Mercurial > hg > rc2
diff program/lib/Roundcube/rcube.php @ 0:4681f974d28b
vanilla 1.3.3 distro, I hope
| author | Charlie Root |
|---|---|
| date | Thu, 04 Jan 2018 15:52:31 -0500 |
| parents | |
| children | 3a5f959af5ae |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/program/lib/Roundcube/rcube.php Thu Jan 04 15:52:31 2018 -0500 @@ -0,0 +1,1723 @@ +<?php + +/** + +-----------------------------------------------------------------------+ + | This file is part of the Roundcube Webmail client | + | Copyright (C) 2008-2014, The Roundcube Dev Team | + | Copyright (C) 2011-2014, Kolab Systems AG | + | | + | Licensed under the GNU General Public License version 3 or | + | any later version with exceptions for skins & plugins. | + | See the README file for a full license statement. | + | | + | PURPOSE: | + | Framework base class providing core functions and holding | + | instances of all 'global' objects like db- and storage-connections | + +-----------------------------------------------------------------------+ + | Author: Thomas Bruederli <roundcube@gmail.com> | + +-----------------------------------------------------------------------+ +*/ + +/** + * Base class of the Roundcube Framework + * implemented as singleton + * + * @package Framework + * @subpackage Core + */ +class rcube +{ + // Init options + const INIT_WITH_DB = 1; + const INIT_WITH_PLUGINS = 2; + + // Request status + const REQUEST_VALID = 0; + const REQUEST_ERROR_URL = 1; + const REQUEST_ERROR_TOKEN = 2; + + const DEBUG_LINE_LENGTH = 4096; + + /** + * Singleton instance of rcube + * + * @var rcube + */ + static protected $instance; + + /** + * Stores instance of rcube_config. + * + * @var rcube_config + */ + public $config; + + /** + * Instance of database class. + * + * @var rcube_db + */ + public $db; + + /** + * Instance of Memcache class. + * + * @var Memcache + */ + public $memcache; + + /** + * Instance of rcube_session class. + * + * @var rcube_session + */ + public $session; + + /** + * Instance of rcube_smtp class. + * + * @var rcube_smtp + */ + public $smtp; + + /** + * Instance of rcube_storage class. + * + * @var rcube_storage + */ + public $storage; + + /** + * Instance of rcube_output class. + * + * @var rcube_output + */ + public $output; + + /** + * Instance of rcube_plugin_api. + * + * @var rcube_plugin_api + */ + public $plugins; + + /** + * Instance of rcube_user class. + * + * @var rcube_user + */ + public $user; + + /** + * Request status + * + * @var int + */ + public $request_status = 0; + + /* private/protected vars */ + protected $texts; + protected $caches = array(); + protected $shutdown_functions = array(); + + + /** + * This implements the 'singleton' design pattern + * + * @param integer $mode Options to initialize with this instance. See rcube::INIT_WITH_* constants + * @param string $env Environment name to run (e.g. live, dev, test) + * + * @return rcube The one and only instance + */ + static function get_instance($mode = 0, $env = '') + { + if (!self::$instance) { + self::$instance = new rcube($env); + self::$instance->init($mode); + } + + return self::$instance; + } + + /** + * Private constructor + */ + protected function __construct($env = '') + { + // load configuration + $this->config = new rcube_config($env); + $this->plugins = new rcube_dummy_plugin_api; + + register_shutdown_function(array($this, 'shutdown')); + } + + /** + * Initial startup function + */ + protected function init($mode = 0) + { + // initialize syslog + if ($this->config->get('log_driver') == 'syslog') { + $syslog_id = $this->config->get('syslog_id', 'roundcube'); + $syslog_facility = $this->config->get('syslog_facility', LOG_USER); + openlog($syslog_id, LOG_ODELAY, $syslog_facility); + } + + // connect to database + if ($mode & self::INIT_WITH_DB) { + $this->get_dbh(); + } + + // create plugin API and load plugins + if ($mode & self::INIT_WITH_PLUGINS) { + $this->plugins = rcube_plugin_api::get_instance(); + } + } + + /** + * Get the current database connection + * + * @return rcube_db Database object + */ + public function get_dbh() + { + if (!$this->db) { + $this->db = rcube_db::factory( + $this->config->get('db_dsnw'), + $this->config->get('db_dsnr'), + $this->config->get('db_persistent') + ); + + $this->db->set_debug((bool)$this->config->get('sql_debug')); + } + + return $this->db; + } + + /** + * Get global handle for memcache access + * + * @return object Memcache + */ + public function get_memcache() + { + if (!isset($this->memcache)) { + // no memcache support in PHP + if (!class_exists('Memcache')) { + $this->memcache = false; + return false; + } + + $this->memcache = new Memcache; + $this->memcache_init(); + + // test connection and failover (will result in $this->mc_available == 0 on complete failure) + $this->memcache->increment('__CONNECTIONTEST__', 1); // NOP if key doesn't exist + + if (!$this->mc_available) { + $this->memcache = false; + } + } + + return $this->memcache; + } + + /** + * Get global handle for memcache access + * + * @return object Memcache + */ + protected function memcache_init() + { + $this->mc_available = 0; + + // add all configured hosts to pool + $pconnect = $this->config->get('memcache_pconnect', true); + $timeout = $this->config->get('memcache_timeout', 1); + $retry_interval = $this->config->get('memcache_retry_interval', 15); + + foreach ($this->config->get('memcache_hosts', array()) as $host) { + if (substr($host, 0, 7) != 'unix://') { + list($host, $port) = explode(':', $host); + if (!