From: <ki...@us...> - 2008-03-04 10:01:31
|
Revision: 12992 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12992&view=rev Author: kink Date: 2008-03-04 02:01:16 -0800 (Tue, 04 Mar 2008) Log Message: ----------- Backport improved message-ID generation code from DEVEL (less complex, reduces problems with any of the fields missing or containing message-ID-invalid data) Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-03-04 08:44:34 UTC (rev 12991) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-03-04 10:01:16 UTC (rev 12992) @@ -17,6 +17,7 @@ - Converted Norwegian Bokm\xE5l (nb_NO) to UTF-8. - Converted traditional Chinese (zh_TW) to UTF-8. - Avoid deprecation notices on get_magic_quotes_* functions. + - Improved Message-ID generation code. Version 1.4.13 - 14 December 2007 --------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php 2008-03-04 08:44:34 UTC (rev 12991) +++ branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php 2008-03-04 10:01:16 UTC (rev 12992) @@ -504,15 +504,15 @@ /* Create a message-id */ $message_id = 'MESSAGE ID GENERATION ERROR! PLEASE CONTACT SQUIRRELMAIL DEVELOPERS'; if (empty($rfc822_header->message_id)) { - $message_id = '<' . (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : ''); -//FIXME: if $REMOTE_ADDR is missing, should we skip this if/else block? or perhaps try to generate it with some different kind of info? - if (isset($encode_header_key) && trim($encode_header_key)!='') { - // use encrypted form of remote address - $message_id.= OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key)); - } else { - $message_id.= $REMOTE_ADDR; - } - $message_id .= '.' . time() . '.squirrel@' . $SERVER_NAME .'>'; + $message_id = '<'; + /* user-specifc data to decrease collision chance */ + $seed_data = $username . '.'; + $seed_data .= (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : ''); + $seed_data .= (!empty($REMOTE_ADDR) ? $REMOTE_ADDR . '.' : ''); + /* add the current time in milliseconds and randomness */ + $seed_data .= uniqid(mt_rand(),true); + /* put it through one-way hash and add it to the ID */ + $message_id .= md5($seed_data) . '.squirrel@' . $SERVER_NAME .'>'; } /* Make an RFC822 Received: line */ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |