Fix metrics

data/web/admin.php

@@ -24,6 +24,7 @@ $tfa_data = get_tfa();
     <li role="presentation"><a href="#tab-sogo-logs" aria-controls="tab-sogo-logs" role="tab" data-toggle="tab">SOGo</a></li>
     <li role="presentation"><a href="#tab-fail2ban-logs" aria-controls="tab-fail2ban-logs" role="tab" data-toggle="tab">Fail2ban</a></li>
     <li role="presentation"><a href="#tab-rspamd-history" aria-controls="tab-rspamd-history" role="tab" data-toggle="tab">Rspamd</a></li>
+    <li role="presentation"><a href="#tab-autodiscover-logs" aria-controls="tab-autodiscover-logs" role="tab" data-toggle="tab">Autodiscover</a></li>
     </ul>
     </li>
   </ul>
@@ -128,6 +129,7 @@ $tfa_data = get_tfa();
         <a href="#fwdhosts" class="list-group-item"><?=$lang['admin']['forwarding_hosts'];?></a>
         <a href="#f2bparams" class="list-group-item"><?=$lang['admin']['f2b_parameters'];?></a>
         <a href="#relayhosts" class="list-group-item">Relayhosts</a>
+        <a href="#customize" class="list-group-item"><?=$lang['admin']['customize'];?></a>
         <a href="#top" class="list-group-item" style="border-top:1px dashed #dadada">↸ <?=$lang['admin']['to_top'];?></a>
       </div>
     </div>
@@ -149,10 +151,10 @@ $tfa_data = get_tfa();
             <div class="row">
               <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$domain;?>" /></div>
               <div class="col-xs-2">
-                <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br />
-                  <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
-                  <span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span>
-                  <span class="label label-info"><?=$dkim['length'];?> bit</span>
+                <p>Domain: <strong><?=htmlspecialchars($domain);?></strong>
+                  <p><span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span></p>
+                  <p><span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span></p>
+                  <p><span class="label label-info"><?=$dkim['length'];?> bit</span></p>
                 </p>
               </div>
               <div class="col-xs-9">
@@ -179,10 +181,10 @@ $tfa_data = get_tfa();
               <div class="row">
               <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$alias_domain;?>" /></div>
                 <div class="col-xs-1 col-xs-offset-1">
-                  <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small>
-                    <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
-                    <span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span>
-                    <span class="label label-info"><?=$dkim['length'];?> bit</span>
+                  <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong></small>
+                    <p><span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span></p>
+                    <p><span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span></p>
+                    <p><span class="label label-info"><?=$dkim['length'];?> bit</span></p>
                 </p>
                 </div>
                 <div class="col-xs-9">
@@ -211,10 +213,10 @@ $tfa_data = get_tfa();
             <div class="row">
               <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$blind;?>" /></div>
               <div class="col-xs-2">
-                <p>Domain: <strong><?=htmlspecialchars($blind);?></strong><br />
-                  <span class="label label-warning"><?=$lang['admin']['dkim_key_unused'];?></span>
-                  <span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span>
-                  <span class="label label-info"><?=$dkim['length'];?> bit</span>
+                <p>Domain: <strong><?=htmlspecialchars($blind);?></strong>
+                  <p><span class="label label-warning"><?=$lang['admin']['dkim_key_unused'];?></span></p>
+                  <p><span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span></p>
+                  <p><span class="label label-info"><?=$dkim['length'];?> bit</span></p>
                 </p>
                 </div>
                 <div class="col-xs-9">
@@ -259,9 +261,7 @@ $tfa_data = get_tfa();
           </div>
           <div class="form-group">
             <label for="private_key_file"><?=$lang['admin']['private_key'];?>:</label>
-            <textarea class="form-control" rows="5" name="private_key_file" id="private_key_file" required placeholder="-----BEGIN RSA PRIVATE KEY-----
-XYZ
------END RSA PRIVATE KEY-----"></textarea>
+            <textarea class="form-control" rows="5" name="private_key_file" id="private_key_file" required placeholder="-----BEGIN RSA KEY-----"></textarea>
           </div>
           <button class="btn btn-default" id="add_item" data-id="dkim_import" data-api-url='add/dkim_import' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['import'];?></button>
         </form>
@@ -375,6 +375,82 @@ XYZ
         </form>
       </div>
     </div>
+
+    <span class="anchor" id="customize"></span>
+    <div class="panel panel-default">
+      <div class="panel-heading"><?=$lang['admin']['customize'];?></div>
+      <div class="panel-body">
+        <legend><?=$lang['admin']['change_logo'];?></legend>
+        <p class="help-block"><?=$lang['admin']['logo_info'];?></p>
+        <form class="form-inline" role="form" method="post" enctype="multipart/form-data">
+          <p>
+            <input type="file" name="main_logo" class="filestyle" data-buttonName="btn-default" data-buttonText="Select" accept="image/gif, image/jpeg, image/pjpeg, image/x-png, image/png, image/svg+xml">
+            <button name="submit_main_logo" type="submit" class="btn btn-success"><span class="glyphicon glyphicon-cloud-upload"></span> <?=$lang['admin']['upload'];?></button>
+          </p>
+        </form>
+        <?php
+        if ($main_logo = customize('get', 'main_logo')):
+          $specs = customize('get', 'main_logo_specs');
+        ?>
+        <div class="row">
+          <div class="col-sm-3">
+            <div class="thumbnail">
+              <img class="img-thumbnail" src="<?=$main_logo;?>" alt="mailcow logo">
+              <div class="caption">
+                <span class="label label-info"><?=$specs['geometry']['width'];?>x<?=$specs['geometry']['height'];?> px</span>
+                <span class="label label-info"><?=$specs['mimetype'];?></span>
+                <span class="label label-info"><?=$specs['fileSize'];?></span>
+              </div>
+            </div>
+            <hr>
+            <form class="form-inline" role="form" method="post">
+              <p><button name="reset_main_logo" type="submit" class="btn btn-xs btn-default"><?=$lang['admin']['reset_default'];?></button></p>
+            </form>
+          </div>
+        </div>
+        <?php
+        endif;
+        ?>
+        <legend><?=$lang['admin']['app_links'];?></legend>
+        <p class="help-block"><?=$lang['admin']['merged_vars_hint'];?></p>
+        <form class="form-inline" data-id="app_links" role="form" method="post">
+          <table class="table table-condensed" style="width:1%;white-space: nowrap;" id="app_link_table">
+            <tr>
+              <th><?=$lang['admin']['app_name'];?></th>
+              <th><?=$lang['admin']['link'];?></th>
+              <th>&nbsp;</th>
+            </tr>
+            <?php
+            $app_links = customize('get', 'app_links');
+            foreach ($app_links as $row) {
+              foreach ($row as $key => $val):
+            ?>
+            <tr>
+              <td><input class="input-sm form-control" data-id="app_links" type="text" name="app" required value="<?=$key;?>"></td>
+              <td><input class="input-sm form-control" data-id="app_links" type="text" name="href" required value="<?=$val;?>"></td>
+              <td><a href="#" role="button" class="btn btn-xs btn-default" type="button"><?=$lang['admin']['remove_row'];?></a></td>
+            </tr>
+            <?php 
+              endforeach;
+            }
+            foreach ($MAILCOW_APPS as $app):
+            ?>
+            <tr>
+              <td><input class="input-sm form-control" value="<?=htmlspecialchars($app['name']);?>" disabled></td>
+              <td><input class="input-sm form-control" value="<?=htmlspecialchars($app['link']);?>" disabled></td>
+              <td>&nbsp;</td>
+            </tr>
+            <?php
+            endforeach;
+            ?>
+          </table>
+          <div class="btn-group">
+            <button class="btn btn-success" id="edit_selected" data-item="admin" data-id="app_links" data-reload="no" data-api-url='edit/app_links' data-api-attr='{}' href="#"><?=$lang['admin']['save'];?></button>
+            <button class="btn btn-default" type="button" id="add_app_link_row"><?=$lang['admin']['add_row'];?></button>
+          </div> 
+        </form>
+      </div>
+    </div>
   </div>
   </div>
   </div>
@@ -469,6 +545,24 @@ XYZ
     </div>
   </div>
 
+  <div role="tabpanel" class="tab-pane" id="tab-autodiscover-logs">
+    <div class="panel panel-default">
+      <div class="panel-heading">Autodiscover
+        <div class="btn-group pull-right">
+          <a class="btn btn-xs btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['admin']['action'];?> <span class="caret"></span></a>
+          <ul class="dropdown-menu">
+            <li><a href="#" id="refresh_autodiscover_log"><?=$lang['admin']['refresh'];?></a></li>
+          </ul>
+        </div>
+      </div>
+      <div class="panel-body">
+        <div class="table-responsive">
+          <table class="table table-striped table-condensed" id="autodiscover_log"></table>
+        </div>
+      </div>
+    </div>
+  </div>
+
   </div>
 </div> <!-- /container -->
 <?php

data/web/api.php

@@ -0,0 +1,32 @@
+<?php
+set_time_limit (0);
+
+$address = '0.0.0.0';
+
+$port = 7777;
+$con = 1;
+$word = "";
+
+$sock = socket_create(AF_INET, SOCK_STREAM, 0);
+$bind = socket_bind($sock, $address, $port);
+
+socket_listen($sock);
+
+while ($con == 1)
+{
+    $client = socket_accept($sock);
+    $input = socket_read($client, 2024);
+
+    if ($input == 'exit') 
+    {
+        $close = socket_close($sock);
+        $con = 0;
+    }
+
+    if($con == 1)
+    {
+        $word .= $input;
+    }
+}
+
+echo $word;

data/web/autodiscover-json.php

@@ -0,0 +1,21 @@
+<?php
+require_once 'inc/vars.inc.php';
+require_once 'inc/functions.inc.php';
+$default_autodiscover_config = $autodiscover_config;
+if(file_exists('inc/vars.local.inc.php')) {
+  include_once 'inc/vars.local.inc.php';
+}
+$autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
+
+header('Content-type: application/json');
+if ($_GET['Protocol'] == 'ActiveSync') {
+  echo '{"Protocol":"ActiveSync","Url":"' . $autodiscover_config['activesync']['url'] . '"}';
+}
+elseif ($_GET['Protocol'] == 'AutodiscoverV1') {
+  echo '{"Protocol":"AutodiscoverV1","Url":"https://' . $_SERVER['HTTP_HOST'] . '/autodiscover/autodiscover.xml"}';
+}
+else {
+  http_response_code(400);
+  echo '{"ErrorCode":"InvalidProtocol","ErrorMessage":"The given protocol value \u0027' . $_GET['Protocol'] . '\u0027 is invalid. Supported values are \u0027ActiveSync,AutodiscoverV1\u0027"}';
+}
+?>

data/web/autodiscover.php

@@ -15,14 +15,13 @@ error_reporting(0);
 
 $data = trim(file_get_contents("php://input"));
 
