From a00d4560842cf5f10fb331c1606026baf6756f8a Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 4 Nov 2007 22:52:16 +0000 Subject: [PATCH] functions.inc.php - encode_header(): made charset parameter optional, defaults to utf-8 - db_delete(): escape_string() $where and $delete create-mailbox.php: - always encode mail header and insert Content-Type etc. headers (previous code never did this, $PALANG['charset'] is not set in any language. so this code part was never used) sendmail.php: - always encode mail header and insert Content-Type etc. headers (had the same bug as create-mailbox.php) - merge GET and POST These changes fix http://sourceforge.net/tracker/index.php?func=detail&aid=1811214&group_id=191583&atid=937964 git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@199 a1433add-5e2c-0410-b055-b7f2511e0802 --- create-mailbox.php | 18 +++++------------- functions.inc.php | 4 ++-- sendmail.php | 44 ++++++++++++++++---------------------------- 3 files changed, 23 insertions(+), 43 deletions(-) diff --git a/create-mailbox.php b/create-mailbox.php index 62d666da..af2c0915 100644 --- a/create-mailbox.php +++ b/create-mailbox.php @@ -210,7 +210,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") Lines starting with /* were inserted to keep this section in commented mode. - $result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir',$quota,'$fDomain',NOW(),NOW(),'$sqlActive')"); if ($result['rows'] != 1) { $tDomain = $fDomain; @@ -311,18 +310,11 @@ TODO: this is the end of /create-mailbox.php code segment $fHeaders = "To: " . $fTo . "\n"; $fHeaders .= "From: " . $fFrom . "\n"; - if (!empty ($PALANG['charset'])) - { - $fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n"; - $fHeaders .= "MIME-Version: 1.0\n"; - $fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n"; - $fHeaders .= "Content-Transfer-Encoding: 8bit\n"; - } - else - { - $fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n"; - } - + $fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text']) . "\n"; + $fHeaders .= "MIME-Version: 1.0\n"; + $fHeaders .= "Content-Type: text/plain; charset=utf-8\n"; + $fHeaders .= "Content-Transfer-Encoding: 8bit\n"; + $fHeaders .= $CONF['welcome_text']; if (!smtp_mail ($fTo, $fFrom, $fHeaders)) diff --git a/functions.inc.php b/functions.inc.php index 96c600a7..a9b2f2ce 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -900,7 +900,7 @@ function get_admin_properties ($username) // Action: Encode a string according to RFC 1522 for use in headers if it contains 8-bit characters. // Call: encode_header (string header, string charset) // -function encode_header ($string, $default_charset) +function encode_header ($string, $default_charset = "utf-8") { if (strtolower ($default_charset) == 'iso-8859-1') { @@ -1514,7 +1514,7 @@ function db_assoc ($result) // function db_delete ($table,$where,$delete) { - $result = db_query ("DELETE FROM $table WHERE $where='$delete'"); + $result = db_query ("DELETE FROM $table WHERE " . escape_string($where) . "='" . escape_string($delete) . "'"); if ($result['rows'] >= 1) { return $result['rows']; diff --git a/sendmail.php b/sendmail.php index 9265dbee..170e62cb 100644 --- a/sendmail.php +++ b/sendmail.php @@ -37,43 +37,29 @@ authentication_require_role('admin'); (($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1'); $SESSID_USERNAME = authentication_get_username(); -if ($_SERVER['REQUEST_METHOD'] == "GET") -{ - include ("./templates/header.tpl"); - include ("./templates/menu.tpl"); - include ("./templates/sendmail.tpl"); - include ("./templates/footer.tpl"); -} if ($_SERVER['REQUEST_METHOD'] == "POST") { - if (isset ($_POST['fTo'])) $fTo = escape_string ($_POST['fTo']); + $fTo = safepost('fTo'); $fFrom = $SESSID_USERNAME; - if (isset ($_POST['fTo'])) $fHeaders = "To: " . $fTo . "\n"; - if (isset ($_POST['fTo'])) $fHeaders .= "From: " . $fFrom . "\n"; + $fHeaders = "To: " . $fTo . "\n"; + $fHeaders .= "From: " . $fFrom . "\n"; - if (!empty ($PALANG['charset'])) - { - $fHeaders .= "Subject: " . encode_header (escape_string ($_POST['fSubject']), $PALANG['charset']) . "\n"; - $fHeaders .= "MIME-Version: 1.0\n"; - $fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n"; - $fHeaders .= "Content-Transfer-Encoding: 8bit\n"; - } - else - { - $fHeaders .= "Subject: " . escape_string ($_POST['fSubject']) . "\n\n"; - } + $fHeaders .= "Subject: " . encode_header(safepost('fSubject')) . "\n"; + $fHeaders .= "MIME-Version: 1.0\n"; + $fHeaders .= "Content-Type: text/plain; charset=utf-8\n"; + $fHeaders .= "Content-Transfer-Encoding: 8bit\n"; $fHeaders .= escape_string ($_POST['fBody']); if (empty ($fTo) or !check_email ($fTo)) - { + { $error = 1; $tTo = escape_string ($_POST['fTo']); $tSubject = escape_string ($_POST['fSubject']); $tBody = escape_string ($_POST['fBody']); $tMessage = $PALANG['pSendmail_to_text_error']; - } + } if ($error != 1) { @@ -86,10 +72,12 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") $tMessage .= $PALANG['pSendmail_result_success']; } } - - include ("./templates/header.tpl"); - include ("./templates/menu.tpl"); - include ("./templates/sendmail.tpl"); - include ("./templates/footer.tpl"); } + +include ("./templates/header.tpl"); +include ("./templates/menu.tpl"); +include ("./templates/sendmail.tpl"); +include ("./templates/footer.tpl"); + +/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */ ?>