X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=program%2Finclude%2Frcube_imap_generic.php;fp=program%2Finclude%2Frcube_imap_generic.php;h=e2ee342f82603d8da0769a8697df6fa3ed8b9daf;hb=07e1de2dcd3f3ff8910a3680493f035b3c693cf0;hp=18f1f5da8f00101abc7439b2f68fa76d4f7024f0;hpb=7f5f46ce0922d9fdeb02e45c759aaacbd0ea5f9a;p=roundcube.git diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php index 18f1f5d..e2ee342 100644 --- a/program/include/rcube_imap_generic.php +++ b/program/include/rcube_imap_generic.php @@ -21,7 +21,7 @@ | Author: Ryo Chijiiwa | +-----------------------------------------------------------------------+ - $Id: rcube_imap_generic.php 4516 2011-02-09 12:46:46Z alec $ + $Id: rcube_imap_generic.php 4643 2011-04-11 12:24:00Z alec $ */ @@ -213,31 +213,26 @@ class rcube_imap_generic { $line = ''; - if (!$this->fp) { - return NULL; - } - if (!$size) { $size = 1024; } do { - if (feof($this->fp)) { + if ($this->eof()) { return $line ? $line : NULL; } $buffer = fgets($this->fp, $size); if ($buffer === false) { - @fclose($this->fp); - $this->fp = null; + $this->closeSocket(); break; } if ($this->_debug) { $this->debug('S: '. rtrim($buffer)); } $line .= $buffer; - } while ($buffer[strlen($buffer)-1] != "\n"); + } while (substr($buffer, -1) != "\n"); return $line; } @@ -267,7 +262,7 @@ class rcube_imap_generic { $data = ''; $len = 0; - while ($len < $bytes && !feof($this->fp)) + while ($len < $bytes && !$this->eof()) { $d = fread($this->fp, $bytes-$len); if ($this->_debug) { @@ -312,8 +307,7 @@ class rcube_imap_generic } else if ($res == 'BAD') { $this->errornum = self::ERROR_BAD; } else if ($res == 'BYE') { - @fclose($this->fp); - $this->fp = null; + $this->closeSocket(); $this->errornum = self::ERROR_BYE; } @@ -339,6 +333,32 @@ class rcube_imap_generic return self::ERROR_UNKNOWN; } + private function eof() + { + if (!is_resource($this->fp)) { + return true; + } + + // If a connection opened by fsockopen() wasn't closed + // by the server, feof() will hang. + $start = microtime(true); + + if (feof($this->fp) || + ($this->prefs['timeout'] && (microtime(true) - $start > $this->prefs['timeout'])) + ) { + $this->closeSocket(); + return true; + } + + return false; + } + + private function closeSocket() + { + @fclose($this->fp); + $this->fp = null; + } + function setError($code, $msg='') { $this->errornum = $code; @@ -360,8 +380,7 @@ class rcube_imap_generic } if ($error && preg_match('/^\* (BYE|BAD) /i', $string, $m)) { if (strtoupper($m[1]) == 'BYE') { - @fclose($this->fp); - $this->fp = null; + $this->closeSocket(); } return true; } @@ -701,11 +720,12 @@ class rcube_imap_generic $host = $this->prefs['ssl_mode'] . '://' . $host; } + if ($this->prefs['timeout'] <= 0) { + $this->prefs['timeout'] = ini_get('default_socket_timeout'); + } + // Connect - if ($this->prefs['timeout'] > 0) - $this->fp = @fsockopen($host, $this->prefs['port'], $errno, $errstr, $this->prefs['timeout']); - else - $this->fp = @fsockopen($host, $this->prefs['port'], $errno, $errstr); + $this->fp = @fsockopen($host, $this->prefs['port'], $errno, $errstr, $this->prefs['timeout']); if (!$this->fp) { $this->setError(self::ERROR_BAD, sprintf("Could not connect to %s:%d: %s", $host, $this->prefs['port'], $errstr)); @@ -757,6 +777,13 @@ class rcube_imap_generic // Now we're secure, capabilities need to be reread $this->clearCapability(); } + + // Use best (for security) supported authentication method + foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) { + if (in_array($auth_method, $auth_methods)) { + break; + } + } } // Send ID info @@ -782,6 +809,13 @@ class rcube_imap_generic else if (!