$port) $port = 11211; + } + else { + $port = 0; + } + + $this->mc_available += intval($this->memcache->addServer( + $host, $port, $pconnect, 1, $timeout, $retry_interval, false, array($this, 'memcache_failure'))); + } + } + + /** + * Callback for memcache failure + */ + public function memcache_failure($host, $port) + { + static $seen = array(); + + // only report once + if (!$seen["$host:$port"]++) { + $this->mc_available--; + self::raise_error(array( + 'code' => 604, 'type' => 'db', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "Memcache failure on host $host:$port"), + true, false); + } + } + + /** + * Initialize and get cache object + * + * @param string $name Cache identifier + * @param string $type Cache type ('db', 'apc' or 'memcache') + * @param string $ttl Expiration time for cache items + * @param bool $packed Enables/disables data serialization + * + * @return rcube_cache Cache object + */ + public function get_cache($name, $type='db', $ttl=0, $packed=true) + { + if (!isset($this->caches[$name]) && ($userid = $this->get_user_id())) { + $this->caches[$name] = new rcube_cache($type, $userid, $name, $ttl, $packed); + } + + return $this->caches[$name]; + } + + /** + * Initialize and get shared cache object + * + * @param string $name Cache identifier + * @param bool $packed Enables/disables data serialization + * + * @return rcube_cache_shared Cache object + */ + public function get_cache_shared($name, $packed=true) + { + $shared_name = "shared_$name"; + + if (!array_key_exists($shared_name, $this->caches)) { + $opt = strtolower($name) . '_cache'; + $type = $this->config->get($opt); + $ttl = $this->config->get($opt . '_ttl'); + + if (!$type) { + // cache is disabled + return $this->caches[$shared_name] = null; + } + + if ($ttl === null) { + $ttl = $this->config->get('shared_cache_ttl', '10d'); + } + + $this->caches[$shared_name] = new rcube_cache_shared($type, $name, $ttl, $packed); + } + + return $this->caches[$shared_name]; + } + + /** + * Create SMTP object and connect to server + * + * @param boolean $connect True if connection should be established + */ + public function smtp_init($connect = false) + { + $this->smtp = new rcube_smtp(); + + if ($connect) { + $this->smtp->connect(); + } + } + + /** + * Initialize and get storage object + * + * @return rcube_storage Storage object + */ + public function get_storage() + { + // already initialized + if (!is_object($this->storage)) { + $this->storage_init(); + } + + return $this->storage; + } + + /** + * Initialize storage object + */ + public function storage_init() + { + // already initialized + if (is_object($this->storage)) { + return; + } + + $driver = $this->config->get('storage_driver', 'imap'); + $driver_class = "rcube_{$driver}"; + + if (!class_exists($driver_class)) { + self::raise_error(array( + 'code' => 700, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Storage driver class ($driver) not found!"), + true, true); + } + + // Initialize storage object + $this->storage = new $driver_class; + + // for backward compat. (deprecated, will be removed) + $this->imap = $this->storage; + + // set class options + $options = array( + 'auth_type' => $this->config->get("{$driver}_auth_type", 'check'), + 'auth_cid' => $this->config->get("{$driver}_auth_cid"), + 'auth_pw' => $this->config->get("{$driver}_auth_pw"), + 'debug' => (bool) $this->config->get("{$driver}_debug"), + 'force_caps' => (bool) $this->config->get("{$driver}_force_caps"), + 'disabled_caps' => $this->config->get("{$driver}_disabled_caps"), + 'socket_options' => $this->config->get("{$driver}_conn_options"), + 'timeout' => (int) $this->config->get("{$driver}_timeout"), + 'skip_deleted' => (bool) $this->config->get('skip_deleted'), + 'driver' => $driver, + ); + + if (!empty($_SESSION['storage_host'])) { + $options['language'] = $_SESSION['language']; + $options['host'] = $_SESSION['storage_host']; + $options['user'] = $_SESSION['username']; + $options['port'] = $_SESSION['storage_port']; + $options['ssl'] = $_SESSION['storage_ssl']; + $options['password'] = $this->decrypt($_SESSION['password']); + $_SESSION[$driver.'_host'] = $_SESSION['storage_host']; + } + + $options = $this->plugins->exec_hook("storage_init", $options); + + // for backward compat. (deprecated, to be removed) + $options = $this->plugins->exec_hook("imap_init", $options); + + $this->storage->set_options($options); + $this->set_storage_prop(); + + // subscribe to 'storage_connected' hook for session logging + if ($this->config->get('imap_log_session', false)) { + $this->plugins->register_hook('storage_connected', array($this, 'storage_log_session')); + } + } + + /** + * Set storage parameters. + */ + protected function set_storage_prop() + { + $storage = $this->get_storage(); + + // set pagesize from config + $pagesize = $this->config->get('mail_pagesize'); + if (!