-// Desktop client needs IMAP, unless it's Outlook 2013 or higher on Windows
-if (strpos($data, 'autodiscover/outlook/responseschema') !== false) { // desktop client
+if (strpos($data, 'autodiscover/outlook/responseschema') !== false) {
   $autodiscover_config['autodiscoverType'] = 'imap';
   if ($autodiscover_config['useEASforOutlook'] == 'yes' &&
     // Office for macOS does not support EAS
     strpos($_SERVER['HTTP_USER_AGENT'], 'Mac') === false &&
     // Outlook 2013 (version 15) or higher
-    preg_match('/(Outlook|Office).+1[5-9]\./', $_SERVER['HTTP_USER_AGENT'])
+    preg_match('/(Outlook|Office).+15\./', $_SERVER['HTTP_USER_AGENT'])
   ) {
     $autodiscover_config['autodiscoverType'] = 'activesync';
   }
@@ -39,7 +38,26 @@ $login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
 $login_role = check_login($login_user, $_SERVER['PHP_AUTH_PW']);
 
 if (!isset($_SERVER['PHP_AUTH_USER']) OR $login_role !== "user") {
-  header('WWW-Authenticate: Basic realm=""');
+  try {
+    $json = json_encode(
+      array(
+        "time" => time(),
+        "ua" => $_SERVER['HTTP_USER_AGENT'],
+        "user" => "none",
+        "service" => "Error: must be authenticated"
+      )
+    );
+    $redis->lPush('AUTODISCOVER_LOG', $json);
+    $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+  }
+  catch (RedisException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'Redis: '.$e
+    );
+    return false;
+  }
+  header('WWW-Authenticate: Basic realm="' . $_SERVER['HTTP_HOST'] . '"');
   header('HTTP/1.0 401 Unauthorized');
   exit(0);
 }
@@ -52,6 +70,25 @@ else {
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
 <?php
       if(!$data) {
+        try {
+          $json = json_encode(
+            array(
+              "time" => time(),
+              "ua" => $_SERVER['HTTP_USER_AGENT'],
+              "user" => $_SERVER['PHP_AUTH_USER'],
+              "service" => "Error: invalid or missing request data"
+            )
+          );
+          $redis->lPush('AUTODISCOVER_LOG', $json);
+          $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+        }
+        catch (RedisException $e) {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => 'Redis: '.$e
+          );
+          return false;
+        }
         list($usec, $sec) = explode(' ', microtime());
 ?>
   <Response>
@@ -82,12 +119,30 @@ else {
         die("Failed to determine name from SQL");
       }
       if (!empty($MailboxData['name'])) {
-        $displayname = utf8_encode($MailboxData['name']);
+        $displayname = $MailboxData['name'];
       }
       else {
         $displayname = $email;
       }
-
+      try {
+        $json = json_encode(
+          array(
+            "time" => time(),
+            "ua" => $_SERVER['HTTP_USER_AGENT'],
+            "user" => $_SERVER['PHP_AUTH_USER'],
+            "service" => $autodiscover_config['autodiscoverType']
+          )
+        );
+        $redis->lPush('AUTODISCOVER_LOG', $json);
+        $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+      }
+      catch (RedisException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'Redis: '.$e
+        );
+        return false;
+      }
       if ($autodiscover_config['autodiscoverType'] == 'imap') {
 ?>
   <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
@@ -121,13 +176,13 @@ else {
       </Protocol>
       <Protocol>
         <Type>CalDAV</Type>
-        <Server>https://<?=$autodiscover_config['caldav']['server'];?><?php if ($autodiscover_config['caldav']['port'] != 443) echo ':'.$autodiscover_config['caldav']['port']; ?>/SOGo/dav/<?=$email;?>/Calendar</Server>
+        <Server>https://<?=$autodiscover_config['caldav']['server'];?><?php if ($autodiscover_config['caldav']['port'] != 443) echo ':'.$autodiscover_config['caldav']['port']; ?>/SOGo/dav/<?=$email;?>/</Server>
         <DomainRequired>off</DomainRequired>
         <LoginName><?=$email;?></LoginName>
       </Protocol>
       <Protocol>
         <Type>CardDAV</Type>
-        <Server>https://<?=$autodiscover_config['carddav']['server'];?><?php if ($autodiscover_config['caldav']['port'] != 443) echo ':'.$autodiscover_config['carddav']['port']; ?>/SOGo/dav/<?=$email;?>/Contacts</Server>
+        <Server>https://<?=$autodiscover_config['carddav']['server'];?><?php if ($autodiscover_config['caldav']['port'] != 443) echo ':'.$autodiscover_config['carddav']['port']; ?>/SOGo/dav/<?=$email;?>/</Server>
         <DomainRequired>off</DomainRequired>
         <LoginName><?=$email;?></LoginName>
       </Protocol>

data/web/css/admin.css

@@ -53,3 +53,7 @@ body.modal-open {
   top: 65px;
   z-index: 1;
 }
+.thumbnail img {
+  min-height:100px;
+  height:100px;
+}

data/web/css/mailcow.css

@@ -83,6 +83,9 @@ body.modal-open {
   overflow: inherit;
   padding-right: inherit !important;
 }
+body {
+  font-size:11pt;
+}
 #mailcow-alert {
   position: fixed;
   bottom: 8px;
@@ -98,4 +101,13 @@ legend {
   -ms-user-select: none
   -o-user-select: none;
   user-select: none;
+}
+.navbar .navbar-brand {
+  padding-top: 5px;
+}
+.navbar .navbar-brand img {
+  height: 40px;
+}
+.mailcow-logo img {
+  max-width: 250px;
 }

data/web/edit.php

@@ -457,6 +457,23 @@ if (isset($_SESSION['mailcow_cc_role'])) {
               </select>
             </div>
           </div>
+<?php
+$mailbox_acl = get_acl($mailbox);
+?>
+          <div class="form-group">
+            <label class="control-label col-sm-2" for="sender_acl">ACL:</label>
+            <div class="col-sm-10">
+              <select multiple data-width="100%" style="width:100%" >
+                <?php
+                foreach ($mailbox_acl as $key => $val) {
+                ?>
+                <option value="<?=$key;?>" <?=($val == 1) ? 'selected' : null;?>><?=$lang['edit'][$key];?></option>
+                <?php
+                }
+                ?>
+              </select>
+            </div>
+          </div>
           <div class="form-group">
             <label class="control-label col-sm-2" for="password"><?=$lang['edit']['password'];?></label>
             <div class="col-sm-10">

data/web/inc/call_sogo_ctrl.php

@@ -5,36 +5,117 @@ if (!isset($_SESSION['mailcow_cc_role']) OR !in_array($_SESSION['mailcow_cc_role
 	echo "Not allowed." . PHP_EOL;
 	exit();
 }
-if ($_GET['ACTION'] == "start") {
-	$request = xmlrpc_encode_request("supervisor.startProcess", 'bootstrap-sogo', array('encoding'=>'utf-8'));
-	$context = stream_context_create(array('http' => array(
-	'method' => "POST",
-	'header' => "Content-Length: " . strlen($request),
-	'content' => $request
-	)));
-	$file = @file_get_contents("http://sogo:9191/RPC2", false, $context) or die("Cannot connect to $remote_server:$listener_port");
-	$response = xmlrpc_decode($file);
-	if (isset($response['faultString'])) {
-		echo '<b><span class="pull-right text-warning">' . $response['faultString'] . '</span></b>';
-	}
-  else {
-    echo '<b><span class="pull-right text-success">OK</span></b>';
+
+function docker($service_name, $action, $post_action = null, $post_fields = null) {
+  $curl = curl_init();
+  curl_setopt($curl, CURLOPT_HTTPHEADER,array( 'Content-Type: application/json' ));
+  switch($action) {
+    case 'get_id':
+      curl_setopt($curl, CURLOPT_URL, 'http://dockerapi:8080/containers/json');
+      curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+      curl_setopt($curl, CURLOPT_POST, 0);
+      $response = curl_exec($curl);
+      if ($response === false) {
+        $err = curl_error($curl);
+        curl_close($curl);
+        return $err;
+      }
+      else {
+        curl_close($curl);
+        $containers = json_decode($response, true);
+        if (!empty($containers)) {
+          foreach ($containers as $container) {
+            if ($container['Config']['Labels']['com.docker.compose.service'] == $service_name) {
+              return trim($container['Id']);
+            }
+          }
+        }
+      }
+      return false;
+    break;
+    case 'info':
+      $container_id = docker($service_name, 'get_id');
+      if (ctype_xdigit($container_id)) {
+        curl_setopt($curl, CURLOPT_URL, 'http://dockerapi:8080/containers/' . $container_id . '/json');
+        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($curl, CURLOPT_POST, 0);
+        $response = curl_exec($curl);
+        if ($response === false) {
+          $err = curl_error($curl);
+          curl_close($curl);
+          return $err;
+        }
+        else {
+          curl_close($curl);
+          if (empty($response)) {
+            return true;
+          }
+          else {
+            return json_decode($response, true);
+          }
+        }
+      }
+      else {
+        return false;
+      }
+    break;
+    case 'post':
+      if (!empty($post_action)) {
+        $container_id = docker($service_name, 'get_id');
+        if (ctype_xdigit($container_id) && ctype_alnum($post_action)) {
+          curl_setopt($curl, CURLOPT_URL, 'http://dockerapi:8080/containers/' . $container_id . '/' . $post_action);
+          curl_setopt($curl, CURLOPT_POST, 1);
+          if (!empty($post_fields)) {
+            curl_setopt( $curl, CURLOPT_POSTFIELDS, json_encode($post_fields));
+          }
+          curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+          $response = curl_exec($curl);
+          if ($response === false) {
+            $err = curl_error($curl);
+            curl_close($curl);
+            return $err;
+          }
+          else {
+            curl_close($curl);
+            if (empty($response)) {
+              return true;
+            }
+            else {
+              return $response;
+            }
+          }
+        }
+      }
+    break;
   }
 }
-elseif ($_GET['ACTION'] == "stop") {
-	$request = xmlrpc_encode_request("supervisor.stopProcess", 'bootstrap-sogo', array('encoding'=>'utf-8'));
-	$context = stream_context_create(array('http' => array(
-	'method' => "POST",
-	'header' => "Content-Length: " . strlen($request),
-	'content' => $request
-	)));
-	$file = @file_get_contents("http://sogo:9191/RPC2", false, $context) or die("Cannot connect to $remote_server:$listener_port");
-	$response = xmlrpc_decode($file);
-	if (isset($response['faultString'])) {
-		echo '<b><span class="pull-right text-warning">' . $response['faultString'] . '</span></b>';
-	}
-	else {
-      echo '<b><span class="pull-right text-success">OK</span></b>';
-	}
+
+if ($_GET['ACTION'] == "start") {
+  $retry = 0;
+  while (docker('sogo-mailcow', 'info')['State']['Running'] != 1 && $retry <= 3) {
+    $response = docker('sogo-mailcow', 'post', 'start');
+    $last_response = (trim($response) == "\"OK\"") ? '<b><span class="pull-right text-success">OK</span></b>' : '<b><span class="pull-right text-danger">Error: ' . $response . '</span></b>';
+    if (trim($response) == "\"OK\"") {
+      break;
+    }
+    usleep(1500000);
+    $retry++;
+  }
+  echo (!isset($last_response)) ? '<b><span class="pull-right text-warning">Already running</span></b>' : $last_response;
 }
+
+if ($_GET['ACTION'] == "stop") {
+  $retry = 0;
+  while (docker('sogo-mailcow', 'info')['State']['Running'] == 1 && $retry <= 3) {
+    $response = docker('sogo-mailcow', 'post', 'stop');
+    $last_response = (trim($response) == "\"OK\"") ? '<b><span class="pull-right text-success">OK</span></b>' : '<b><span class="pull-right text-danger">Error: ' . $response . '</span></b>';
+    if (trim($response) == "\"OK\"") {
+      break;
+    }
+    usleep(1500000);
+    $retry++;
+  }
+  echo (!isset($last_response)) ? '<b><span class="pull-right text-warning">Not running</span></b>' : $last_response;
+}
+
 ?>

data/web/inc/footer.inc.php

@@ -6,10 +6,14 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/modals/footer.php';
 <script src="/js/bootstrap-switch.min.js"></script>
 <script src="/js/bootstrap-slider.min.js"></script>
 <script src="/js/bootstrap-select.min.js"></script>
+<script src="/js/bootstrap-filestyle.min.js"></script>
 <script src="/js/notifications.min.js"></script>
 <script src="/js/u2f-api.js"></script>
 <script src="/js/api.js"></script>
 <script>
+$(window).scroll(function() {
+  sessionStorage.scrollTop = $(this).scrollTop();
+});
 // Select language and reopen active URL without POST
 function setLang(sel) {
   $.post( "<?= $_SERVER['REQUEST_URI']; ?>", {lang: sel} );
@@ -192,6 +196,9 @@ $(document).ready(function() {
 
