LSaddon :: mail: Improve mail forging method by using PEAR Mail_mime lib

2024-11-18 00:09:06 +01:00 · 2020-04-29 15:26:15 +02:00 · 2020-04-29 15:26:15 +02:00 · c63040203d
commit c63040203d
parent de3adbbffb
4 changed files with 79 additions and 35 deletions
--- a/debian/control
+++ b/debian/control
@ -6,7 +6,7 @@ Maintainer: Benjamin Renard <brenard@easter-eggs.com>

 Package: ldapsaisie
 Architecture: all
-Depends: apache2 | httpd, php-ldap | php5-ldap, php-fpm | libapache2-mod-php5 | libapache2-mod-php | php5-cli | php-cli, smarty | smarty3, php-net-ldap2, php-net-ftp, php-mail, php-file-csv-datasource
+Depends: apache2 | httpd, php-ldap | php5-ldap, php-fpm | libapache2-mod-php5 | libapache2-mod-php | php5-cli | php-cli, smarty | smarty3, php-net-ldap2, php-net-ftp, php-mail, php-mail-mime, php-file-csv-datasource
 Recommends: php-mbstring, php-phpseclib
 Description:  web based interface for managing LDAP servers content
 LdapSaisie is a Web application developed to manage LDAP directory.
--- a/doc/conf/LSaddon/LSaddon_mail.docbook
+++ b/doc/conf/LSaddon/LSaddon_mail.docbook
@ -14,6 +14,9 @@
 // Pear :: Mail
 define('PEAR_MAIL','/usr/share/php/Mail.php');

+// Pear :: Mail_mime
+define('PEAR_MAIL_MIME','/usr/share/php/Mail/mime.php');
+
 /*
 * Méthode d'envoie :
 *  - mail : envoie avec la méthode PHP mail()
@ -61,9 +64,6 @@ $MAIL_SEND_PARAMS = NULL;
 * Headers :
 */
 $MAIL_HEARDERS = array(
-  "Content-Type"  =>  "text/plain",
-  "charset"       =>  "UTF-8",
-  "format"        =>  "flowed"
 );
 </programlisting>

@ -76,6 +76,9 @@ $MAIL_HEARDERS = array(
    <paramdef>string <parameter>$subject</parameter></paramdef>
    <paramdef>string <parameter>$msg</parameter></paramdef>
    <paramdef>array <parameter>$headers</parameter></paramdef>
+    <paramdef>array <parameter>$attachments</parameter></paramdef>
+    <paramdef>string <parameter>$eol</parameter></paramdef>
+    <paramdef>string <parameter>$encoding</parameter></paramdef>
 </funcprototype>
 </funcsynopsis>
 </para>
--- a/public_html/conf/LSaddons/config.LSaddons.mail.php
+++ b/public_html/conf/LSaddons/config.LSaddons.mail.php
@ -29,6 +29,9 @@
 // Pear :: Mail
 define('PEAR_MAIL','/usr/share/php/Mail.php');

+// Pear :: Mail_mime
+define('PEAR_MAIL_MIME','/usr/share/php/Mail/mime.php');
+
 /*
 * Méthode d'envoie :
 *  - mail : envoie avec la méthode PHP mail()
@ -76,8 +79,5 @@ $MAIL_SEND_PARAMS = NULL;
 * Headers :
 */
 $MAIL_HEARDERS = array(
-  "Content-Type"  =>  "text/plain",
-  "charset"       =>  "UTF-8",
-  "format"        =>  "flowed"
 );

--- a/public_html/includes/addons/LSaddons.mail.php
+++ b/public_html/includes/addons/LSaddons.mail.php
@ -26,6 +26,9 @@
 LSerror :: defineError('MAIL_SUPPORT_01',
  _("MAIL Support : Pear::MAIL is missing.")
 );
+LSerror :: defineError('MAIL_SUPPORT_02',
+  _("MAIL Support : Pear::MAIL_MIME is missing.")
+);

 // Autres erreurs
 LSerror :: defineError('MAIL_00',
@ -54,6 +57,13 @@ LSerror :: defineError('MAIL_01',
      }
    }

+    if (!class_exists('Mail_mime')) {
+      if(!LSsession::includeFile(PEAR_MAIL_MIME, true)) {
+        LSerror :: addErrorCode('MAIL_SUPPORT_02');
+        $retval=false;
+      }
+    }
+
    return $retval;
  }

@ -64,19 +74,25 @@ LSerror :: defineError('MAIL_01',
  *
  * @retval boolean true si MAIL est pleinement supporté, false sinon
  */
-  function sendMail($to,$subject,$msg,$headers=array()) {
+  function sendMail($to, $subject, $msg, $headers=array(), $attachments=array(), $eol="\n", $encoding="utf8") {
    global $MAIL_SEND_PARAMS, $MAIL_HEARDERS;
    $mail_obj = Mail::factory(MAIL_SEND_METHOD, (isset($MAIL_SEND_PARAMS)?$MAIL_SEND_PARAMS:null));

    if (isset($MAIL_HEARDERS) && is_array($MAIL_HEARDERS)) {
      $headers = array_merge($headers,$MAIL_HEARDERS);
    }
-    if ($subject) {
-      $headers["Subject"] = $subject;
+
+    if (isset($headers['From'])) {
+      $from = $headers['From'];
+      unset($headers['From']);
    }
-    if (!isset($headers['From']) && (LSsession :: getEmailSender() != "")) {
-      $headers['From'] = LSsession :: getEmailSender();
+    elseif (LSsession :: getEmailSender() != "") {
+      $from = LSsession :: getEmailSender();
    }
+    else {
+      $from = null;
+    }
+
    $headers["To"] = $to;

    $to = array (
@ -92,13 +108,38 @@ LSerror :: defineError('MAIL_01',
      }
    }

-    $ret = $mail_obj -> send($to,$headers,$msg);
+    $mime = new Mail_mime(
+      array(
+        'eol' => $eol,
+        'text_charset' => $encoding,
+        'head_charset' => $encoding,
+      )
+    );
+
+    if ($from)
+      $mime->setFrom($from);
+
+    if ($subject)
+      $mime->setSubject($subject);
+
+    $mime->setTXTBody($msg);
+
+    if (is_array($attachments) && !empty($attachments)) {
+      $finfo = new finfo(FILEINFO_MIME_TYPE);
+      foreach ($attachments as $file => $filename) {
+        $mime->addAttachment($file, $finfo->file($file), $filename);
+      }
+    }
+
+    $body = $mime->get();
+    $headers = $mime->headers($headers);
+
+    $ret = $mail_obj -> send($to, $headers, $body);

    if ($ret instanceof PEAR_Error) {
      LSerror :: addErrorCode('MAIL_01');
-      LSerror :: addErrorCode('MAIL_00',$ret -> getMessage());
+      LSerror :: addErrorCode('MAIL_00', $ret -> getMessage());
      return;
    }
    return true;
  }
-