$pagesize) { + $pagesize = $this->config->get('pagesize', 50); + } + + $storage->set_pagesize($pagesize); + $storage->set_charset($this->config->get('default_charset', RCUBE_CHARSET)); + + // enable caching of mail data + $driver = $this->config->get('storage_driver', 'imap'); + $storage_cache = $this->config->get("{$driver}_cache"); + $messages_cache = $this->config->get('messages_cache'); + // for backward compatybility + if ($storage_cache === null && $messages_cache === null && $this->config->get('enable_caching')) { + $storage_cache = 'db'; + $messages_cache = true; + } + + if ($storage_cache) { + $storage->set_caching($storage_cache); + } + if ($messages_cache) { + $storage->set_messages_caching(true); + } + } + + /** + * Set special folders type association. + * This must be done AFTER connecting to the server! + */ + protected function set_special_folders() + { + $storage = $this->get_storage(); + $folders = $storage->get_special_folders(true); + $prefs = array(); + + // check SPECIAL-USE flags on IMAP folders + foreach ($folders as $type => $folder) { + $idx = $type . '_mbox'; + if ($folder !== $this->config->get($idx)) { + $prefs[$idx] = $folder; + } + } + + // Some special folders differ, update user preferences + if (!empty($prefs) && $this->user) { + $this->user->save_prefs($prefs); + } + + // create default folders (on login) + if ($this->config->get('create_default_folders')) { + $storage->create_default_folders(); + } + } + + /** + * Callback for IMAP connection events to log session identifiers + */ + public function storage_log_session($args) + { + if (!empty($args['session']) && session_id()) { + $this->write_log('imap_session', $args['session']); + } + } + + /** + * Create session object and start the session. + */ + public function session_init() + { + // session started (Installer?) + if (session_id()) { + return; + } + + $sess_name = $this->config->get('session_name'); + $sess_domain = $this->config->get('session_domain'); + $sess_path = $this->config->get('session_path'); + $lifetime = $this->config->get('session_lifetime', 0) * 60; + $is_secure = $this->config->get('use_https') || rcube_utils::https_check(); + + // set session domain + if ($sess_domain) { + ini_set('session.cookie_domain', $sess_domain); + } + // set session path + if ($sess_path) { + ini_set('session.cookie_path', $sess_path); + } + // set session garbage collecting time according to session_lifetime + if ($lifetime) { + ini_set('session.gc_maxlifetime', $lifetime * 2); + } + + // set session cookie lifetime so it never expires (#5961) + ini_set('session.cookie_lifetime', 0); + ini_set('session.cookie_secure', $is_secure); + ini_set('session.name', $sess_name ?: 'roundcube_sessid'); + ini_set('session.use_cookies', 1); + ini_set('session.use_only_cookies', 1); + ini_set('session.cookie_httponly', 1); + + // get session driver instance + $this->session = rcube_session::factory($this->config); + $this->session->register_gc_handler(array($this, 'gc')); + + // start PHP session (if not in CLI mode) + if ($_SERVER['REMOTE_ADDR']) { + $this->session->start(); + } + } + + /** + * Garbage collector - cache/temp cleaner + */ + public function gc() + { + rcube_cache::gc(); + rcube_cache_shared::gc(); + $this->get_storage()->cache_gc(); + + $this->gc_temp(); + } + + /** + * Garbage collector function for temp files. + * Remove temp files older than two days + */ + public function gc_temp() + { + $tmp = unslashify($this->config->get('temp_dir')); + + // expire in 48 hours by default + $temp_dir_ttl = $this->config->get('temp_dir_ttl', '48h'); + $temp_dir_ttl = get_offset_sec($temp_dir_ttl); + if ($temp_dir_ttl < 6*3600) + $temp_dir_ttl = 6*3600; // 6 hours sensible lower bound. + + $expire = time() - $temp_dir_ttl; + + if ($tmp && ($dir = opendir($tmp))) { + while (($fname = readdir($dir)) !== false) { + if ($fname[0] == '.') { + continue; + } + + if (@filemtime($tmp.'/'.$fname) < $expire) { + @unlink($tmp.'/'.$fname); + } + } + + closedir($dir); + } + } + + /** + * Runs garbage collector with probability based on + * session settings. This is intended for environments + * without a session. + */ + public function gc_run() + { + $probability = (int) ini_get('session.gc_probability'); + $divisor = (int) ini_get('session.gc_divisor'); + + if ($divisor > 0 && $probability > 0) { + $random = mt_rand(1, $divisor); + if ($random <= $probability) { + $this->gc(); + } + } + } + + /** + * Get localized text in the desired language + * + * @param mixed $attrib Named parameters array or label name + * @param string $domain Label domain (plugin) name + * + * @return string Localized text + */ + public function gettext($attrib, $domain = null) + { + // load localization files if not done yet + if (empty($this->texts)) { + $this->load_language(); + } + + // extract attributes + if (is_string($attrib)) { + $attrib = array('name' => $attrib); + } + + $name = (string) $attrib['name']; + + // attrib contain text values: use them from now + if (($setval = $attrib[strtolower($_SESSION['language'])]) || ($setval = $attrib['en_us'])) { + $this->texts[$name] = $setval; + } + + // check for text with domain + if ($domain && ($text = $this->texts[$domain.'.'.$name])) { + } + // text does not exist + else if (!($text = $this->texts[$name])) { + return "[$name]"; + } + + // replace vars in text + if (is_array($attrib['vars'])) { + foreach ($attrib['vars'] as $var_key => $var_value) { + $text = str_replace($var_key[0] != '$' ? '$'.