   // CSRF
   $('<input type="hidden" value="<?= $_SESSION['CSRF']['TOKEN']; ?>">').attr('id', 'csrf_token').attr('name', 'csrf_token').appendTo('form');
+  if (sessionStorage.scrollTop != "undefined") {
+    $(window).scrollTop(sessionStorage.scrollTop);
+  }
 });
 </script>
 

data/web/inc/functions.autoconfiguration.inc.php

@@ -0,0 +1,119 @@
+<?php
+function autoconfiguration($_action, $_type, $_data = null) {
+	global $pdo;
+	global $lang;
+  switch ($_action) {
+    case 'edit':
+      if (!isset($_SESSION['acl']['eas_autoconfig']) || $_SESSION['acl']['eas_autoconfig'] != "1" ) {
+        $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+        );
+        return false;
+      }
+      switch ($_type) {
+        case 'autodiscover':
+          $objects = (array)$_data['object'];
+          foreach ($objects as $object) {
+            if (is_valid_domain_name($object) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
+              $exclude_regex = (isset($_data['exclude_regex'])) ? $_data['exclude_regex'] : null;
+              $exclude_regex = (isset($_data['exclude_regex'])) ? $_data['exclude_regex'] : null;
+              try {
+                $stmt = $pdo->prepare("SELECT COUNT(`domain`) AS `domain_c` FROM `autodiscover`
+                  WHERE `domain` = :domain");
+                $stmt->execute(array(':domain' => $object));
+                $num_results = $stmt->fetchColumn();
+                if ($num_results > 0) {
+                  $stmt = $pdo->prepare("SELECT COUNT(`domain`) AS `domain_c` FROM `autodiscover`
+                    WHERE `domain` = :domain");
+                }
+              }
+              catch(PDOException $e) {
+                $_SESSION['return'] = array(
+                  'type' => 'danger',
+                  'msg' => 'MySQL: '.$e
+                );
+                return false;
+              }
+            }
+            elseif (filter_var($object, FILTER_VALIDATE_EMAIL) === true && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
+
+            }
+          }
+          $_SESSION['return'] = array(
+            'type' => 'success',
+            'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars(implode(', ', $objects)))
+          );
+        break;
+      }
+    break;
+    case 'get':
+      switch ($_type) {
+        case 'autodiscover':
+          $autodiscover = array();
+            if (is_valid_domain_name($_data) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+              try {
+                $stmt = $pdo->prepare("SELECT * FROM `autodiscover`
+                  WHERE `domain` = :domain");
+                $stmt->execute(array(':domain' => $_data));
+                $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+                while($row = array_shift($rows)) {
+                  $autodiscover['mailbox'] = $row['mailbox'];
+                  $autodiscover['domain'] = $row['domain'];
+                  $autodiscover['service'] = $row['service'];
+                  $autodiscover['exclude_regex'] = $row['exclude_regex'];
+                  $autodiscover['created'] = $row['created'];
+                  $autodiscover['modified'] = $row['modified'];
+                }
+              }
+              catch(PDOException $e) {
+                $_SESSION['return'] = array(
+                  'type' => 'danger',
+                  'msg' => 'MySQL: '.$e
+                );
+                return false;
+              }
+            }
+            elseif (filter_var($_data, FILTER_VALIDATE_EMAIL) === true && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+              try {
+                $stmt = $pdo->prepare("SELECT * FROM `autodiscover`
+                  WHERE `mailbox` = :mailbox");
+                $stmt->execute(array(':mailbox' => $_data));
+                $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+                while($row = array_shift($rows)) {
+                  $autodiscover['mailbox'] = $row['mailbox'];
+                  $autodiscover['domain'] = $row['domain'];
+                  $autodiscover['service'] = $row['service'];
+                  $autodiscover['exclude_regex'] = $row['exclude_regex'];
+                  $autodiscover['created'] = $row['created'];
+                  $autodiscover['modified'] = $row['modified'];
+                }
+              }
+              catch(PDOException $e) {
+                $_SESSION['return'] = array(
+                  'type' => 'danger',
+                  'msg' => 'MySQL: '.$e
+                );
+                return false;
+              }
+            }
+          return $autodiscover;
+        break;
+      }
+    break;
+    case 'reset':
+      switch ($_type) {
+        case 'autodiscover':
+          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+            return false;
+          }
+        break;
+      }
+    break;
+  }
+}
+$miau = "Microsoft Office/15.0 (Windows NT 5.1; macOS Outlook 16.0.4734; Pro)";
+preg_match("/^((?!.*Mac|.*emClient).)*(Outlook|Office).+1[5-9].*/i", $miau, $output_array);
+if (empty($output_array)) {
+  echo "imap";
+}

data/web/inc/functions.customize.inc.php

@@ -0,0 +1,180 @@
+<?php
+
+function customize($_action, $_item, $_data = null) {
+	global $redis;
+	global $lang;
+  switch ($_action) {
+    case 'add':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['access_denied'])
+        );
+        return false;
+      }
+      switch ($_item) {
+        case 'main_logo':
+          if (in_array($_data['main_logo']['type'], array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png', 'image/svg+xml'))) {
+            try {
+              if (file_exists($_data['main_logo']['tmp_name']) !== true) {
+                $_SESSION['return'] = array(
+                  'type' => 'danger',
+                  'msg' => 'Cannot validate image file: Temporary file not found'
+                );
+                return false;
+              }
+              $image = new Imagick($_data['main_logo']['tmp_name']);
+              if ($image->valid() !== true) {
+                $_SESSION['return'] = array(
+                  'type' => 'danger',
+                  'msg' => 'Cannot validate image file'
+                );
+                return false;
+              }
+              $image->destroy();
+            }
+            catch (ImagickException $e) {
+              $image->destroy();
+              $_SESSION['return'] = array(
+                'type' => 'danger',
+                'msg' => 'Cannot validate image file'
+              );
+              return false;
+            }
+          }
+          else {
+            $_SESSION['return'] = array(
+              'type' => 'danger',
+              'msg' => 'Invalid mime type'
+            );
+            return false;
+          }
+          try {
+            $redis->Set('MAIN_LOGO', 'data:' . $_data['main_logo']['type'] . ';base64,' . base64_encode(file_get_contents($_data['main_logo']['tmp_name'])));
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'] = array(
+              'type' => 'danger',
+              'msg' => 'Redis: '.$e
+            );
+            return false;
+          }
+          $_SESSION['return'] = array(
+            'type' => 'success',
+            'msg' => 'File uploaded successfully'
+          );
+        break;
+      }
+    break;
+    case 'edit':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['access_denied'])
+        );
+        return false;
+      }
+      switch ($_item) {
+        case 'app_links':
+          $apps = (array)$_data['app'];
+          $links = (array)$_data['href'];
+          $out = array();
+          if (count($apps) == count($links)) {;
+            for ($i = 0; $i < count($apps); $i++) {
+              $out[] = array($apps[$i] => $links[$i]);
+            }
+            try {
+              $redis->set('APP_LINKS', json_encode($out));
+            }
+            catch (RedisException $e) {
+              $_SESSION['return'] = array(
+                'type' => 'danger',
+                'msg' => 'Redis: '.$e
+              );
+              return false;
+            }
+          }
+          $_SESSION['return'] = array(
+            'type' => 'success',
+            'msg' => 'Saved changes to app links'
+          );
+        break;
+      }
+    break;
+    case 'delete':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['access_denied'])
+        );
+        return false;
+      }
+      switch ($_item) {
+        case 'main_logo':
+          try {
+            if ($redis->del('MAIN_LOGO')) {
+              $_SESSION['return'] = array(
+                'type' => 'success',
+                'msg' => 'Reset default logo'
+              );
+              return true;
+            }
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'] = array(
+              'type' => 'danger',
+              'msg' => 'Redis: '.$e
+            );
+            return false;
+          }
+        break;
+      }
+    break;
+    case 'get':
+      switch ($_item) {
+        case 'app_links':
+          try {
+            $app_links = json_decode($redis->get('APP_LINKS'), true);
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'] = array(
+              'type' => 'danger',
+              'msg' => 'Redis: '.$e
+            );
+            return false;
+          }
+          return ($app_links) ? $app_links : false;
+        break;
+        case 'main_logo':
+          try {
+            return $redis->get('MAIN_LOGO');
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'] = array(
+              'type' => 'danger',
+              'msg' => 'Redis: '.$e
+            );
+            return false;
+          }
+        break;
+        case 'main_logo_specs':
+          try {
+            $image = new Imagick();
+            $img_data = explode('base64,', customize('get', 'main_logo'));
+            if ($img_data[1]) {
+              $image->readImageBlob(base64_decode($img_data[1]));
+            }
+            return $image->identifyImage();
+          }
+          catch (ImagickException $e) {
+            $_SESSION['return'] = array(
+              'type' => 'danger',
+              'msg' => 'Error: Imagick exception while reading image'
+            );
+            return false;
+          }
+        break;
+      }
+    break;
+  }
+}

data/web/inc/functions.inc.php

@@ -244,6 +244,23 @@ function set_acl() {
     return false;
   }
 }
+function get_acl($username) {
+	global $pdo;
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		return false;
+	}
+  $username = strtolower(trim($username));
+  $stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username");
+  $stmt->execute(array(':username' => $username));
+  $acl = $stmt->fetch(PDO::FETCH_ASSOC);
+  unset($acl['username']);
+  if (!empty($acl)) {
+    return $acl;
+  }
+  else {
+    return false;
+  }
+}
 function formatBytes($size, $precision = 2) {
 	if(!is_numeric($size)) {
 		return "0";
@@ -900,6 +917,14 @@ function get_logs($container, $lines = 100) {
       return $data_array;
     }
   }
+  if ($container == "autodiscover-mailcow") {
+    if ($data = $redis->lRange('AUTODISCOVER_LOG', 0, $lines)) {
+      foreach ($data as $json_line) {
+        $data_array[] = json_decode($json_line, true);
+      }
+      return $data_array;
+    }
+  }
   if ($container == "rspamd-history") {
     $curl = curl_init();
     curl_setopt($curl, CURLOPT_URL,"http://rspamd-mailcow:11334/history");

data/web/inc/functions.mailbox.inc.php

@@ -755,7 +755,7 @@ function mailbox($_action, $_type, $_data = null) {
               ':active' => $active
             ));
             $stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`)
-              VALUES (:username, '0', '0')");
+              VALUES (:username, '0', '0') ON DUPLICATE KEY UPDATE `bytes` = '0', `messages` = '0';");
             $stmt->execute(array(':username' => $username));
             $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`)
               VALUES (:username1, :username2, :domain, :active)");
@@ -1291,11 +1291,11 @@ function mailbox($_action, $_type, $_data = null) {
               $port1 = (!empty($_data['port1'])) ? $_data['port1'] : $is_now['port1'];
               $password1 = (!empty($_data['password1'])) ? $_data['password1'] : $is_now['password1'];
               $host1 = (!empty($_data['host1'])) ? $_data['host1'] : $is_now['host1'];
-              $subfolder2 = (!empty($_data['subfolder2'])) ? $_data['subfolder2'] : $is_now['subfolder2'];
+              $subfolder2 = (isset($_data['subfolder2'])) ? $_data['subfolder2'] : $is_now['subfolder2'];
               $enc1 = (!empty($_data['enc1'])) ? $_data['enc1'] : $is_now['enc1'];
               $mins_interval = (!empty($_data['mins_interval'])) ? $_data['mins_interval'] : $is_now['mins_interval'];
-              $exclude = (!empty($_data['exclude'])) ? $_data['exclude'] : $is_now['exclude'];
-              $maxage = (!empty($_data['maxage'])) ? $_data['maxage'] : $is_now['maxage'];
+              $exclude = (!empty($_data['exclude'])) ? $_data['exclude'] : '';
+              $maxage = (isset($_data['maxage']) && $_data['maxage'] != "") ? intval($_data['maxage']) : $is_now['maxage'];
             }
             else {
               $_SESSION['return'] = array(

