $conf['kolab']['filter']['email_domain']; } else { $domains = 'localhost'; } if (!is_array($domains)) { $domains = array($domains); } if (isset($conf['kolab']['filter']['local_addr'])) { $local_addr = $conf['kolab']['filter']['local_addr']; } else { $local_addr = '127.0.0.1'; } if (empty($client_addr)) { $client_addr = $local_addr; } if (isset($conf['kolab']['filter']['verify_subdomains'])) { $verify_subdomains = $conf['kolab']['filter']['verify_subdomains']; } else { $verify_subdomains = true; } if (isset($conf['kolab']['filter']['reject_forged_from_header'])) { $reject_forged_from_header = $conf['kolab']['filter']['reject_forged_from_header']; } else { $reject_forged_from_header = false; } if (isset($conf['kolab']['filter']['kolabhosts'])) { $kolabhosts = $conf['kolab']['filter']['kolabhosts']; } else { $kolabhosts = 'localhost'; } if (isset($conf['kolab']['filter']['privileged_networks'])) { $privnetworks = $conf['kolab']['filter']['privileged_networks']; } else { $privnetworks = '127.0.0.0/8'; } /* Allow anything from localhost and * fellow Kolab-hosts */ if ($client_addr == $local_addr) { return true; } $kolabhosts = explode(',', $kolabhosts); $kolabhosts = array_map('gethostbyname', $kolabhosts); $privnetworks = explode(',', $privnetworks); if (array_search($client_addr, $kolabhosts) !== false) { return true; } foreach ($privnetworks as $network) { $iplong = ip2long($client_addr); $cidr = explode("/", $network); $netiplong = ip2long($cidr[0]); if (count($cidr) == 2) { $iplong = $iplong & 0xffffffff << 32 - $cidr[1]; $netiplong = $netiplong & 0xffffffff << 32 - $cidr[1]; } if ($iplong == $netiplong) { return true; } } if ($sasluser) { /* Load the Server library */ require_once 'Horde/Kolab/Server.php'; $server =& Horde_Kolab_Server::singleton(); if (is_a($server, 'PEAR_Error')) { $server->code = OUT_LOG | EX_TEMPFAIL; return $server; } $allowed_addrs = $server->addrsForIdOrMail($sasluser); if (is_a($allowed_addrs, 'PEAR_Error')) { $allowed_addrs->code = OUT_LOG | EX_NOUSER; return $allowed_addrs; } } else { $allowed_addrs = false; } if (isset($conf['kolab']['filter']['unauthenticated_from_insert'])) { $fmt = $conf['kolab']['filter']['unauthenticated_from_insert']; } else { $fmt = '(UNTRUSTED, sender <%s> is not authenticated)'; } $adrs = imap_rfc822_parse_adrlist($fromhdr, $domains[0]); foreach ($adrs as $adr) { $from = $adr->mailbox . '@' . $adr->host; $fromdom = $adr->host; if ($sasluser) { if (!in_array(strtolower($from), $allowed_addrs)) { Horde::log(sprintf("%s is not an allowed From address for %s", $from, $sasluser), 'DEBUG'); return false; } } else { foreach ($domains as $domain) { if (strtolower($fromdom) == $domain || $verify_subdomains && substr($fromdom, -strlen($domain) - 1) == ".{$domain}") { if ($reject_forged_from_header) { Horde::log(sprintf("%s is not an allowed From address for unauthenticated users.", $from), 'DEBUG'); return false; } else { require_once 'Horde/String.php'; require_once 'Horde/MIME.php'; /* Rewrite */ Horde::log(sprintf("%s is not an allowed From address for unauthenticated users, rewriting.", $from), 'DEBUG'); if (property_exists($adr, 'personal')) { $name = str_replace(array("\\", '"'), array("\\\\", '\\"'), MIME::decode($adr->personal, 'utf-8')); } else { $name = ''; } $untrusted = sprintf($fmt, $sender, $from, $name); // Is this test really correct? Is $fromhdr a _decoded_ string? // If not comparing with the unencoded $untrusted is wrong. // sw - 20091125 if (strpos($fromhdr, $untrusted) === false) { $new_from = '"' . MIME::encode($untrusted) . '"'; return $new_from . ' <' . $from . '>'; } else { return true; } } } } } } /* All seems OK */ return true; }
/** * @param $text */ protected function setFileName($text) { $this->filename = MIME::decode($text, Message::$charset); }