$var_key : $var_key, $var_value, $text); + } + } + + // replace \n with real line break + $text = strtr($text, array('\n' => "\n")); + + // case folding + if (($attrib['uppercase'] && strtolower($attrib['uppercase']) == 'first') || $attrib['ucfirst']) { + $case_mode = MB_CASE_TITLE; + } + else if ($attrib['uppercase']) { + $case_mode = MB_CASE_UPPER; + } + else if ($attrib['lowercase']) { + $case_mode = MB_CASE_LOWER; + } + + if (isset($case_mode)) { + $text = mb_convert_case($text, $case_mode); + } + + return $text; + } + + /** + * Check if the given text label exists + * + * @param string $name Label name + * @param string $domain Label domain (plugin) name or '*' for all domains + * @param string $ref_domain Sets domain name if label is found + * + * @return boolean True if text exists (either in the current language or in en_US) + */ + public function text_exists($name, $domain = null, &$ref_domain = null) + { + // load localization files if not done yet + if (empty($this->texts)) { + $this->load_language(); + } + + if (isset($this->texts[$name])) { + $ref_domain = ''; + return true; + } + + // any of loaded domains (plugins) + if ($domain == '*') { + foreach ($this->plugins->loaded_plugins() as $domain) { + if (isset($this->texts[$domain.'.'.$name])) { + $ref_domain = $domain; + return true; + } + } + } + // specified domain + else if ($domain) { + $ref_domain = $domain; + return isset($this->texts[$domain.'.'.$name]); + } + + return false; + } + + /** + * Load a localization package + * + * @param string $lang Language ID + * @param array $add Additional text labels/messages + * @param array $merge Additional text labels/messages to merge + */ + public function load_language($lang = null, $add = array(), $merge = array()) + { + $lang = $this->language_prop($lang ?: $_SESSION['language']); + + // load localized texts + if (empty($this->texts) || $lang != $_SESSION['language']) { + $this->texts = array(); + + // handle empty lines after closing PHP tag in localization files + ob_start(); + + // get english labels (these should be complete) + @include(RCUBE_LOCALIZATION_DIR . 'en_US/labels.inc'); + @include(RCUBE_LOCALIZATION_DIR . 'en_US/messages.inc'); + + if (is_array($labels)) + $this->texts = $labels; + if (is_array($messages)) + $this->texts = array_merge($this->texts, $messages); + + // include user language files + if ($lang != 'en' && $lang != 'en_US' && is_dir(RCUBE_LOCALIZATION_DIR . $lang)) { + include_once(RCUBE_LOCALIZATION_DIR . $lang . '/labels.inc'); + include_once(RCUBE_LOCALIZATION_DIR . $lang . '/messages.inc'); + + if (is_array($labels)) + $this->texts = array_merge($this->texts, $labels); + if (is_array($messages)) + $this->texts = array_merge($this->texts, $messages); + } + + ob_end_clean(); + + $_SESSION['language'] = $lang; + } + + // append additional texts (from plugin) + if (is_array($add) && !empty($add)) { + $this->texts += $add; + } + + // merge additional texts (from plugin) + if (is_array($merge) && !empty($merge)) { + $this->texts = array_merge($this->texts, $merge); + } + } + + /** + * Check the given string and return a valid language code + * + * @param string $lang Language code + * + * @return string Valid language code + */ + protected function language_prop($lang) + { + static $rcube_languages, $rcube_language_aliases; + + // user HTTP_ACCEPT_LANGUAGE if no language is specified + if (empty($lang) || $lang == 'auto') { + $accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); + $lang = $accept_langs[0]; + + if (preg_match('/^([a-z]+)[_-]([a-z]+)$/i', $lang, $m)) { + $lang = $m[1] . '_' . strtoupper($m[2]); + } + } + + if (empty($rcube_languages)) { + @include(RCUBE_LOCALIZATION_DIR . 'index.inc'); + } + + // check if we have an alias for that language + if (!isset($rcube_languages[$lang]) && isset($rcube_language_aliases[$lang])) { + $lang = $rcube_language_aliases[$lang]; + } + // try the first two chars + else if (!isset($rcube_languages[$lang])) { + $short = substr($lang, 0, 2); + + // check if we have an alias for the short language code + if (!isset($rcube_languages[$short]) && isset($rcube_language_aliases[$short])) { + $lang = $rcube_language_aliases[$short]; + } + // expand 'nn' to 'nn_NN' + else if (!isset($rcube_languages[$short])) { + $lang = $short.'_'.strtoupper($short); + } + } + + if (!isset($rcube_languages[$lang]) || !is_dir(RCUBE_LOCALIZATION_DIR . $lang)) { + $lang = 'en_US'; + } + + return $lang; + } + + /** + * Read directory program/localization and return a list of available languages + * + * @return array List of available localizations + */ + public function list_languages() + { + static $sa_languages = array(); + + if (!count($sa_languages)) { + @include(RCUBE_LOCALIZATION_DIR . 'index.inc'); + + if ($dh = @opendir(RCUBE_LOCALIZATION_DIR)) { + while (($name = readdir($dh)) !== false) { + if ($name[0] == '.' || !is_dir(RCUBE_LOCALIZATION_DIR . $name)) { + continue; + } + + if ($label = $rcube_languages[$name]) { + $sa_languages[$name] = $label; + } + } + closedir($dh); + } + } + + return $sa_languages; + } + + /** + * Encrypt a string + * + * @param string $clear Clear text input + * @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key' + * @param boolean $base64 Whether or not to base64_encode() the result before returning + * + * @return string Encrypted text + */ + public function encrypt($clear, $key = 'des_key', $base64 = true) + { + if (!is_string($clear) || !strlen($clear)) { + return ''; + } + + $ckey = $this->config->get_crypto_key($key); + $method = $this->config->get_crypto_method(); + $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; + $iv = rcube_utils::random_bytes(openssl_cipher_iv_length($method), true); + $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv); + + return $base64 ? base64_encode($cipher) : $cipher; + } + + /** + * Decrypt a string + * + * @param string $cipher Encrypted text + * @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key' + * @param boolean $base64 Whether or not input is base64-encoded + * + * @return string Decrypted text + */ + public function decrypt($cipher, $key = 'des_key', $base64 = true) + { + if (!