data/web/inc/functions.policy.inc.php

@@ -32,7 +32,7 @@ function policy($_action, $_scope, $_data = null) {
             $object_list = "whitelist_from";
           }
           $object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($_data['object_from']))), '.'));
-          if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) {
+          if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {
             $_SESSION['return'] = array(
               'type' => 'danger',
               'msg' => sprintf($lang['danger']['policy_list_from_invalid'])
@@ -112,7 +112,7 @@ function policy($_action, $_scope, $_data = null) {
             $object_list = "whitelist_from";
           }
           $object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($_data['object_from']))), '.'));
-          if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) {
+          if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {
             $_SESSION['return'] = array(
               'type' => 'danger',
               'msg' => sprintf($lang['danger']['policy_list_from_invalid'])

data/web/inc/functions.relayhost.inc.php

@@ -27,7 +27,7 @@ function relayhost($_action, $_data = null) {
         $stmt->execute(array(
           ':hostname' => $hostname,
           ':username' => $username,
-          ':password' => $password,
+          ':password' => str_replace(':', '\:', $password),
           ':active' => '1'
         ));
       }

data/web/inc/header.inc.php

@@ -39,7 +39,7 @@
         <span class="icon-bar"></span>
         <span class="icon-bar"></span>
       </button>
-      <a class="navbar-brand" href="/"><img height="32" alt="mailcow-logo" style="margin-top: -5px;" src="/img/cow_mailcow.svg"></a>
+      <a class="navbar-brand" href="/"><img alt="mailcow-logo" src="<?=($main_logo = customize('get', 'main_logo')) ? $main_logo : '/img/cow_mailcow.svg';?>"></a>
     </div>
     <div id="navbar" class="navbar-collapse collapse">
       <ul class="nav navbar-nav navbar-right">
@@ -102,6 +102,14 @@
             <li title="<?= htmlspecialchars($app['description']); ?>"><a href="<?= htmlspecialchars($app['link']); ?>"><?= htmlspecialchars($app['name']); ?></a></li>
           <?php
           endforeach;
+          $app_links = customize('get', 'app_links');
+          foreach ($app_links as $row) {
+            foreach ($row as $key => $val):
+          ?>
+            <li><a href="<?= htmlspecialchars($val); ?>"><?= htmlspecialchars($key); ?></a></li>
+          <?php 
+            endforeach;
+          }
           ?>
           </ul>
         </li>

data/web/inc/init_db.inc.php

@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "15092017_0754";
+    $db_version = "25102017_0748";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); 
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -165,7 +165,6 @@ function init_db_schema() {
           "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "eas_autoconfig" => "TINYINT(1) NOT NULL DEFAULT '1'"
         ),
         "keys" => array(
           "fkey" => array(
@@ -498,6 +497,13 @@ function init_db_schema() {
       $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
       if ($num_results != 0) {
+        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
+          WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
+        $stmt->execute(array(':table' => $table));
+        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        while ($row = array_shift($rows)) {
+          $pdo->query($row['FKEY_DROP']);
+        }
         foreach($properties['cols'] as $column => $type) {
           $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'"); 
           $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -542,7 +548,7 @@ function init_db_schema() {
               $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
               $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
               if ($num_results != 0) {
-                $pdo->query("ALTER TABLE `" . $table . "` DROP FOREIGN KEY `" . $key_name . "`");
+                $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $key_name . "`");
               }
               @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
               $pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
@@ -582,12 +588,7 @@ function init_db_schema() {
         // Step 2: Drop all vanished indexes
         while ($row = array_shift($keys_in_table)) {
           if (!in_array($row['Key_name'], $keys_to_exist)) {
-            try {
-              $pdo->query("ALTER TABLE `" . $table . "` DROP FOREIGN KEY `" . $row['Key_name'] . "`");
-            }
-            finally {
-              $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
-            }
+            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
           }
         }
         // Step 3: Drop all vanished primary keys

data/web/inc/lib/composer.lock

@@ -8,19 +8,20 @@
     "packages": [
         {
             "name": "phpmailer/phpmailer",
-            "version": "v5.2.23",
+            "version": "v5.2.25",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHPMailer/PHPMailer.git",
-                "reference": "7115df4a6f76281109ebe352900c42403b728bb4"
+                "reference": "2baf20b01690fba8cf720c1ebcf9b988eda50915"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/7115df4a6f76281109ebe352900c42403b728bb4",
-                "reference": "7115df4a6f76281109ebe352900c42403b728bb4",
+                "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/2baf20b01690fba8cf720c1ebcf9b988eda50915",
+                "reference": "2baf20b01690fba8cf720c1ebcf9b988eda50915",
                 "shasum": ""
             },
             "require": {
+                "ext-ctype": "*",
                 "php": ">=5.0.0"
             },
             "require-dev": {
@@ -80,7 +81,7 @@
                 }
             ],
             "description": "PHPMailer is a full-featured email creation and transfer class for PHP",
-            "time": "2017-03-15T19:32:56+00:00"
+            "time": "2017-08-28T11:12:07+00:00"
         },
         {
             "name": "robthree/twofactorauth",

data/web/inc/lib/vendor/composer/installed.json

@@ -91,20 +91,21 @@
     },
     {
         "name": "phpmailer/phpmailer",
-        "version": "v5.2.23",
-        "version_normalized": "5.2.23.0",
+        "version": "v5.2.25",
+        "version_normalized": "5.2.25.0",
         "source": {
             "type": "git",
             "url": "https://github.com/PHPMailer/PHPMailer.git",
-            "reference": "7115df4a6f76281109ebe352900c42403b728bb4"
+            "reference": "2baf20b01690fba8cf720c1ebcf9b988eda50915"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/7115df4a6f76281109ebe352900c42403b728bb4",
-            "reference": "7115df4a6f76281109ebe352900c42403b728bb4",
+            "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/2baf20b01690fba8cf720c1ebcf9b988eda50915",
+            "reference": "2baf20b01690fba8cf720c1ebcf9b988eda50915",
             "shasum": ""
         },
         "require": {
+            "ext-ctype": "*",
             "php": ">=5.0.0"
         },
         "require-dev": {
@@ -130,7 +131,7 @@
         "suggest": {
             "league/oauth2-google": "Needed for Google XOAUTH2 authentication"
         },
-        "time": "2017-03-15T19:32:56+00:00",
+        "time": "2017-08-28T11:12:07+00:00",
         "type": "library",
         "installation-source": "dist",
         "autoload": {

data/web/inc/lib/vendor/phpmailer/phpmailer/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1 @@
+Non-security issues and pull requests are no longer being accepted for the legacy PHPMailer 5.2 branch. Migrate to PHPMailer 6.0 (or later) and report your issue there.

data/web/inc/lib/vendor/phpmailer/phpmailer/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1 @@
+Non-security issues and pull requests are no longer being accepted for the legacy PHPMailer 5.2 branch. Migrate to PHPMailer 6.0 (or later) and report your issue there.

data/web/inc/lib/vendor/phpmailer/phpmailer/VERSION

@@ -1 +1 @@
-5.2.23
+5.2.25

data/web/inc/lib/vendor/phpmailer/phpmailer/class.phpmailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.25';
 
     /**
      * Email priority.
@@ -440,9 +440,9 @@ class PHPMailer
      *
      * Parameters:
      *   boolean $result        result of the send action
-     *   string  $to            email address of the recipient
-     *   string  $cc            cc email addresses
-     *   string  $bcc           bcc email addresses
+     *   array   $to            email addresses of the recipients
+     *   array   $cc            cc email addresses
+     *   array   $bcc           bcc email addresses
      *   string  $subject       the subject
      *   string  $body          the email body
      *   string  $from          email address of sender
@@ -1622,8 +1622,13 @@ class PHPMailer
 
         foreach ($hosts as $hostentry) {
             $hostinfo = array();
-            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
+            if (!preg_match(
+                '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
+                trim($hostentry),
+                $hostinfo
+            )) {
                 // Not a valid host entry
+                $this->edebug('Ignoring invalid host: ' . $hostentry);
                 continue;
             }
             // $hostinfo[2]: optional ssl or tls prefix
@@ -1742,6 +1747,7 @@ class PHPMailer
             'dk' => 'da',
             'no' => 'nb',
             'se' => 'sv',
+            'sr' => 'rs'
         );
 
         if (isset($renamed_langcodes[$langcode])) {
@@ -2024,10 +2030,7 @@ class PHPMailer
     {
         $result = '';
 
-        if ($this->MessageDate == '') {
-            $this->MessageDate = self::rfcDate();
-        }
-        $result .= $this->headerLine('Date', $this->MessageDate);
+        $result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
 
         // To be created automatically by mail()
         if ($this->SingleTo) {
@@ -4033,7 +4036,7 @@ class phpmailerException extends Exception
      */
     public function errorMessage()
     {
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
+        $errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
         return $errorMsg;
     }
 }

data/web/inc/lib/vendor/phpmailer/phpmailer/class.pop3.php

@@ -34,7 +34,7 @@ class POP3
      * @var string
      * @access public
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.25';
 
     /**
      * Default POP3 port number.

data/web/inc/lib/vendor/phpmailer/phpmailer/class.smtp.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.23';
+    const VERSION = '5.2.25';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.25';
 
     /**
      * SMTP server port number.
@@ -151,9 +151,8 @@ class SMTP
     public $Timelimit = 300;
 
     /**
-     * @var array patterns to extract smtp transaction id from smtp reply
-     * Only first capture group will be use, use non-capturing group to deal with it
-     * Extend this class to override this property to fulfil your needs.
+     * @var array Patterns to extract an SMTP transaction id from reply to a DATA command.
+     * The first capture group in each regex will be used as the ID.
      */
     protected $smtp_transaction_id_patterns = array(
         'exim' => '/[0-9]{3} OK id=(.*)/',
@@ -161,6 +160,12 @@ class SMTP
         'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
     );
 
+    /**
+     * @var string The last transaction ID issued in response to a DATA command,
+     * if one was detected
+     */
+    protected $last_smtp_transaction_id;
+
     /**
      * The socket for the server connection.
      * @var resource
@@ -227,7 +232,7 @@ class SMTP
                 break;
             case 'html':
                 //Cleans up output a bit for a better looking, HTML-safe output
-                echo htmlentities(
+                echo gmdate('Y-m-d H:i:s') . ' ' . htmlentities(
                     preg_replace('/[\r\n]+/', '', $str),
                     ENT_QUOTES,
                     'UTF-8'
@@ -709,6 +714,7 @@ class SMTP
         $savetimelimit = $this->Timelimit;
         $this->Timelimit = $this->Timelimit * 2;
         $result = $this->sendCommand('DATA END', '.', 250);
+        $this->recordLastTransactionID();
         //Restore timelimit
         $this->Timelimit = $savetimelimit;
         return $result;
@@ -989,7 +995,10 @@ class SMTP
     public function client_send($data)
     {
         $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
-        return fwrite($this->smtp_conn, $data);
+        set_error_handler(array($this, 'errorHandler'));
+        $result = fwrite($this->smtp_conn, $data);
+        restore_error_handler();
+        return $result;
     }
 
     /**
@@ -1089,8 +1098,10 @@ class SMTP
             $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
             $this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
             $data .= $str;
-            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
-            if ((isset($str[3]) and $str[3] == ' ')) {
+            // If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
+            // or 4th character is a space, we are done reading, break the loop,
+            // string array access is a micro-optimisation over strlen
+            if (!isset($str[3]) or (isset($str[3]) and $str[3] == ' ')) {
                 break;
             }
             // Timed-out? Log and break
@@ -1226,26 +1237,40 @@ class SMTP
     }
 
