Merge remote-tracking branch 'origin/bug-1318' into release
[cacert-devel.git] / includes / general.php
index 9eb5060..17b449b 100644 (file)
                //echo "Points due to name matches: $points<br/>";
 
                $shellpwd = escapeshellarg($pwd);
-               $do = `grep $shellpwd /usr/share/dict/american-english`;
+               $do = shell_exec("grep -F -- $shellpwd /usr/share/dict/american-english");
                if($do)
                        $points--;
 
                return(0);
        }
 
-       function hex2bin($data)
+       function gpg_hex2bin($data)
        {
                while(strstr($data, "\\x"))
                {
                $fp = fopen($tmpfname, "w");
                fputs($fp, $message);
                fclose($fp);
-               $do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`;
+               $to_esc = escapeshellarg($to);
+               $do = shell_exec("/usr/bin/gpg --homedir /home/gpg --clearsign \"$tmpfname\"|/usr/sbin/sendmail ".$to_esc);
                @unlink($tmpfname);
        }
 
                if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
                {
                        list($username,$domain)=explode('@',$email,2);
-                       $dom = escapeshellarg($domain);
-                       $line = trim(`dig +short MX $dom 2>&1`);
-#echo $email."-$dom-$line-\n";
-#echo `dig +short mx heise.de 2>&1`."-<br>\n";
-
-                       $list = explode("\n", $line);
-                       foreach($list as $row) {
-                               if(!strstr($row, " ")) {
-                                       continue;
+                       $mxhostrr = array();
+                       $mxweight = array();
+                       if( !getmxrr($domain, $mxhostrr, $mxweight) ) {
+                               $mxhostrr = array($domain);
+                               $mxweight = array(0);
+                       } else if ( empty($mxhostrr) ) {
+                               $mxhostrr = array($domain);
+                               $mxweight = array(0);
+                       }
+
+                       $mxhostprio = array();
+                       for($i = 0; $i < count($mxhostrr); $i++) {
+                               $mx_host = trim($mxhostrr[$i], '.');
+                               $mx_prio = $mxweight[$i];
+                               if(empty($mxhostprio[$mx_prio])) {
+                                       $mxhostprio[$mx_prio] = array();
+                               }
+                               $mxhostprio[$mx_prio][] = $mx_host;
+                       }
+
+                       array_walk($mxhostprio, function(&$mx) { shuffle($mx); } );
+                       ksort($mxhostprio);
+
+                       $mxhosts = array();
+                       foreach($mxhostprio as $mx_prio => $mxhostnames) {
+                               foreach($mxhostnames as $mx_host) {
+                                       $mxhosts[] = $mx_host;
                                }
-                               list($pri, $mxhosts[]) = explode(" ", trim($row), 2);
                        }
-                       $mxhosts[] = $domain;
-                       array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } );
 
                        foreach($mxhosts as $key => $domain)
                        {
-                               $fp = @fsockopen($domain,25,$errno,$errstr,5);
+                               $fp_opt = array(
+                                       'ssl' => array(
+                                               'verify_peer'   => false,       // Opportunistic Encryption
+                                               )
+                                       );
+                               $fp_ctx = stream_context_create($fp_opt);
+                               $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
                                if($fp)
                                {
+                                       stream_set_blocking($fp, true);
+
+                                       $has_starttls = false;
 
-                                       $line = fgets($fp, 4096);
-                                        while(substr($line, 0, 4) == "220-")
-                                               $line = fgets($fp, 4096);
-                                       if(substr($line, 0, 3) != "220")
+                                       do {
+                                               $line = fgets($fp, 4096);
+                                       } while(substr($line, 0, 4) == "220-");
+                                       if(substr($line, 0, 3) != "220") {
+                                               fclose($fp);
                                                continue;
-                                       fputs($fp, "HELO www.cacert.org\r\n");
-                                       $line = fgets($fp, 4096);
-                                       while(substr($line, 0, 3) == "220")
+                                       }
+
+                                       fputs($fp, "EHLO www.cacert.org\r\n");
+                                       do {
                                                $line = fgets($fp, 4096);
-                                       if(substr($line, 0, 3) != "250")
+                                               $has_starttls |= substr(trim($line),4) == "STARTTLS";
+                                       } while(substr($line, 0, 4) == "250-");
+                                       if(substr($line, 0, 3) != "250") {
+                                               fclose($fp);
                                                continue;
-                                       fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
-                                       $line = fgets($fp, 4096);
+                                       }
+
+                                       if($has_starttls) {
+                                               fputs($fp, "STARTTLS\r\n");
+                                               do {
+                                                       $line = fgets($fp, 4096);
+                                               } while(substr($line, 0, 4) == "220-");
+                                               if(substr($line, 0, 3) != "220") {
+                                                       fclose($fp);
+                                                       continue;
+                                               }
+
+                                               stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+
+                                               fputs($fp, "EHLO www.cacert.org\r\n");
+                                               do {
+                                                       $line = fgets($fp, 4096);
+                                               } while(substr($line, 0, 4) == "250-");
+                                               if(substr($line, 0, 3) != "250") {
+                                                       fclose($fp);
+                                                       continue;
+                                               }
+                                       }
 
-                                       if(substr($line, 0, 3) != "250")
+                                       fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
+                                       do {
+                                               $line = fgets($fp, 4096);
+                                       } while(substr($line, 0, 4) == "250-");
+                                       if(substr($line, 0, 3) != "250") {
+                                               fclose($fp);
                                                continue;
+                                       }
+
                                        fputs($fp, "RCPT TO:<$email>\r\n");
-                                       $line = trim(fgets($fp, 4096));
+                                       do {
+                                               $line = fgets($fp, 4096);
+                                       } while(substr($line, 0, 4) == "250-");
+                                       if(substr($line, 0, 3) != "250") {
+                                               fclose($fp);
+                                               continue;
+                                       }
+
                                        fputs($fp, "QUIT\r\n");
                                        fclose($fp);
 
 
        function sanitizeHTML($input)
        {
-               return htmlentities(strip_tags($input), ENT_QUOTES);
+               return htmlentities(strip_tags($input), ENT_QUOTES, 'ISO-8859-1');
                //In case of problems, please use the following line again:
                //return htmlentities(strip_tags(utf8_decode($input)), ENT_QUOTES);
                //return htmlspecialchars(strip_tags($input));