$cipher) { + return ''; + } + + $cipher = $base64 ? base64_decode($cipher) : $cipher; + $ckey = $this->config->get_crypto_key($key); + $method = $this->config->get_crypto_method(); + $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; + $iv_size = openssl_cipher_iv_length($method); + $iv = substr($cipher, 0, $iv_size); + + // session corruption? (#1485970) + if (strlen($iv) < $iv_size) { + return ''; + } + + $cipher = substr($cipher, $iv_size); + $clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv); + + return $clear; + } + + /** + * Returns session token for secure URLs + * + * @param bool $generate Generate token if not exists in session yet + * + * @return string|bool Token string, False when disabled + */ + public function get_secure_url_token($generate = false) + { + if ($len = $this->config->get('use_secure_urls')) { + if (empty($_SESSION['secure_token']) && $generate) { + // generate x characters long token + $length = $len > 1 ? $len : 16; + $token = rcube_utils::random_bytes($length); + + $plugin = $this->plugins->exec_hook('secure_token', + array('value' => $token, 'length' => $length)); + + $_SESSION['secure_token'] = $plugin['value']; + } + + return $_SESSION['secure_token']; + } + + return false; + } + + /** + * Generate a unique token to be used in a form request + * + * @return string The request token + */ + public function get_request_token() + { + if (empty($_SESSION['request_token'])) { + $plugin = $this->plugins->exec_hook('request_token', array( + 'value' => rcube_utils::random_bytes(32))); + + $_SESSION['request_token'] = $plugin['value']; + } + + return $_SESSION['request_token']; + } + + /** + * Check if the current request contains a valid token. + * Empty requests aren't checked until use_secure_urls is set. + * + * @param int $mode Request method + * + * @return boolean True if request token is valid false if not + */ + public function check_request($mode = rcube_utils::INPUT_POST) + { + // check secure token in URL if enabled + if ($token = $this->get_secure_url_token()) { + foreach (explode('/', preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI'])) as $tok) { + if ($tok == $token) { + return true; + } + } + + $this->request_status = self::REQUEST_ERROR_URL; + + return false; + } + + $sess_tok = $this->get_request_token(); + + // ajax requests + if (rcube_utils::request_header('X-Roundcube-Request') == $sess_tok) { + return true; + } + + // skip empty requests + if (($mode == rcube_utils::INPUT_POST && empty($_POST)) + || ($mode == rcube_utils::INPUT_GET && empty($_GET)) + ) { + return true; + } + + // default method of securing requests + $token = rcube_utils::get_input_value('_token', $mode); + $sess_id = $_COOKIE[ini_get('session.name')]; + + if (empty($sess_id) || $token != $sess_tok) { + $this->request_status = self::REQUEST_ERROR_TOKEN; + return false; + } + + return true; + } + + /** + * Build a valid URL to this instance of Roundcube + * + * @param mixed $p Either a string with the action or url parameters as key-value pairs + * + * @return string Valid application URL + */ + public function url($p) + { + // STUB: should be overloaded by the application + return ''; + } + + /** + * Function to be executed in script shutdown + * Registered with register_shutdown_function() + */ + public function shutdown() + { + foreach ($this->shutdown_functions as $function) { + call_user_func($function); + } + + // write session data as soon as possible and before + // closing database connection, don't do this before + // registered shutdown functions, they may need the session + // Note: this will run registered gc handlers (ie. cache gc) + if ($_SERVER['REMOTE_ADDR'] && is_object($this->session)) { + $this->session->write_close(); + } + + if (is_object($this->smtp)) { + $this->smtp->disconnect(); + } + + foreach ($this->caches as $cache) { + if (is_object($cache)) { + $cache->close(); + } + } + + if (is_object($this->storage)) { + $this->storage->close(); + } + + if ($this->config->get('log_driver') == 'syslog') { + closelog(); + } + } + + /** + * Registers shutdown function to be executed on shutdown. + * The functions will be executed before destroying any + * objects like smtp, imap, session, etc. + * + * @param callback $function Function callback + */ + public function add_shutdown_function($function) + { + $this->shutdown_functions[] = $function; + } + + /** + * When you're going to sleep the script execution for a longer time + * it is good to close all external connections (sql, memcache, SMTP, IMAP). + * + * No action is required on wake up, all connections will be + * re-established automatically. + */ + public function sleep() + { + foreach ($this->caches as $cache) { + if (is_object($cache)) { + $cache->close(); + } + } + + if ($this->storage) { + $this->storage->close(); + } + + if ($this->db) { + $this->db->closeConnection(); + } + + if ($this->memcache) { + $this->memcache->close(); + // after close() need to re-init memcache + $this->memcache_init(); + } + + if ($this->smtp) { + $this->smtp->disconnect(); + } + } + + /** + * Quote a given string. + * Shortcut function for rcube_utils::rep_specialchars_output() + * + * @return string HTML-quoted string + */ + public static function Q($str, $mode = 'strict', $newlines = true) + { + return rcube_utils::rep_specialchars_output($str, 'html', $mode, $newlines); + } + + /** + * Quote a given string for javascript output. + * Shortcut function for rcube_utils::rep_specialchars_output() + * + * @return string JS-quoted string + */ + public static function JQ($str) + { + return rcube_utils::rep_specialchars_output($str, 'js'); + } + + /** + * Construct shell command, execute it and return output as string. + * Keywords {keyword} are replaced with arguments + * + * @param $cmd Format string with {keywords} to be replaced + * @param $values (zero, one or more arrays can be passed) + * + * @return output of command. shell errors not detectable + */ + public static function exec(/* $cmd, $values1 = array(), ... */) + { + $args = func_get_args(); + $cmd = array_shift($args); + $values = $replacements = array(); + + // merge values into one array + foreach ($args as $arg) { + $values += (array)$arg; + } + + preg_match_all('/({(-?)([a-z]\w*)})/', $cmd, $matches, PREG_SET_ORDER); + foreach ($matches as $tags) { + list(, $tag, $option, $key) = $tags; + $parts = array(); + + if ($option) { + foreach ((array)$values["-$key"] as $key => $value) { + if ($value === true || $value === false || $value === null) { + $parts[] = $value ? $key : ""; + } + else { + foreach ((array)$value as $val) { + $parts[] = "$key " . escapeshellarg($val); + } + } + } + } + else { + foreach ((array)$values[$key] as $value) { + $parts[] = escapeshellarg($value); + } + } + + $replacements[$tag] = join(" ", $parts); + } + + // use strtr behaviour of going through source string once + $cmd = strtr($cmd, $replacements); + + return (string)shell_exec($cmd); + } + + /** + * Print or write debug messages + * + * @param mixed Debug message or data + */ + public static function console() + { + $args = func_get_args(); + + if (class_exists('rcube', false)) { + $rcube = self::get_instance(); + $plugin = $rcube->plugins->exec_hook('console', array('args' => $args)); + if ($plugin['abort']) { + return; + } + + $args = $plugin['args']; + } + + $msg = array(); + foreach ($args as $arg) { + $msg[] = !is_string($arg) ? var_export($arg, true) : $arg; + } + + self::write_log('console', join(";\n", $msg)); + } + + /** + * Append a line to a logfile in the logs directory. + * Date will be added automatically to the line. + * + * @param string $name Name of the log file + * @param mixed $line Line to append + * + * @return bool True on success, False on failure + */ + public static function write_log($name, $line) + { + if (!is_string($line)) { + $line = var_export($line, true); + } + + $date_format = $log_driver = $session_key = null; + if (self::$instance) { + $date_format = self::$instance->config->get('log_date_format'); + $log_driver = self::$instance->config->get('log_driver'); + $session_key = intval(self::$instance->config->get('log_session_id', 8)); + } + + $date = rcube_utils::date_format($date_format); + + // trigger logging hook + if (is_object(self::$instance) && is_object(self::$instance->plugins)) { + $log = self::$instance->plugins->exec_hook('write_log', + array('name' => $name, 'date' => $date, 'line' => $line)); + + $name = $log['name']; + $line = $log['line']; + $date = $log['date']; + + if ($log['abort']) { + return true; + } + } + + // add session ID to the log + if ($session_key > 0 && ($sess = session_id())) { + $line = '<' . substr($sess, 0, $session_key) . '> ' . $line; + } + + if ($log_driver == 'syslog') { + $prio = $name == 'errors' ? LOG_ERR : LOG_INFO; + return syslog($prio, $line); + } + + // write message with file name when configured to log to STDOUT + if ($log_driver == 'stdout') { + $stdout = "php://stdout"; + $line = "$name: $line"; + return file_put_contents($stdout, $line, FILE_APPEND) !== false; + } + + // log_driver == 'file' is assumed here + + $line = sprintf("[%s]: %s\n", $date, $line); + + // per-user logging is activated + if (self::$instance && self::$instance->config->get('per_user_logging') && self::$instance->get_user_id()) { + $log_dir = self::$instance->get_user_log_dir(); + if (empty($log_dir) && !in_array($name, array('errors', 'userlogins', 'sendmail'))) { + return false; + } + } + + if (empty($log_dir)) { + if (!empty($log['dir'])) { + $log_dir = $log['dir']; + } + else if (self::$instance) { + $log_dir = self::$instance->config->get('log_dir'); + } + } + + if (empty($log_dir)) { + $log_dir = RCUBE_INSTALL_PATH . 'logs'; + } + + return file_put_contents("$log_dir/$name", $line, FILE_APPEND) !== false; + } + + /** + * Throw system error (and show error page). + * + * @param array $arg Named parameters + * - code: Error code (required) + * - type: Error type [php|db|imap|javascript] + * - message: Error message + * - file: File where error occurred + * - line: Line where error occurred + * @param boolean $log True to log the error + * @param boolean $terminate Terminate script execution + */ + public static function raise_error($arg = array(), $log = false, $terminate = false) + { + // handle PHP exceptions + if (is_object($arg) && is_a($arg, 'Exception')) { + $arg = array( + 'code' => $arg->getCode(), + 'line' => $arg->getLine(), + 'file' => $arg->getFile(), + 'message' => $arg->getMessage(), + ); + } + else if (is_string($arg)) { + $arg = array('message' => $arg); + } + + if (empty($arg['code'])) { + $arg['code'] = 500; + } + + $cli = php_sapi_name() == 'cli'; + + // installer + if (!