     /**
-     * Will return the ID of the last smtp transaction based on a list of patterns provided
-     * in SMTP::$smtp_transaction_id_patterns.
+     * Extract and return the ID of the last SMTP transaction based on
+     * a list of patterns provided in SMTP::$smtp_transaction_id_patterns.
+     * Relies on the host providing the ID in response to a DATA command.
      * If no reply has been received yet, it will return null.
-     * If no pattern has been matched, it will return false.
+     * If no pattern was matched, it will return false.
      * @return bool|null|string
      */
-    public function getLastTransactionID()
+    protected function recordLastTransactionID()
     {
         $reply = $this->getLastReply();
 
         if (empty($reply)) {
-            return null;
-        }
-
-        foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
-            if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
-                return $matches[1];
+            $this->last_smtp_transaction_id = null;
+        } else {
+            $this->last_smtp_transaction_id = false;
+            foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+                if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+                    $this->last_smtp_transaction_id = $matches[1];
+                }
             }
         }
 
-        return false;
+        return $this->last_smtp_transaction_id;
+    }
+
+    /**
+     * Get the queue/transaction ID of the last SMTP transaction
+     * If no reply has been received yet, it will return null.
+     * If no pattern was matched, it will return false.
+     * @return bool|null|string
+     * @see recordLastTransactionID()
+     */
+    public function getLastTransactionID()
+    {
+        return $this->last_smtp_transaction_id;
     }
 }

data/web/inc/lib/vendor/phpmailer/phpmailer/composer.json

@@ -20,6 +20,7 @@
         }
     ],
     "require": {
+        "ext-ctype": "*",
         "php": ">=5.0.0"
     },
     "require-dev": {

data/web/inc/lib/vendor/phpmailer/phpmailer/examples/code_generator.phps

@@ -58,46 +58,53 @@ class phpmailerAppException extends phpmailerException
 $example_code .= "\n\nclass phpmailerAppException extends phpmailerException {}";
 $example_code .= "\n\ntry {";
 
+// Convert a string to its JavaScript representation.
+function JSString($s) {
+  static $from = array("\\", "/", "\n", "\t", "\r", "\b", "\f", '"');
+  static $to = array('\\\\', '\\/', '\\n', '\\t', '\\r', '\\b', '\\f', '\\"');
+  return is_null($s)? 'null': '"' . str_replace($from, $to, "$s") . '"';
+}
+
 try {
     if (isset($_POST["submit"]) && $_POST['submit'] == "Submit") {
-        $to = $_POST['To_Email'];
+        $to = $to_email;
         if (!PHPMailer::validateAddress($to)) {
             throw new phpmailerAppException("Email address " . $to . " is invalid -- aborting!");
         }
 
-        $example_code .= "\n\$to = '{$_POST['To_Email']}';";
+        $example_code .= "\n\$to = '" . addslashes($to_email) . "';";
         $example_code .= "\nif(!PHPMailer::validateAddress(\$to)) {";
         $example_code .= "\n  throw new phpmailerAppException(\"Email address \" . " .
             "\$to . \" is invalid -- aborting!\");";
         $example_code .= "\n}";
 
-        switch ($_POST['test_type']) {
+        switch ($test_type) {
             case 'smtp':
                 $mail->isSMTP(); // telling the class to use SMTP
-                $mail->SMTPDebug = (integer)$_POST['smtp_debug'];
-                $mail->Host = $_POST['smtp_server']; // SMTP server
-                $mail->Port = (integer)$_POST['smtp_port']; // set the SMTP port
-                if ($_POST['smtp_secure']) {
-                    $mail->SMTPSecure = strtolower($_POST['smtp_secure']);
+                $mail->SMTPDebug = (integer)$smtp_debug;
+                $mail->Host = $smtp_server; // SMTP server
+                $mail->Port = (integer)$smtp_port; // set the SMTP port
+                if ($smtp_secure) {
+                    $mail->SMTPSecure = strtolower($smtp_secure);
                 }
                 $mail->SMTPAuth = array_key_exists('smtp_authenticate', $_POST); // enable SMTP authentication?
                 if (array_key_exists('smtp_authenticate', $_POST)) {
-                    $mail->Username = $_POST['authenticate_username']; // SMTP account username
-                    $mail->Password = $_POST['authenticate_password']; // SMTP account password
+                    $mail->Username = $authenticate_username; // SMTP account username
+                    $mail->Password = $authenticate_password; // SMTP account password
                 }
 
                 $example_code .= "\n\$mail->isSMTP();";
-                $example_code .= "\n\$mail->SMTPDebug  = " . $_POST['smtp_debug'] . ";";
-                $example_code .= "\n\$mail->Host       = \"" . $_POST['smtp_server'] . "\";";
-                $example_code .= "\n\$mail->Port       = \"" . $_POST['smtp_port'] . "\";";
-                $example_code .= "\n\$mail->SMTPSecure = \"" . strtolower($_POST['smtp_secure']) . "\";";
+                $example_code .= "\n\$mail->SMTPDebug  = " . (integer) $smtp_debug . ";";
+                $example_code .= "\n\$mail->Host       = \"" . addslashes($smtp_server) . "\";";
+                $example_code .= "\n\$mail->Port       = \"" . addslashes($smtp_port) . "\";";
+                $example_code .= "\n\$mail->SMTPSecure = \"" . addslashes(strtolower($smtp_secure)) . "\";";
                 $example_code .= "\n\$mail->SMTPAuth   = " . (array_key_exists(
                     'smtp_authenticate',
                     $_POST
                 ) ? 'true' : 'false') . ";";
                 if (array_key_exists('smtp_authenticate', $_POST)) {
-                    $example_code .= "\n\$mail->Username   = \"" . $_POST['authenticate_username'] . "\";";
-                    $example_code .= "\n\$mail->Password   = \"" . $_POST['authenticate_password'] . "\";";
+                    $example_code .= "\n\$mail->Username   = \"" . addslashes($authenticate_username) . "\";";
+                    $example_code .= "\n\$mail->Password   = \"" . addslashes($authenticate_password) . "\";";
                 }
                 break;
             case 'mail':
@@ -118,59 +125,59 @@ try {
 
         try {
             if ($_POST['From_Name'] != '') {
-                $mail->addReplyTo($_POST['From_Email'], $_POST['From_Name']);
-                $mail->setFrom($_POST['From_Email'], $_POST['From_Name']);
+                $mail->addReplyTo($from_email, $from_name);
+                $mail->setFrom($from_email, $from_name);
 
                 $example_code .= "\n\$mail->addReplyTo(\"" .
-                    $_POST['From_Email'] . "\", \"" . $_POST['From_Name'] . "\");";
+                    addslashes($from_email) . "\", \"" . addslashes($from_name) . "\");";
                 $example_code .= "\n\$mail->setFrom(\"" .
-                    $_POST['From_Email'] . "\", \"" . $_POST['From_Name'] . "\");";
+                    addslashes($from_email) . "\", \"" . addslashes($from_name) . "\");";
             } else {
-                $mail->addReplyTo($_POST['From_Email']);
-                $mail->setFrom($_POST['From_Email'], $_POST['From_Email']);
+                $mail->addReplyTo($from_email);
+                $mail->setFrom($from_email, $from_email);
 
-                $example_code .= "\n\$mail->addReplyTo(\"" . $_POST['From_Email'] . "\");";
+                $example_code .= "\n\$mail->addReplyTo(\"" . addslashes($from_email) . "\");";
                 $example_code .= "\n\$mail->setFrom(\"" .
-                    $_POST['From_Email'] . "\", \"" . $_POST['From_Email'] . "\");";
+                    addslashes($from_email) . "\", \"" . addslashes($from_email) . "\");";
             }
 
             if ($_POST['To_Name'] != '') {
-                $mail->addAddress($to, $_POST['To_Name']);
-                $example_code .= "\n\$mail->addAddress(\"$to\", \"" . $_POST['To_Name'] . "\");";
+                $mail->addAddress($to, $to_name);
+                $example_code .= "\n\$mail->addAddress(\"$to\", \"" . addslashes($to_name) . "\");";
             } else {
                 $mail->addAddress($to);
                 $example_code .= "\n\$mail->addAddress(\"$to\");";
             }
 
             if ($_POST['bcc_Email'] != '') {
-                $indiBCC = explode(" ", $_POST['bcc_Email']);
+                $indiBCC = explode(" ", $bcc_email);
                 foreach ($indiBCC as $key => $value) {
                     $mail->addBCC($value);
-                    $example_code .= "\n\$mail->addBCC(\"$value\");";
+                    $example_code .= "\n\$mail->addBCC(\"" . addslashes($value) . "\");";
                 }
             }
 
             if ($_POST['cc_Email'] != '') {
-                $indiCC = explode(" ", $_POST['cc_Email']);
+                $indiCC = explode(" ", $cc_Email);
                 foreach ($indiCC as $key => $value) {
                     $mail->addCC($value);
-                    $example_code .= "\n\$mail->addCC(\"$value\");";
+                    $example_code .= "\n\$mail->addCC(\"" . addslashes($value) . "\");";
                 }
             }
         } catch (phpmailerException $e) { //Catch all kinds of bad addressing
             throw new phpmailerAppException($e->getMessage());
         }
-        $mail->Subject = $_POST['Subject'] . ' (PHPMailer test using ' . strtoupper($_POST['test_type']) . ')';
-        $example_code .= "\n\$mail->Subject  = \"" . $_POST['Subject'] .
-            ' (PHPMailer test using ' . strtoupper($_POST['test_type']) . ')";';
+        $mail->Subject = $subject . ' (PHPMailer test using ' . strtoupper($test_type) . ')';
+        $example_code .= "\n\$mail->Subject  = \"" . addslashes($subject) .
+            ' (PHPMailer test using ' . addslashes(strtoupper($test_type)) . ')";';
 
         if ($_POST['Message'] == '') {
             $body = file_get_contents('contents.html');
         } else {
-            $body = $_POST['Message'];
+            $body = $message;
         }
 
-        $example_code .= "\n\$body = <<<'EOT'\n" . htmlentities($body) . "\nEOT;";
+        $example_code .= "\n\$body = <<<'EOT'\n$body\nEOT;";
 