$login_disabled) { $auth_methods[] = 'LOGIN'; } + + // Use best (for security) supported authentication method + foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) { + if (in_array($auth_method, $auth_methods)) { + break; + } + } } else { // Prevent from sending credentials in plain text when connection is not secure @@ -791,32 +825,28 @@ class rcube_imap_generic return false; } // replace AUTH with CRAM-MD5 for backward compat. - $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method; + if ($auth_method == 'AUTH') { + $auth_method = 'CRAM-MD5'; + } } // pre-login capabilities can be not complete $this->capability_readed = false; // Authenticate - foreach ($auth_methods as $method) { - switch ($method) { + switch ($auth_method) { case 'CRAM_MD5': - $method = 'CRAM-MD5'; + $auth_method = 'CRAM-MD5'; case 'CRAM-MD5': case 'DIGEST-MD5': case 'PLAIN': - $result = $this->authenticate($user, $password, $method); + $result = $this->authenticate($user, $password, $auth_method); break; case 'LOGIN': $result = $this->login($user, $password); break; default: - $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $method"); - } - - if (is_resource($result)) { - break; - } + $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $auth_method"); } // Connected and authenticated @@ -845,8 +875,7 @@ class rcube_imap_generic $this->readReply(); } - @fclose($this->fp); - $this->fp = false; + $this->closeSocket(); } /** @@ -935,6 +964,16 @@ class rcube_imap_generic list($mbox, $items) = $this->tokenizeResponse($response, 2); + // Fix for #1487859. Some buggy server returns not quoted + // folder name with spaces. Let's try to handle this situation + if (!is_array($items) && ($pos = strpos($response, '(')) !== false) { + $response = substr($response, $pos); + $items = $this->tokenizeResponse($response, 1); + if (!is_array($items)) { + return $result; + } + } + for ($i=0, $len=count($items); $i<$len; $i += 2) { $result[$items[$i]] = (int) $items[$i+1]; } @@ -1341,7 +1380,7 @@ class rcube_imap_generic $result[$id] = ''; } } else if ($mode == 2) { - if (preg_match('/\((UID|RFC822\.SIZE) ([0-9]+)/', $line, $matches)) { + if (preg_match('/(UID|RFC822\.SIZE) ([0-9]+)/', $line, $matches)) { $result[$id] = trim($matches[2]); } else { $result[$id] = 0; @@ -1540,36 +1579,21 @@ class rcube_imap_generic if (preg_match('/^\* [0-9]+ FETCH \((.*) BODY/sU', $line, $matches)) { $str = $matches[1]; - // swap parents with quotes, then explode - $str = preg_replace('/[()]/', '"', $str); - $a = rcube_explode_quoted_string(' ', $str); - - // did we get the right number of replies? - $parts_count = count($a); - if ($parts_count>=6) { - for ($i=0; $i<$parts_count; $i=$i+2) { - if ($a[$i] == 'UID') { - $result[$id]->uid = intval($a[$i+1]); - } - else if ($a[$i] == 'RFC822.SIZE') { - $result[$id]->size = intval($a[$i+1]); - } - else if ($a[$i] == 'INTERNALDATE') { - $time_str = $a[$i+1]; - } - else if ($a[$i] == 'FLAGS') { - $flags_str = $a[$i+1]; - } + while (list($name, $value) = $this->tokenizeResponse($str, 2)) { + if ($name == 'UID') { + $result[$id]->uid = intval($value); + } + else if ($name == 'RFC822.SIZE') { + $result[$id]->size = intval($value); + } + else if ($name == 'INTERNALDATE') { + $result[$id]->internaldate = $value; + $result[$id]->date = $value; + $result[$id]->timestamp = $this->StrToTime($value); + } + else if ($name == 'FLAGS') { + $flags_a = $value; } - - $time_str = str_replace('"', '', $time_str); - - // if time is gmt... - $time_str = str_replace('GMT','+0000',$time_str); - - $result[$id]->internaldate = $time_str; - $result[$id]->timestamp = $this->StrToTime($time_str); - $result[$id]->date = $time_str; } // BODYSTRUCTURE @@ -1617,7 +1641,7 @@ class rcube_imap_generic // handle FLAGS reply after headers (AOL, Zimbra?) if (preg_match('/\s+FLAGS \((.*)\)\)$/', $line, $matches)) { - $flags_str = $matches[1]; + $flags_a = $this->tokenizeResponse($matches[1]); break; } @@ -1641,10 +1665,10 @@ class rcube_imap_generic // create array with header field:data while (list($lines_key, $str) = each($lines)) { - list($field, $string) = $this->splitHeaderLine($str); + list($field, $string) = explode(':', $str, 2); $field = strtolower($field); - $string = preg_replace('/\n\s*/', ' ', $string); + $string = preg_replace('/\n[\t\s]*/', ' ', trim($string)); switch ($field) { case 'date'; @@ -1708,32 +1732,31 @@ class rcube_imap_generic } // process flags - if (!empty($flags_str)) { - $flags_str = preg_replace('/[\\\"]/', '', $flags_str); - $flags_a = explode(' ', $flags_str); - - if (is_array($flags_a)) { - foreach($flags_a as $flag) { - $flag = strtoupper($flag); - if ($flag == 'SEEN') { - $result[$id]->seen = true; - } else if ($flag == 'DELETED') { - $result[$id]->deleted = true; - } else if ($flag == 'RECENT') { - $result[$id]->recent = true; - } else if ($flag == 'ANSWERED') { - $result[$id]->answered = true; - } else if ($flag == '$FORWARDED') { - $result[$id]->forwarded = true; - } else if ($flag == 'DRAFT') { - $result[$id]->is_draft = true; - } else if ($flag == '$MDNSENT') { - $result[$id]->mdn_sent = true; - } else if ($flag == 'FLAGGED') { - $result[$id]->flagged = true; - } + if (!empty($flags_a)) { + foreach ($flags_a as $flag) { + $flag = str_replace('\\', '', $flag); + $result[$id]->flags[] = $flag; + + switch (strtoupper($flag)) { + case 'SEEN': + $result[$id]->seen = true; + break; + case 'DELETED': + $result[$id]->deleted = true; + break; + case 'ANSWERED': + $result[$id]->answered = true; + break; + case '$FORWARDED': + $result[$id]->forwarded = true; + break; + case '$MDNSENT': + $result[$id]->mdn_sent = true; + break; + case 'FLAGGED': + $result[$id]->flagged = true; + break; } - $result[$id]->flags = $flags_a; } } } @@ -3268,9 +3291,10 @@ class rcube_imap_generic { // support non-standard "GMTXXXX" literal $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date); + // if date parsing fails, we have a date in non-rfc format. // remove token from the end and try again - while ((($ts = @strtotime($date))===false) || ($ts < 0)) { + while (($ts = intval(@strtotime($date))) <= 0) { $d = explode(' ', $date); array_pop($d); if (!$d) { @@ -3284,17 +3308,6 @@ class rcube_imap_generic return $ts < 0 ? 0 : $ts; } - private function splitHeaderLine($string) - { - $pos = strpos($string, ':'); - if ($pos>0) { - $res[0] = substr($string, 0, $pos); - $res[1] = trim(substr($string, $pos+1)); - return $res; - } - return $string; - } - private function parseCapability($str, $trusted=false) { $str = preg_replace('/^\* CAPABILITY /i', '', $str);