$cli && class_exists('rcmail_install', false)) { + $rci = rcmail_install::get_instance(); + $rci->raise_error($arg); + return; + } + + if (($log || $terminate) && !$cli && $arg['message']) { + $arg['fatal'] = $terminate; + self::log_bug($arg); + } + + // terminate script + if ($terminate) { + // display error page + if (is_object(self::$instance->output)) { + self::$instance->output->raise_error($arg['code'], $arg['message']); + } + else if ($cli) { + fwrite(STDERR, 'ERROR: ' . $arg['message']); + } + + exit(1); + } + else if ($cli) { + fwrite(STDERR, 'ERROR: ' . $arg['message']); + } + } + + /** + * Report error according to configured debug_level + * + * @param array $arg_arr Named parameters + * @see self::raise_error() + */ + public static function log_bug($arg_arr) + { + $program = strtoupper($arg_arr['type'] ?: 'php'); + $level = self::get_instance()->config->get('debug_level'); + + // disable errors for ajax requests, write to log instead (#1487831) + if (($level & 4) && !empty($_REQUEST['_remote'])) { + $level = ($level ^ 4) | 1; + } + + // write error to local log file + if (($level & 1) || !empty($arg_arr['fatal'])) { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + foreach (array('_task', '_action') as $arg) { + if ($_POST[$arg] && !$_GET[$arg]) { + $post_query[$arg] = $_POST[$arg]; + } + } + + if (!empty($post_query)) { + $post_query = (strpos($_SERVER['REQUEST_URI'], '?') != false ? '&' : '?') + . http_build_query($post_query, '', '&'); + } + } + + $log_entry = sprintf("%s Error: %s%s (%s %s)", + $program, + $arg_arr['message'], + $arg_arr['file'] ? sprintf(' in %s on line %d', $arg_arr['file'], $arg_arr['line']) : '', + $_SERVER['REQUEST_METHOD'], + $_SERVER['REQUEST_URI'] . $post_query); + + if (!self::write_log('errors', $log_entry)) { + // send error to PHPs error handler if write_log didn't succeed + trigger_error($arg_arr['message'], E_USER_WARNING); + } + } + + // report the bug to the global bug reporting system + if ($level & 2) { + // TODO: Send error via HTTP + } + + // show error if debug_mode is on + if ($level & 4) { + print "<b>$program Error"; + + if (!empty($arg_arr['file']) && !empty($arg_arr['line'])) { + print " in $arg_arr[file] ($arg_arr[line])"; + } + + print ':</b> '; + print nl2br($arg_arr['message']); + print '<br />'; + flush(); + } + } + + /** + * Write debug info to the log + * + * @param string $engine Engine type - file name (memcache, apc) + * @param string $data Data string to log + * @param bool $result Operation result + */ + public static function debug($engine, $data, $result = null) + { + static $debug_counter; + + $line = '[' . (++$debug_counter[$engine]) . '] ' . $data; + + if (($len = strlen($line)) > self::DEBUG_LINE_LENGTH) { + $diff = $len - self::DEBUG_LINE_LENGTH; + $line = substr($line, 0, self::DEBUG_LINE_LENGTH) . "... [truncated $diff bytes]"; + } + + if ($result !== null) { + $line .= ' [' . ($result ? 'TRUE' : 'FALSE') . ']'; + } + + self::write_log($engine, $line); + } + + /** + * Returns current time (with microseconds). + * + * @return float Current time in seconds since the Unix + */ + public static function timer() + { + return microtime(true); + } + + /** + * Logs time difference according to provided timer + * + * @param float $timer Timer (self::timer() result) + * @param string $label Log line prefix + * @param string $dest Log file name + * + * @see self::timer() + */ + public static function print_timer($timer, $label = 'Timer', $dest = 'console') + { + static $print_count = 0; + + $print_count++; + $now = self::timer(); + $diff = $now - $timer; + + if (empty($label)) { + $label = 'Timer '.$print_count; + } + + self::write_log($dest, sprintf("%s: %0.4f sec", $label, $diff)); + } + + /** + * Setter for system user object + * + * @param rcube_user Current user instance + */ + public function set_user($user) + { + if (is_object($user)) { + $this->user = $user; + + // overwrite config with user preferences + $this->config->set_user_prefs((array)$this->user->get_prefs()); + } + } + + /** + * Getter for logged user ID. + * + * @return mixed User identifier + */ + public function get_user_id() + { + if (is_object($this->user)) { + return $this->user->ID; + } + else if (isset($_SESSION['user_id'])) { + return $_SESSION['user_id']; + } + + return null; + } + + /** + * Getter for logged user name. + * + * @return string User name + */ + public function get_user_name() + { + if (is_object($this->user)) { + return $this->user->get_username(); + } + else if (isset($_SESSION['username'])) { + return $_SESSION['username']; + } + } + + /** + * Getter for logged user email (derived from user name not identity). + * + * @return string User email address + */ + public function get_user_email() + { + if (is_object($this->user)) { + return $this->user->get_username('mail'); + } + } + + /** + * Getter for logged user password. + * + * @return string User password + */ + public function get_user_password() + { + if ($this->password) { + return $this->password; + } + else if ($_SESSION['password']) { + return $this->decrypt($_SESSION['password']); + } + } + + /** + * Get the per-user log directory + */ + protected function get_user_log_dir() + { + $log_dir = $this->config->get('log_dir', RCUBE_INSTALL_PATH . 