         $mail->WordWrap = 78; // set word wrap to the RFC2822 limit
         $mail->msgHTML($body, dirname(__FILE__), true); //Create message bodies and embed images
@@ -187,7 +194,7 @@ try {
         $example_code .= "\n\ntry {";
         $example_code .= "\n  \$mail->send();";
         $example_code .= "\n  \$results_messages[] = \"Message has been sent using " .
-            strtoupper($_POST['test_type']) . "\";";
+            addslashes(strtoupper($test_type)) . "\";";
         $example_code .= "\n}";
         $example_code .= "\ncatch (phpmailerException \$e) {";
         $example_code .= "\n  throw new phpmailerAppException('Unable to send to: ' . \$to. ': '.\$e->getMessage());";
@@ -195,7 +202,7 @@ try {
 
         try {
             $mail->send();
-            $results_messages[] = "Message has been sent using " . strtoupper($_POST["test_type"]);
+            $results_messages[] = "Message has been sent using " . strtoupper($test_type);
         } catch (phpmailerException $e) {
             throw new phpmailerAppException("Unable to send to: " . $to . ': ' . $e->getMessage());
         }
@@ -309,22 +316,22 @@ $example_code .= "\n}";
 
         function startAgain() {
             var post_params = {
-                "From_Name": "<?php echo $from_name; ?>",
-                "From_Email": "<?php echo $from_email; ?>",
-                "To_Name": "<?php echo $to_name; ?>",
-                "To_Email": "<?php echo $to_email; ?>",
-                "cc_Email": "<?php echo $cc_email; ?>",
-                "bcc_Email": "<?php echo $bcc_email; ?>",
-                "Subject": "<?php echo $subject; ?>",
-                "Message": "<?php echo $message; ?>",
-                "test_type": "<?php echo $test_type; ?>",
-                "smtp_debug": "<?php echo $smtp_debug; ?>",
-                "smtp_server": "<?php echo $smtp_server; ?>",
-                "smtp_port": "<?php echo $smtp_port; ?>",
-                "smtp_secure": "<?php echo $smtp_secure; ?>",
-                "smtp_authenticate": "<?php echo $smtp_authenticate; ?>",
-                "authenticate_username": "<?php echo $authenticate_username; ?>",
-                "authenticate_password": "<?php echo $authenticate_password; ?>"
+                "From_Name": <?php echo JSString($from_name); ?>,
+                "From_Email": <?php echo JSString($from_email); ?>,
+                "To_Name": <?php echo JSString($to_name); ?>,
+                "To_Email": <?php echo JSString($to_email); ?>,
+                "cc_Email": <?php echo JSString($cc_email); ?>,
+                "bcc_Email": <?php echo JSString($bcc_email); ?>,
+                "Subject": <?php echo JSString($subject); ?>,
+                "Message": <?php echo JSString($message); ?>,
+                "test_type": <?php echo JSString($test_type); ?>,
+                "smtp_debug": <?php echo JSString($smtp_debug); ?>,
+                "smtp_server": <?php echo JSString($smtp_server); ?>,
+                "smtp_port": <?php echo JSString($smtp_port); ?>,
+                "smtp_secure": <?php echo JSString($smtp_secure); ?>,
+                "smtp_authenticate": <?php echo JSString($smtp_authenticate); ?>,
+                "authenticate_username": <?php echo JSString($authenticate_username); ?>,
+                "authenticate_password": <?php echo JSString($authenticate_password); ?>
             };
 
             var resetForm = document.createElement("form");
@@ -374,7 +381,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
     echo "<button type=\"submit\" onclick=\"startAgain();\">Start Over</button><br>\n";
     echo "<br><span>Script:</span>\n";
     echo "<pre class=\"brush: php;\">\n";
-    echo $example_code;
+    echo htmlentities($example_code);
     echo "\n</pre>\n";
     echo "\n<hr style=\"margin: 3em;\">\n";
 }
@@ -390,7 +397,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="From_Name"><strong>From</strong> Name</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="From_Name" name="From_Name" value="<?php echo $from_name; ?>"
+                            <input type="text" id="From_Name" name="From_Name" value="<?php echo htmlentities($from_name); ?>"
                                    style="width:95%;" autofocus placeholder="Your Name">
                         </td>
                     </tr>
@@ -399,7 +406,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="From_Email"><strong>From</strong> Email Address</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="From_Email" name="From_Email" value="<?php echo $from_email; ?>"
+                            <input type="text" id="From_Email" name="From_Email" value="<?php echo htmlentities($from_email); ?>"
                                    style="width:95%;" required placeholder="Your.Email@example.com">
                         </td>
                     </tr>
@@ -408,7 +415,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="To_Name"><strong>To</strong> Name</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="To_Name" name="To_Name" value="<?php echo $to_name; ?>"
+                            <input type="text" id="To_Name" name="To_Name" value="<?php echo htmlentities($to_name); ?>"
                                    style="width:95%;" placeholder="Recipient's Name">
                         </td>
                     </tr>
@@ -417,7 +424,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="To_Email"><strong>To</strong> Email Address</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="To_Email" name="To_Email" value="<?php echo $to_email; ?>"
+                            <input type="text" id="To_Email" name="To_Email" value="<?php echo htmlentities($to_email); ?>"
                                    style="width:95%;" required placeholder="Recipients.Email@example.com">
                         </td>
                     </tr>
@@ -428,7 +435,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             </label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="cc_Email" name="cc_Email" value="<?php echo $cc_email; ?>"
+                            <input type="text" id="cc_Email" name="cc_Email" value="<?php echo htmlentities($cc_email); ?>"
                                    style="width:95%;" placeholder="cc1@example.com, cc2@example.com">
                         </td>
                     </tr>
@@ -439,7 +446,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             </label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="bcc_Email" name="bcc_Email" value="<?php echo $bcc_email; ?>"
+                            <input type="text" id="bcc_Email" name="bcc_Email" value="<?php echo htmlentities($bcc_email); ?>"
                                    style="width:95%;" placeholder="bcc1@example.com, bcc2@example.com">
                         </td>
                     </tr>
@@ -448,7 +455,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="Subject"><strong>Subject</strong></label>
                         </td>
                         <td class="colrite">
-                            <input type="text" name="Subject" id="Subject" value="<?php echo $subject; ?>"
+                            <input type="text" name="Subject" id="Subject" value="<?php echo htmlentities($subject); ?>"
                                    style="width:95%;" placeholder="Email Subject">
                         </td>
                     </tr>
@@ -460,7 +467,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                         </td>
                         <td class="colrite">
                             <textarea name="Message" id="Message" style="width:95%;height:5em;"
-                                      placeholder="Body of your email"><?php echo $message; ?></textarea>
+                                      placeholder="Body of your email"><?php echo htmlentities($message); ?></textarea>
                         </td>
                     </tr>
                 </table>
@@ -531,7 +538,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <td class="colleft"><label for="smtp_server">SMTP Server</label></td>
                             <td class="colrite">
                                 <input type="text" id="smtp_server" name="smtp_server"
-                                       value="<?php echo $smtp_server; ?>" style="width:95%;"
+                                       value="<?php echo htmlentities($smtp_server); ?>" style="width:95%;"
                                        placeholder="smtp.server.com">
                             </td>
                         </tr>
@@ -539,7 +546,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <td class="colleft" style="width: 5em;"><label for="smtp_port">SMTP Port</label></td>
                             <td class="colrite">
                                 <input type="text" name="smtp_port" id="smtp_port" size="3"
-                                       value="<?php echo $smtp_port; ?>" placeholder="Port">
+                                       value="<?php echo htmlentities($smtp_port); ?>" placeholder="Port">
                             </td>
                         </tr>
                         <tr>
@@ -560,14 +567,14 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
 <?php if ($smtp_authenticate != '') {
     echo "checked";
 } ?>
-                                       value="<?php echo $smtp_authenticate; ?>">
+                                       value="true">
                             </td>
                         </tr>
                         <tr>
                             <td class="colleft"><label for="authenticate_username">Authenticate Username</label></td>
                             <td class="colrite">
                                 <input type="text" id="authenticate_username" name="authenticate_username"
-                                       value="<?php echo $authenticate_username; ?>" style="width:95%;"
+                                       value="<?php echo htmlentities($authenticate_username); ?>" style="width:95%;"
                                        placeholder="SMTP Server Username">
                             </td>
                         </tr>
@@ -575,7 +582,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <td class="colleft"><label for="authenticate_password">Authenticate Password</label></td>
                             <td class="colrite">
                                 <input type="password" name="authenticate_password" id="authenticate_password"
-                                       value="<?php echo $authenticate_password; ?>" style="width:95%;"
+                                       value="<?php echo htmlentities($authenticate_password); ?>" style="width:95%;"
                                        placeholder="SMTP Server Password">
                             </td>
                         </tr>

data/web/inc/lib/vendor/phpmailer/phpmailer/examples/gmail.phps

@@ -1,6 +1,7 @@
 <?php
 /**
  * This example shows settings to use when sending via Google's Gmail servers.
+ * The IMAP section shows how to save this message to the 'Sent Mail' folder using IMAP commands.
  */
 
 //SMTP needs accurate times, and the PHP time zone MUST be set
@@ -72,4 +73,27 @@ if (!$mail->send()) {
     echo "Mailer Error: " . $mail->ErrorInfo;
 } else {
     echo "Message sent!";
+    //Section 2: IMAP
+    //Uncomment these to save your message in the 'Sent Mail' folder.
+    #if (save_mail($mail)) {
+    #    echo "Message saved!";
+    #}
+}
+
+//Section 2: IMAP
+//IMAP commands requires the PHP IMAP Extension, found at: https://php.net/manual/en/imap.setup.php
+//Function to call which uses the PHP imap_*() functions to save messages: https://php.net/manual/en/book.imap.php
+//You can use imap_getmailboxes($imapStream, '/imap/ssl') to get a list of available folders or labels, this can
+//be useful if you are trying to get this working on a non-Gmail IMAP server.
+function save_mail($mail) {
+    //You can change 'Sent Mail' to any other folder or tag
+    $path = "{imap.gmail.com:993/imap/ssl}[Gmail]/Sent Mail";
+
+    //Tell your server to open an IMAP connection using the same username and password as you used for SMTP
+    $imapStream = imap_open($path, $mail->Username, $mail->Password);
+
+    $result = imap_append($imapStream, $path, $mail->getSentMIMEMessage());
+    imap_close($imapStream);
+
+    return $result;
 }

data/web/inc/lib/vendor/phpmailer/phpmailer/examples/gmail_xoauth.phps

@@ -43,8 +43,8 @@ $mail->SMTPAuth = true;
 //Set AuthType
 $mail->AuthType = 'XOAUTH2';
 
-//User Email to use for SMTP authentication - Use the same Email used in Google Developer Console
-$mail->oauthUserEmail = "someone@gmail.com";
+//User Email to use for SMTP authentication - user who gave consent to our app
+$mail->oauthUserEmail = "from@gmail.com";
 
 //Obtained From Google Developer Console
 $mail->oauthClientId = "RANDOMCHARS-----duv1n2.apps.googleusercontent.com";

data/web/inc/lib/vendor/phpmailer/phpmailer/extras/README.md

@@ -1,17 +1,17 @@
-#PHPMailer Extras
+# PHPMailer Extras
 
 These classes provide optional additional functions to PHPMailer.
 
 These are not loaded by the PHPMailer autoloader, so in some cases you may need to `require` them yourself before using them.
 
-##EasyPeasyICS
+## EasyPeasyICS
 
 This class was originally written by Manuel Reinhard and provides a simple means of generating ICS/vCal files that are used in sending calendar events. PHPMailer does not use it directly, but you can use it to generate content appropriate for placing in the `Ical` property of PHPMailer. The PHPMailer project is now its official home as Manuel has given permission for that and is no longer maintaining it himself.
 
-##htmlfilter
+## htmlfilter
 
 This class by Konstantin Riabitsev and Jim Jagielski implements HTML filtering to remove potentially malicious tags, such as `<script>` or `onclick=` attributes that can result in XSS attacks. This is a simple filter and is not as comprehensive as [HTMLawed](http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/) or [HTMLPurifier](http://htmlpurifier.org), but it's easier to use and considerably better than nothing! PHPMailer does not use it directly, but you may want to apply it to user-supplied HTML before using it as a message body.
 
