From c63040203d1496a45b04bae53fc55b7e2ec052fd Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Wed, 29 Apr 2020 15:26:15 +0200 Subject: [PATCH] LSaddon :: mail: Improve mail forging method by using PEAR Mail_mime lib --- debian/control | 2 +- doc/conf/LSaddon/LSaddon_mail.docbook | 35 ++++----- .../conf/LSaddons/config.LSaddons.mail.php | 6 +- public_html/includes/addons/LSaddons.mail.php | 71 +++++++++++++++---- 4 files changed, 79 insertions(+), 35 deletions(-) diff --git a/debian/control b/debian/control index 0ea3bea9..1cbcde08 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Maintainer: Benjamin Renard Package: ldapsaisie Architecture: all -Depends: apache2 | httpd, php-ldap | php5-ldap, php-fpm | libapache2-mod-php5 | libapache2-mod-php | php5-cli | php-cli, smarty | smarty3, php-net-ldap2, php-net-ftp, php-mail, php-file-csv-datasource +Depends: apache2 | httpd, php-ldap | php5-ldap, php-fpm | libapache2-mod-php5 | libapache2-mod-php | php5-cli | php-cli, smarty | smarty3, php-net-ldap2, php-net-ftp, php-mail, php-mail-mime, php-file-csv-datasource Recommends: php-mbstring, php-phpseclib Description: web based interface for managing LDAP servers content LdapSaisie is a Web application developed to manage LDAP directory. diff --git a/doc/conf/LSaddon/LSaddon_mail.docbook b/doc/conf/LSaddon/LSaddon_mail.docbook index 5e7df952..78ba7c21 100644 --- a/doc/conf/LSaddon/LSaddon_mail.docbook +++ b/doc/conf/LSaddon/LSaddon_mail.docbook @@ -1,9 +1,9 @@ LSaddon_mail Cet &LSaddon; est utilisé pour gérer l'envoie de mail. Le module - &PEAR; Mail doit être installé. Il doit être configuré en éditant son + &PEAR; Mail doit être installé. Il doit être configuré en éditant son fichier de configuration config.LSaddons.mail.php. - + Structure du fichier/* *********************************************** @@ -14,6 +14,9 @@ // Pear :: Mail define('PEAR_MAIL','/usr/share/php/Mail.php'); +// Pear :: Mail_mime +define('PEAR_MAIL_MIME','/usr/share/php/Mail/mime.php'); + /* * Méthode d'envoie : * - mail : envoie avec la méthode PHP mail() @@ -27,32 +30,32 @@ define('MAIL_SEND_METHOD','smtp'); * Ces paramètres dépende de la méthode utilisé. Repporté vous à la documentation * de PEAR :: Mail pour plus d'information. * Lien : http://pear.php.net/manual/en/package.mail.mail.factory.php - * Infos : + * Infos : * List of parameter for the backends * mail - * o If safe mode is disabled, $params will be passed as the fifth - * argument to the PHP mail() function. If $params is an array, - * its elements will be joined as a space-delimited string. + * o If safe mode is disabled, $params will be passed as the fifth + * argument to the PHP mail() function. If $params is an array, + * its elements will be joined as a space-delimited string. * sendmail - * o $params["sendmail_path"] - The location of the sendmail program + * o $params["sendmail_path"] - The location of the sendmail program * on the filesystem. Default is /usr/bin/sendmail. - * o $params["sendmail_args"] - Additional parameters to pass to the - * sendmail. Default is -i. + * o $params["sendmail_args"] - Additional parameters to pass to the + * sendmail. Default is -i. * smtp * o $params["host"] - The server to connect. Default is localhost. * o $params["port"] - The port to connect. Default is 25. - * o $params["auth"] - Whether or not to use SMTP authentication. + * o $params["auth"] - Whether or not to use SMTP authentication. * Default is FALSE. * o $params["username"] - The username to use for SMTP authentication. * o $params["password"] - The password to use for SMTP authentication. * o $params["localhost"] - The value to give when sending EHLO or HELO. * Default is localhost - * o $params["timeout"] - The SMTP connection timeout. + * o $params["timeout"] - The SMTP connection timeout. * Default is NULL (no timeout). * o $params["verp"] - Whether to use VERP or not. Default is FALSE. - * o $params["debug"] - Whether to enable SMTP debug mode or not. + * o $params["debug"] - Whether to enable SMTP debug mode or not. * Default is FALSE. - * o $params["persist"] - Indicates