'logs'); + $user_name = $this->get_user_name(); + $user_log_dir = $log_dir . '/' . $user_name; + + return !empty($user_name) && is_writable($user_log_dir) ? $user_log_dir : false; + } + + /** + * Getter for logged user language code. + * + * @return string User language code + */ + public function get_user_language() + { + if (is_object($this->user)) { + return $this->user->language; + } + else if (isset($_SESSION['language'])) { + return $_SESSION['language']; + } + } + + /** + * Unique Message-ID generator. + * + * @param string $sender Optional sender e-mail address + * + * @return string Message-ID + */ + public function gen_message_id($sender = null) + { + $local_part = md5(uniqid('rcube'.mt_rand(), true)); + $domain_part = ''; + + if ($sender && preg_match('/@([^\s]+\.[a-z0-9-]+)/', $sender, $m)) { + $domain_part = $m[1]; + } + else { + $domain_part = $this->user->get_username('domain'); + } + + // Try to find FQDN, some spamfilters doesn't like 'localhost' (#1486924) + if (!preg_match('/\.[a-z0-9-]+$/i', $domain_part)) { + foreach (array($_SERVER['HTTP_HOST'], $_SERVER['SERVER_NAME']) as $host) { + $host = preg_replace('/:[0-9]+$/', '', $host); + if ($host && preg_match('/\.[a-z]+$/i', $host)) { + $domain_part = $host; + break; + } + } + } + + return sprintf('<%s@%s>', $local_part, $domain_part); + } + + /** + * Send the given message using the configured method. + * + * @param object $message Reference to Mail_MIME object + * @param string $from Sender address string + * @param array $mailto Array of recipient address strings + * @param array $error SMTP error array (reference) + * @param string $body_file Location of file with saved message body (reference), + * used when delay_file_io is enabled + * @param array $options SMTP options (e.g. DSN request) + * @param bool $disconnect Close SMTP connection ASAP + * + * @return boolean Send status. + */ + public function deliver_message(&$message, $from, $mailto, &$error, + &$body_file = null, $options = null, $disconnect = false) + { + $plugin = $this->plugins->exec_hook('message_before_send', array( + 'message' => $message, + 'from' => $from, + 'mailto' => $mailto, + 'options' => $options, + )); + + if ($plugin['abort']) { + if (!empty($plugin['error'])) { + $error = $plugin['error']; + } + if (!empty($plugin['body_file'])) { + $body_file = $plugin['body_file']; + } + + return isset($plugin['result']) ? $plugin['result'] : false; + } + + $from = $plugin['from']; + $mailto = $plugin['mailto']; + $options = $plugin['options']; + $message = $plugin['message']; + $headers = $message->headers(); + + // generate list of recipients + $a_recipients = (array) $mailto; + + if (strlen($headers['Cc'])) { + $a_recipients[] = $headers['Cc']; + } + if (strlen($headers['Bcc'])) { + $a_recipients[] = $headers['Bcc']; + } + + // remove Bcc header and get the whole head of the message as string + $smtp_headers = $message->txtHeaders(array('Bcc' => null), true); + + if ($message->getParam('delay_file_io')) { + // use common temp dir + $temp_dir = $this->config->get('temp_dir'); + $body_file = tempnam($temp_dir, 'rcmMsg'); + $mime_result = $message->saveMessageBody($body_file); + + if (is_a($mime_result, 'PEAR_Error')) { + self::raise_error(array('code' => 650, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Could not create message: ".$mime_result->getMessage()), + true, false); + return false; + } + + $msg_body = fopen($body_file, 'r'); + } + else { + $msg_body = $message->get(); + } + + // initialize SMTP connection + if (!is_object($this->smtp)) { + $this->smtp_init(true); + } + + // send message + $sent = $this->smtp->send_mail($from, $a_recipients, $smtp_headers, $msg_body, $options); + $response = $this->smtp->get_response(); + $error = $this->smtp->get_error(); + + if (!$sent) { + self::raise_error(array('code' => 800, 'type' => 'smtp', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => join("\n", $response)), true, false); + + // allow plugins to catch sending errors with the same parameters as in 'message_before_send' + $this->plugins->exec_hook('message_send_error', $plugin + array('error' => $error)); + } + else { + $this->plugins->exec_hook('message_sent', array('headers' => $headers, 'body' => $msg_body, 'message' => $message)); + + // remove MDN headers after sending + unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']); + + if ($this->config->get('smtp_log')) { + // get all recipient addresses + $mailto = implode(',', $a_recipients); + $mailto = rcube_mime::decode_address_list($mailto, null, false, null, true); + + self::write_log('sendmail', sprintf("User %s [%s]; Message for %s; %s", + $this->user->get_username(), + rcube_utils::remote_addr(), + implode(', ', $mailto), + !empty($response) ? join('; ', $response) : '')); + } + } + + if (is_resource($msg_body)) { + fclose($msg_body); + } + + if ($disconnect) { + $this->smtp->disconnect(); + } + + $message->headers($headers, true); + + return $sent; + } +} + + +/** + * Lightweight plugin API class serving as a dummy if plugins are not enabled + * + * @package Framework + * @subpackage Core + */ +class rcube_dummy_plugin_api +{ + /** + * Triggers a plugin hook. + * @see rcube_plugin_api::exec_hook() + */ + public function exec_hook($hook, $args = array()) + { + return $args; + } +}