-##NTLM_SASL_client
+## NTLM_SASL_client
 
 This class by Manuel Lemos (bundled with permission) adds the ability to authenticate with Microsoft Windows mail servers that use NTLM-based authentication. It is used by PHPMailer if you send via SMTP and set the `AuthType` property to `NTLM`; you will also need to use the `Realm` and `Workstation` properties. The original source is [here](http://www.phpclasses.org/browse/file/7495.html).

data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-ba.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Bosnian PHPMailer language file: refer to English translation for definitive list
+ * @package PHPMailer
+ * @author Ermin Islamagić <ermin@islamagic.com>
+ */
+
+$PHPMAILER_LANG['authenticate']         = 'SMTP Greška: Neuspjela prijava.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP Greška: Ne moguće se spojiti sa SMTP serverom.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Greška: Podatci nisu prihvaćeni.';
+$PHPMAILER_LANG['empty_message']        = 'Sadržaj poruke je prazan.';
+$PHPMAILER_LANG['encoding']             = 'Nepoznata kriptografija: ';
+$PHPMAILER_LANG['execute']              = 'Nije moguće izvršiti naredbu: ';
+$PHPMAILER_LANG['file_access']          = 'Nije moguće pristupiti datoteci: ';
+$PHPMAILER_LANG['file_open']            = 'Nije moguće otvoriti datoteku: ';
+$PHPMAILER_LANG['from_failed']          = 'SMTP Greška: Slanje sa navedenih e-mail adresa nije uspjelo: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Greška: Slanje na navedene e-mail adrese nije uspjelo: ';
+$PHPMAILER_LANG['instantiate']          = 'Ne mogu pokrenuti mail funkcionalnost.';
+$PHPMAILER_LANG['invalid_address']      = 'E-mail nije poslan. Neispravna e-mail adresa: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' mailer nije podržan.';
+$PHPMAILER_LANG['provide_address']      = 'Definišite barem jednu adresu primaoca.';
+$PHPMAILER_LANG['signing']              = 'Greška prilikom prijave: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Spajanje na SMTP server nije uspjelo.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP greška: ';
+$PHPMAILER_LANG['variable_set']         = 'Nije moguće postaviti varijablu ili je vratiti nazad: ';
+$PHPMAILER_LANG['extension_missing']    = 'Nedostaje ekstenzija: ';

data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-nb.php

@@ -1,25 +1,25 @@
 <?php
 /**
- * Norwegian PHPMailer language file: refer to English translation for definitive list
+ * Norwegian Bokmål PHPMailer language file: refer to English translation for definitive list
  * @package PHPMailer
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Feil: Kunne ikke autentisere.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP Feil: Kunne ikke koble til SMTP tjener.';
-$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Data ble ikke akseptert.';
-$PHPMAILER_LANG['empty_message']        = 'Meldingsinnholdet er tomt';
-$PHPMAILER_LANG['encoding']             = 'Ukjent tegnkoding: ';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Datainnhold ikke akseptert.';
+$PHPMAILER_LANG['empty_message']        = 'Melding kropp tomt';
+$PHPMAILER_LANG['encoding']             = 'Ukjent koding: ';
 $PHPMAILER_LANG['execute']              = 'Kunne ikke utføre: ';
 $PHPMAILER_LANG['file_access']          = 'Får ikke tilgang til filen: ';
-$PHPMAILER_LANG['file_open']            = 'Fil feil: Kunne ikke åpne filen: ';
-$PHPMAILER_LANG['from_failed']          = 'Følgende avsenderadresse feilet: ';
-$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere mailfunksjonen.';
-$PHPMAILER_LANG['invalid_address']      = 'Meldingen ble ikke sendt, følgende adresse er ugyldig: ';
-$PHPMAILER_LANG['provide_address']      = 'Du må angi minst en mottakeradresse.';
-$PHPMAILER_LANG['mailer_not_supported'] = ' mailer er ikke supportert.';
-$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottagere feilet: ';
-$PHPMAILER_LANG['signing']              = 'Signeringsfeil: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() feilet.';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfeil: ';
-$PHPMAILER_LANG['variable_set']         = 'Kan ikke sette eller resette variabelen: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['file_open']            = 'Fil Feil: Kunne ikke åpne filen: ';
+$PHPMAILER_LANG['from_failed']          = 'Følgende Frå adresse feilet: ';
+$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere post funksjon.';
+$PHPMAILER_LANG['invalid_address']      = 'Ugyldig adresse: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' sender er ikke støttet.';
+$PHPMAILER_LANG['provide_address']      = 'Du må opppgi minst en mottakeradresse.';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottakeradresse feilet: ';
+$PHPMAILER_LANG['signing']              = 'Signering Feil: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() feilet.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP server feil: ';
+$PHPMAILER_LANG['variable_set']         = 'Kan ikke skrive eller omskrive variabel: ';
+$PHPMAILER_LANG['extension_missing']    = 'Utvidelse mangler: ';

data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-pt_br.php

@@ -5,6 +5,7 @@
  * @author Paulo Henrique Garcia <paulo@controllerweb.com.br>
  * @author Lucas Guimarães <lucas@lucasguimaraes.com>
  * @author Phelipe Alves <phelipealvesdesouza@gmail.com>
+ * @author Fabio Beneditto <fabiobeneditto@gmail.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'Erro de SMTP: Não foi possível autenticar.';
@@ -15,7 +16,7 @@ $PHPMAILER_LANG['encoding']             = 'Codificação desconhecida: ';
 $PHPMAILER_LANG['execute']              = 'Não foi possível executar: ';
 $PHPMAILER_LANG['file_access']          = 'Não foi possível acessar o arquivo: ';
 $PHPMAILER_LANG['file_open']            = 'Erro de Arquivo: Não foi possível abrir o arquivo: ';
-$PHPMAILER_LANG['from_failed']          = 'Os seguintes remententes falharam: ';
+$PHPMAILER_LANG['from_failed']          = 'Os seguintes remetentes falharam: ';
 $PHPMAILER_LANG['instantiate']          = 'Não foi possível instanciar a função mail.';
 $PHPMAILER_LANG['invalid_address']      = 'Endereço de e-mail inválido: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer não é suportado.';

data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-rs.php

@@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing']              = 'Грешка приликом при
 $PHPMAILER_LANG['smtp_connect_failed']  = 'Повезивање са SMTP сервером није успело.';
 $PHPMAILER_LANG['smtp_error']           = 'Грешка SMTP сервера: ';
 $PHPMAILER_LANG['variable_set']         = 'Није могуће задати променљиву, нити је вратити уназад: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Недостаје проширење: ';

data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-tr.php

@@ -6,6 +6,7 @@
  * @author Can Yılmaz
  * @author Mehmet Benlioğlu
  * @author @yasinaydin
+ * @author Ogün Karakuş
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Hatası: Oturum açılamadı.';
@@ -26,4 +27,4 @@ $PHPMAILER_LANG['signing']              = 'İmzalama hatası: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() fonksiyonu başarısız.';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP sunucu hatası: ';
 $PHPMAILER_LANG['variable_set']         = 'Değişken ayarlanamadı ya da sıfırlanamadı: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Eklenti bulunamadı: ';

data/web/inc/lib/vendor/phpmailer/phpmailer/language/phpmailer.lang-zh_cn.php

@@ -4,13 +4,14 @@
  * @package PHPMailer
  * @author liqwei <liqwei@liqwei.com>
  * @author young <masxy@foxmail.com>
+ * @author Teddysun <i@teddysun.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP 错误：登录失败。';
 $PHPMAILER_LANG['connect_host']         = 'SMTP 错误：无法连接到 SMTP 主机。';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP 错误：数据不被接受。';
 $PHPMAILER_LANG['empty_message']        = '邮件正文为空。';
-$PHPMAILER_LANG['encoding']             = '未知编码: ';
+$PHPMAILER_LANG['encoding']             = '未知编码：';
 $PHPMAILER_LANG['execute']              = '无法执行：';
 $PHPMAILER_LANG['file_access']          = '无法访问文件：';
 $PHPMAILER_LANG['file_open']            = '文件错误：无法打开文件：';
@@ -22,6 +23,6 @@ $PHPMAILER_LANG['provide_address']      = '必须提供至少一个收件人地
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP 错误：收件人地址错误：';
 $PHPMAILER_LANG['signing']              = '登录失败：';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP服务器连接失败。';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错: ';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错：';
 $PHPMAILER_LANG['variable_set']         = '无法设置或重置变量：';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = '丢失模块 Extension：';

data/web/inc/prerequisites.inc.php

@@ -63,6 +63,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/lang/lang.en.php';
 include $_SERVER['DOCUMENT_ROOT'] . '/lang/lang.'.$_SESSION['mailcow_locale'].'.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.customize.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.domain_admin.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.policy.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.dkim.inc.php';

data/web/inc/sessions.inc.php

@@ -53,6 +53,7 @@ if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
     'msg' => 'Form token invalid or timed out'
   );
   $_POST = array();
+  $_FILES = array();
 }
 
 // Handle logouts

data/web/inc/triggers.inc.php

@@ -63,4 +63,14 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 		unset_tfa_key($_POST);
 	}
 }
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
+	if (isset($_POST["submit_main_logo"])) {
+    if ($_FILES['main_logo']['error'] == 0) {
+      customize('add', 'main_logo', $_FILES);
+    }
+	}
+	if (isset($_POST["reset_main_logo"])) {
+    customize('delete', 'main_logo');
+	}
+}
 ?>

data/web/inc/vars.inc.php

@@ -30,10 +30,12 @@ if ($https_port === FALSE) {
 //$https_port = 1234;
 // Other settings =>
 $autodiscover_config = array(
-  // Enable the autodiscover service for Outlook desktop clients
-  'useEASforOutlook' => 'yes',
   // General autodiscover service type: "activesync" or "imap"
+  // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync.
   'autodiscoverType' => 'activesync',
+  // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows)
+  // Outlook for Mac does not support ActiveSync
+  'useEASforOutlook' => 'yes',
   // Please don't use STARTTLS-enabled service ports in the "port" variable.
   // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services).
   // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable.

data/web/index.php

@@ -23,7 +23,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
       <div class="panel panel-default">
         <div class="panel-heading"><span class="glyphicon glyphicon-user" aria-hidden="true"></span> <?= $lang['login']['login']; ?></div>
         <div class="panel-body">
-          <div class="text-center"><img style="max-width: 250px;" src="/img/cow_mailcow.svg" alt="mailcow"></div>
+          <div class="text-center mailcow-logo"><img src="<?=($main_logo = customize('get', 'main_logo')) ? $main_logo : '/img/cow_mailcow.svg';?>" alt="mailcow"></div>
           <legend>mailcow UI</legend>
             <form method="post" autofill="off">
             <div class="form-group">
@@ -72,6 +72,14 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
             <a href="<?= htmlspecialchars($app['link']); ?>" role="button" title="<?= htmlspecialchars($app['description']); ?>" class="btn btn-lg btn-default"><?= htmlspecialchars($app['name']); ?></a>&nbsp;
           <?php
           endforeach;
+          $app_links = customize('get', 'app_links');
+          foreach ($app_links as $row) {
+            foreach ($row as $key => $val):
+          ?>
+            <a href="<?= htmlspecialchars($val); ?>" role="button" class="btn btn-lg btn-default"><?= htmlspecialchars($key); ?></a>&nbsp;
+          <?php 
+            endforeach;
+          }
           ?>
         </div>
       </div>

