Update fMailbox.php handling 5.6+ Security

BrendonKoz · BrendonKoz · commit 14e446760dca · 2015-05-21T09:27:19.000-07:00
As of PHP version 5.6 there is much stricter security checking being done on various levels. Flourish's excellent Mailbox class unfortunately isn't up-to-date enough to handle the new restrictions by default. This fix is simply a fallback to allow for its previous level of functionality. It bypasses the new security implementations that PHP 5.6 brings to the table, but users of Gmail's mail server, or users of shared hosting will be able to continue to use this library with the class as expected. (It has to do with domain mismatch.)
diff --git a/fMailbox.php b/fMailbox.php
@@ -965,13 +965,30 @@ private function connect()
 
 		fCore::startErrorCapture(E_WARNING);
 
-		$this->connection = fsockopen(
-			$this->secure ? 'tls://' . $this->host : $this->host,
-			$this->port,
-			$error_number,
-			$error_string,
-			$this->timeout
-		);
+		if ($this->secure) {
+			$this->connection = stream_socket_client(
+				'tls://' . $this->host . ':' . $this->port,
+				$error_number,
+				$error_string,
+				$this->timeout,
+				STREAM_CLIENT_CONNECT,
+				stream_context_create(array(
+					'ssl' => array(
+						'verify_peer' => false,
+						'verify_peer_name' => false,
+						'disable_compression' => true,
+					)
+				))
+			);
+		} else {
+			$this->connection = fsockopen(
+				$this->host,
+				$this->port,
+				$error_number,
+				$error_string,
+				$this->timeout
+			);	
+		}
 
 		foreach (fCore::stopErrorCapture('#ssl#i') as $error) {
 			throw new fConnectivityException('There was an error connecting to the server. A secure connection was requested, but was not available. Try a non-secure connection instead.');
@@ -1522,4 +1539,4 @@ private function write($command, $expected=NULL)
  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
- */
+ */
