nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-21 01:54:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add disallowed header check and some comments

Browse Source
This commit is contained in:
Rob Ostensen 2012-03-10 18:34:21 -06:00 committed by Andrew McMillan
parent e7afaef931
commit db57e81b8d
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
inc/iSchedule.php
View File

@ -38,14 +38,15 @@ class iSchedule
'Originator', 'Originator',
'Recipient', 'Recipient',
'Content-Type' ); 'Content-Type' );
private $disallowed_headers = Array ( 'Connection', // draft 01 section 7.1 disallowed headers private $disallowed_headers = Array ( 'connection', // draft 01 section 7.1 disallowed headers
'Keep-Alive', 'keep-alive',
'Proxy-Authenticate', 'dkim-signature',
'Proxy-Authorization', 'proxy-authenticate',
'TE', 'proxy-authorization',
'Trailers', 'te',
'Transfer-Encoding', 'trailers',
'Upgrade' ); 'transfer-encoding',
'upgrade' );
function __construct ( ) function __construct ( )
{ {
@ -539,8 +540,8 @@ class iSchedule
$this->signed_headers = preg_split ( '/:/', $dkim['h'] ); $this->signed_headers = preg_split ( '/:/', $dkim['h'] );
foreach ( $this->signed_headers as $h ) foreach ( $this->signed_headers as $h )
if ( strtolower ( $h ) == 'dkim-signature' ) if ( in_array ( strtolower ( $h ), $this->disallowed_headers ) )
return "DKIM Signature is NOT allowed in signed header fields per RFC4871"; return "$h is NOT allowed in signed header fields per RFC4871 or iSchedule";
// body hash REQUIRED // body hash REQUIRED
if ( ! isset ( $dkim['bh'] ) ) if ( ! isset ( $dkim['bh'] ) )
return 'missing body signature'; return 'missing body signature';
@ -557,6 +558,7 @@ class iSchedule
/** /**
* split up a mailto uri into domain and user components * split up a mailto uri into domain and user components
* TODO handle other uri types (eg http)
*/ */
function parseURI ( $uri ) function parseURI ( $uri )
{ {
@ -571,6 +573,7 @@ class iSchedule
/** /**
* verifies parsed DKIM header is valid for current message with a signature from the public key in DNS * verifies parsed DKIM header is valid for current message with a signature from the public key in DNS
* TODO handle multiple headers of the same name
*/ */
function verifySignature ( ) function verifySignature ( )
{ {
@ -589,7 +592,7 @@ class iSchedule
if ( ! isset ( $_SERVER['HTTP_ISCHEDULE_VERSION'] ) || $_SERVER['HTTP_ISCHEDULE_VERSION'] != '1' ) //required header and we only speak version 1 for now if ( ! isset ( $_SERVER['HTTP_ISCHEDULE_VERSION'] ) || $_SERVER['HTTP_ISCHEDULE_VERSION'] != '1' ) //required header and we only speak version 1 for now
return "missing or mismatch ischedule-version header"; return "missing or mismatch ischedule-version header";
$body = $request->raw_post; $body = $request->raw_post;
if ( ! isset ( $this->signed_length ) ) if ( ! isset ( $this->signed_length ) ) // Should we use the Content-Length header if the signed length is missing?
$this->signed_length = strlen ( $body ); $this->signed_length = strlen ( $body );
else else
$body = substr ( $body, 0, $this->signed_length ); $body = substr ( $body, 0, $this->signed_length );