data/web/js/admin.js

@@ -90,7 +90,7 @@ var Base64 = {
         return t
     }
 }
-
+  
 jQuery(function($){
   // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
   var entityMap = {
@@ -124,6 +124,10 @@ jQuery(function($){
     e.preventDefault();
     draw_postfix_logs();
   });
+  $("#refresh_autodiscover_log").on('click', function(e) {
+    e.preventDefault();
+    draw_autodiscover_logs();
+  });
   $("#refresh_dovecot_log").on('click', function(e) {
     e.preventDefault();
     draw_dovecot_logs();
@@ -192,6 +196,52 @@ jQuery(function($){
       }
     });
   }
+  function draw_autodiscover_logs() {
+    ft_autodiscover_logs = FooTable.init('#autodiscover_log', {
+      "columns": [
+        {"name":"time","formatter":function unix_time_format(tm) { var date = new Date(tm ? tm * 1000 : 0); return date.toLocaleString();},"title":lang.time,"style":{"width":"170px"}},
+        {"name":"ua","title":"User-Agent","style":{"min-width":"200px"}},
+        {"name":"user","title":"Username","style":{"min-width":"200px"}},
+        {"name":"service","title":"Service"},
+      ],
+      "rows": $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/logs/autodiscover/100',
+        jsonp: false,
+        error: function () {
+          console.log('Cannot draw autodiscover log table');
+        },
+        success: function (data) {
+          $.each(data, function (i, item) {
+            item.ua = '<span style="font-size:small">' + item.ua + '</span>';
+            if (item.service == "activesync") {
+              item.service = '<span class="label label-info">ActiveSync</span>';
+            }
+            else if (item.service == "imap") {
+              item.service = '<span class="label label-success">IMAP, SMTP, Cal-/CardDAV</span>';
+            }
+            else {
+              item.service = '<span class="label label-danger">' + item.service + '</span>';
+            }
+          });
+        }
+      }),
+      "empty": lang.empty,
+      "paging": {
+        "enabled": true,
+        "limit": 5,
+        "size": log_pagination_size
+      },
+      "filtering": {
+        "enabled": true,
+        "position": "left",
+        "placeholder": lang.filter_table
+      },
+      "sorting": {
+        "enabled": true
+      }
+    });
+  }
   function draw_fail2ban_logs() {
     ft_fail2ban_logs = FooTable.init('#fail2ban_log', {
       "columns": [
@@ -637,6 +687,7 @@ jQuery(function($){
     });
   }
   draw_postfix_logs();
+  draw_autodiscover_logs();
   draw_dovecot_logs();
   draw_sogo_logs();
   draw_fail2ban_logs();
@@ -679,6 +730,24 @@ jQuery(function($){
         }
     });
   })
+
+  function add_table_row(table_id) {
+    var row = $('<tr />');
+    cols = '<td><input class="input-sm form-control" data-id="app_links" type="text" name="app" required></td>';
+    cols += '<td><input class="input-sm form-control" data-id="app_links" type="text" name="href" required></td>';
+    cols += '<td><a href="#" role="button" class="btn btn-xs btn-default" type="button">Remove row</a></td>';
+    row.append(cols);
+    table_id.append(row);
+  }
+
+  $('#app_link_table').on('click', 'tr a', function (e) {
+    e.preventDefault();
+    $(this).parents('tr').remove();
+  });
+
+  $('#add_app_link_row').click(function() {
+      add_table_row($('#app_link_table'));
+  });
 });
 
 $(window).load(function(){

data/web/js/api.js

@@ -14,7 +14,7 @@ $(document).ready(function() {
     });
     return o;
   };
-  // Collect values of input fields with name "multi_select" an same data-id to js array multi_data[data-id]
+  // Collect values of input fields with name "multi_select" and same data-id to js array multi_data[data-id]
   var multi_data = [];
   $(document).on('change', 'input[name=multi_select]:checkbox', function() {
     if ($(this).is(':checked') && $(this).data('id')) {
@@ -105,7 +105,8 @@ $(document).ready(function() {
         url: '/api/v1/' + api_url,
         jsonp: false,
         complete: function(data) {
-          // var reponse = (JSON.parse(data.responseText));
+          var response = (data.responseText);
+          // alert(response);
           // console.log(reponse.type);
           // console.log(reponse.msg);
           window.location = window.location.href.split("#")[0];

data/web/json_api.php

@@ -769,6 +769,21 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
                   echo '{}';
                 }
               break;
+              case "autodiscover":
+                if (isset($extra) && !empty($extra)) {
+                  $extra = intval($extra);
+                  $logs = get_logs('autodiscover-mailcow', $extra);
+                }
+                else {
+                  $logs = get_logs('autodiscover-mailcow', -1);
+                }
+                if (isset($logs) && !empty($logs)) {
+                  echo json_encode($logs, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+                else {
+                  echo '{}';
+                }
+              break;
               case "sogo":
                 if (isset($extra) && !empty($extra)) {
                   $extra = intval($extra);
@@ -1780,6 +1795,48 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               ));
             }
           break;
+          case "app_links":
+            if (isset($_POST['attr'])) {
+              $attr = (array)json_decode($_POST['attr'], true);
+              if (is_array($attr)) {
+                if (customize('edit', 'app_links', $attr) === false) {
+                  if (isset($_SESSION['return'])) {
+                    echo json_encode($_SESSION['return']);
+                  }
+                  else {
+                    echo json_encode(array(
+                      'type' => 'error',
+                      'msg' => 'Edit failed'
+                    ));
+                  }
+                  exit();
+                }
+                else {
+                  if (isset($_SESSION['return'])) {
+                    echo json_encode($_SESSION['return']);
+                  }
+                  else {
+                    echo json_encode(array(
+                      'type' => 'success',
+                      'msg' => 'Task completed'
+                    ));
+                  }
+                }
+              }
+              else {
+                echo json_encode(array(
+                  'type' => 'error',
+                  'msg' => 'Incomplete post data'
+                ));
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'msg' => 'Incomplete post data'
+              ));
+            }
+          break;
           case "relayhost":
             if (isset($_POST['items']) && isset($_POST['attr'])) {
               $items = (array)json_decode($_POST['items'], true);

data/web/lang/lang.de.php

@@ -512,3 +512,14 @@ $lang['success']['relayhost_removed'] = "Relayhost %s wurde entfernt";
 $lang['success']['relayhost_added'] = "Relayhost %s wurde hinzugefügt";
 $lang['admin']['relay_from'] = "Absenderadresse";
 $lang['admin']['relay_run'] = "Test durchführen";
+$lang['admin']['customize'] = "Anpassung";
+$lang['admin']['change_logo'] = "Logo ändern";
+$lang['admin']['logo_info'] = "Die hochgeladene Grafik wird für die Navigationsleiste auf eine Höhe von 40px skaliert. Für die Startseite ist eine Skalierung auf eine maximale Breite von 250px programmiert. Eine frei skalierbare Grafik (etwa SVG) wird empfohlen.";
+$lang['admin']['upload'] = "Hochladen";
+$lang['admin']['app_links'] = "App Links";
+$lang['admin']['app_name'] = "App Name";
+$lang['admin']['link'] = "Link";
+$lang['admin']['remove_row'] = "Zeile entfernen";
+$lang['admin']['add_row'] = "Zeile hinzufügen";
+$lang['admin']['reset_default'] = "Auf Standard zurücksetzen";
+$lang['admin']['merged_vars_hint'] = 'Ausgegraute Zeilen wurden aus der Datei <code>vars.inc.(local.)php</code> gelesen und können nicht mittels UI verändert werden.';

data/web/lang/lang.en.php

@@ -141,9 +141,9 @@ $lang['user']['weeks'] = 'Weeks';
 $lang['user']['spamfilter'] = 'Spam filter';
 $lang['admin']['spamfilter'] = 'Spam filter';
 $lang['user']['spamfilter_wl'] = 'Whitelist';
-$lang['user']['spamfilter_wl_desc'] = 'Whitelisted email addresses to <b>never</b> classify as spam. Wildcards maybe used.';
+$lang['user']['spamfilter_wl_desc'] = 'Whitelisted email addresses to <b>never</b> classify as spam. Wildcards may be used.';
 $lang['user']['spamfilter_bl'] = 'Blacklist';
-$lang['user']['spamfilter_bl_desc'] = 'Blacklisted email addresses to <b>always</b> classify as spam and reject. Wildcards maybe used.';
+$lang['user']['spamfilter_bl_desc'] = 'Blacklisted email addresses to <b>always</b> classify as spam and reject. Wildcards may be used.';
 $lang['user']['spamfilter_behavior'] = 'Rating';
 $lang['user']['spamfilter_table_rule'] = 'Rule';
 $lang['user']['spamfilter_table_action'] = 'Action';
@@ -525,3 +525,23 @@ $lang['success']['relayhost_removed'] = "Relayhost %s has been removed";
 $lang['success']['relayhost_added'] = "Relayhost %s has been added";
 $lang['admin']['relay_from'] = '"From:" address';
 $lang['admin']['relay_run'] = "Run test";
+
+$lang['admin']['customize'] = "Customize";
+$lang['admin']['change_logo'] = "Change logo";
+$lang['admin']['logo_info'] = "Your image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. A scalable graphic is highly recommended.";
+$lang['admin']['upload'] = "Upload";
+$lang['admin']['app_links'] = "App links";
+$lang['admin']['app_name'] = "App name";
+$lang['admin']['link'] = "Link";
+$lang['admin']['remove_row'] = "Remove row";
+$lang['admin']['add_row'] = "Add row";
+$lang['admin']['reset_default'] = "Reset to default";
+$lang['admin']['merged_vars_hint'] = 'Greyed out rows were merged from <code>vars.inc.(local.)php</code> and cannot be modified.';
+
+$lang['edit']['tls_policy'] = "Change TLS policy";
+$lang['edit']['spam_score'] = "Set a custom spam score";
+$lang['edit']['spam_policy'] = "Add or remove items to white-/blacklist";
+$lang['edit']['delimiter_action'] = "Change delimiter action";
+$lang['edit']['syncjobs'] = "Add or change sync jobs";
+$lang['edit']['eas_reset'] = "Reset EAS devices";
+$lang['edit']['spam_alias'] = "Create or change time limited alias addresses";

data/web/modals/mailbox.php

@@ -406,6 +406,13 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
 							</div>
 						</div>
 					</div>
+          <div class="form-group">
+						<div class="col-sm-offset-2 col-sm-10">
+							<div class="checkbox">
+							<label><input type="checkbox" value="1" name="delete2"> <?=$lang['add']['delete2'];?></label>
+							</div>
+						</div>
+					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">

data/web/user.php

@@ -268,8 +268,8 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
 		<h4><?=$lang['user']['spamfilter_behavior'];?></h4>
 		<form class="form-horizontal" role="form" data-id="spam_score" method="post">
 			<div class="form-group">
-				<div class="col-sm-12">
-					<input name="spam_score" id="spam_score" type="text" style="width: 100% !important;"
+				<div class="col-lg-6 col-sm-12">
+					<input name="spam_score" id="spam_score" type="text" style="width: 100%;"
 						data-provide="slider"
 						data-slider-min="1"
 						data-slider-max="2000"
@@ -321,14 +321,13 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
           <div class="btn-group">
             <a class="btn btn-sm btn-default" id="toggle_multi_select_all" data-id="policy_wl_mailbox" href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['mailbox']['toggle_all'];?></a>
             <a class="btn btn-sm btn-danger" id="delete_selected" data-id="policy_wl_mailbox" data-api-url='delete/mailbox-policy' href="#"><?=$lang['mailbox']['remove'];?></a></li>
-            </ul>
           </div>
         </div>
         <form class="form-inline" data-id="add_wl_policy_mailbox">
           <div class="input-group">
             <input type="text" class="form-control" name="object_from" id="object_from" placeholder="*@example.org" required>
             <span class="input-group-btn">
-              <button class="btn btn-success" id="add_item" data-id="add_wl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":"<?= $username; ?>","object_list":"wl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
+              <button class="btn btn-default" id="add_item" data-id="add_wl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":"<?= $username; ?>","object_list":"wl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
             </span>
           </div>
         </form>
@@ -349,7 +348,6 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
           <div class="btn-group">
             <a class="btn btn-sm btn-default" id="toggle_multi_select_all" data-id="policy_bl_mailbox" href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['mailbox']['toggle_all'];?></a>
             <a class="btn btn-sm btn-danger" id="delete_selected" data-id="policy_bl_mailbox" data-api-url='delete/mailbox-policy' href="#"><?=$lang['mailbox']['remove'];?></a></li>
-            </ul>
           </div>
         </div>
         <form class="form-inline" data-id="add_bl_policy_mailbox">
@@ -358,7 +356,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
             <input type="hidden" name="username" value="<?= $username ;?>">
             <input type="hidden" name="object_list" value="bl">
             <span class="input-group-btn">
-              <button class="btn btn-success" id="add_item" data-id="add_bl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":"<?= $username; ?>","object_list":"bl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
+              <button class="btn btn-default" id="add_item" data-id="add_bl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":"<?= $username; ?>","object_list":"bl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
             </span>
           </div>
         </form>