whether or not the SMTP connection + * o $params["persist"] - Indicates whether or not the SMTP connection * should persist over multiple calls to the send() method. */ $MAIL_SEND_PARAMS = NULL; @@ -61,9 +64,6 @@ $MAIL_SEND_PARAMS = NULL; * Headers : */ $MAIL_HEARDERS = array( - "Content-Type" => "text/plain", - "charset" => "UTF-8", - "format" => "flowed" ); @@ -76,6 +76,9 @@ $MAIL_HEARDERS = array( string $subject string $msg array $headers + array $attachments + string $eol + string $encoding diff --git a/public_html/conf/LSaddons/config.LSaddons.mail.php b/public_html/conf/LSaddons/config.LSaddons.mail.php index 88bbfd6f..852f662c 100644 --- a/public_html/conf/LSaddons/config.LSaddons.mail.php +++ b/public_html/conf/LSaddons/config.LSaddons.mail.php @@ -29,6 +29,9 @@ // Pear :: Mail define('PEAR_MAIL','/usr/share/php/Mail.php'); +// Pear :: Mail_mime +define('PEAR_MAIL_MIME','/usr/share/php/Mail/mime.php'); + /* * Méthode d'envoie : * - mail : envoie avec la méthode PHP mail() @@ -76,8 +79,5 @@ $MAIL_SEND_PARAMS = NULL; * Headers : */ $MAIL_HEARDERS = array( - "Content-Type" => "text/plain", - "charset" => "UTF-8", - "format" => "flowed" ); diff --git a/public_html/includes/addons/LSaddons.mail.php b/public_html/includes/addons/LSaddons.mail.php index 711f766f..2f61cd35 100644 --- a/public_html/includes/addons/LSaddons.mail.php +++ b/public_html/includes/addons/LSaddons.mail.php @@ -26,6 +26,9 @@ LSerror :: defineError('MAIL_SUPPORT_01', _("MAIL Support : Pear::MAIL is missing.") ); +LSerror :: defineError('MAIL_SUPPORT_02', + _("MAIL Support : Pear::MAIL_MIME is missing.") +); // Autres erreurs LSerror :: defineError('MAIL_00', @@ -35,10 +38,10 @@ LSerror :: defineError('MAIL_00', LSerror :: defineError('MAIL_01', _("MAIL : Error sending your email") ); - + /** * Verification du support MAIL par ldapSaisie - * + * * @author Benjamin Renard * * @retval boolean true si MAIL est pleinement supporté, false sinon @@ -53,30 +56,43 @@ LSerror :: defineError('MAIL_01', $retval=false; } } - + + if (!class_exists('Mail_mime')) { + if(!LSsession::includeFile(PEAR_MAIL_MIME, true)) { + LSerror :: addErrorCode('MAIL_SUPPORT_02'); + $retval=false; + } + } + return $retval; } - + /** * Envoie d'un mail - * + * * @author Benjamin Renard * * @retval boolean true si MAIL est pleinement supporté, false sinon */ - function sendMail($to,$subject,$msg,$headers=array()) { + function sendMail($to, $subject, $msg, $headers=array(), $attachments=array(), $eol="\n", $encoding="utf8") { global $MAIL_SEND_PARAMS, $MAIL_HEARDERS; $mail_obj = Mail::factory(MAIL_SEND_METHOD, (isset($MAIL_SEND_PARAMS)?$MAIL_SEND_PARAMS:null)); - + if (isset($MAIL_HEARDERS) && is_array($MAIL_HEARDERS)) { $headers = array_merge($headers,$MAIL_HEARDERS); } - if ($subject) { - $headers["Subject"] = $subject; + + if (isset($headers['From'])) { + $from = $headers['From']; + unset($headers['From']); } - if (!isset($headers['From']) && (LSsession :: getEmailSender() != "")) { - $headers['From'] = LSsession :: getEmailSender(); + elseif (LSsession :: getEmailSender() != "") { + $from = LSsession :: getEmailSender(); } + else { + $from = null; + } + $headers["To"] = $to; $to = array ( @@ -92,13 +108,38 @@ LSerror :: defineError('MAIL_01', } } - $ret = $mail_obj -> send($to,$headers,$msg); - + $mime = new Mail_mime( + array( + 'eol' => $eol, + 'text_charset' => $encoding, + 'head_charset' => $encoding, + ) + ); + + if ($from) + $mime->setFrom($from); + + if ($subject) + $mime->setSubject($subject); + + $mime->setTXTBody($msg); + + if (is_array($attachments) && !empty($attachments)) { + $finfo = new finfo(FILEINFO_MIME_TYPE); + foreach ($attachments as $file => $filename) { + $mime->addAttachment($file, $finfo->file($file), $filename); + } + } + + $body = $mime->get(); + $headers = $mime->headers($headers); + + $ret = $mail_obj -> send($to, $headers, $body); + if ($ret instanceof PEAR_Error) { LSerror :: addErrorCode('MAIL_01'); - LSerror :: addErrorCode('MAIL_00',$ret -> getMessage()); + LSerror :: addErrorCode('MAIL_00', $ret -> getMessage()); return; } return true; } -