Fixes #861: Enforce protection on outgoing server credential

cron/SendReminder.service

@@ -253,7 +253,7 @@ function send_email($to,$from,$subject,$contents,$mail_server,$mail_server_usern
 	else
 		$mail->SMTPAuth = false;
 	$mail->Username = $mail_server_username ;	// SMTP username
-	$mail->Password = $mail_server_password ;	// SMTP password
+	$mail->Password = Vtiger_Functions::fromProtectedText($mail_server_password) ;	// SMTP password
 	$mail->From = $from;
 	$mail->FromName = $initialfrom;
 	$log->info("Mail sending process : From Name & email id => '".$initialfrom."','".$from."'");

cron/intimateTaskStatus.php

@@ -22,7 +22,7 @@ $mailserveresult = $adb->pquery("SELECT server,server_username,server_password,s
 $mailrow = $adb->fetch_array($mailserveresult);
 $mailserver = $mailrow[0];
 $mailuname = $mailrow[1];
-$mailpwd = $mailrow[2];
+$mailpwd = Vtiger_Functions::fromProtectedText($mailrow[2]);
 $smtp_auth = $mailrow[3];
 // End Email Setup
 

cron/send_mail.php

@@ -42,7 +42,7 @@ function sendmail($to,$from,$subject,$contents,$mail_server,$mail_server_usernam
 	else
 		$mail->SMTPAuth = false;
 	$mail->Username = $mail_server_username ;//$smtp_username;  // SMTP username
-	$mail->Password = $mail_server_password ;//$smtp_password; // SMTP password
+	$mail->Password = Vtiger_Functions::fromProtectedText($mail_server_password);//$smtp_password; // SMTP password
 	$mail->From = $from;
 	$mail->FromName = $initialfrom;
 	$mail->AddAddress($to);                  // name is optional

modules/Emails/mail.php

@@ -326,7 +326,7 @@ function setMailServerProperties($mail)
 	}
     $mail->Host = $server;		// specify main and backup server
 	$mail->Username = $username ;	// SMTP username
-    $mail->Password = $password ;	// SMTP password
+    $mail->Password = Vtiger_Functions::fromProtectedText($password);	// SMTP password
     
     // To Support TLS
     $serverinfo = explode("://", $server);

modules/Migration/schema/710_to_711.php

@@ -17,4 +17,7 @@ if (defined('VTIGER_UPGRADE')) {
 	if (in_array('user_hash', $columns)) {
 		$db->pquery('ALTER TABLE vtiger_users DROP COLUMN user_hash', array());
 	}
+
+	// Resizing column to hold wider string value.
+	$db->pquery('ALTER TABLE vtiger_systems MODIFY server_password VARCHAR(255)', array());
 }

modules/Settings/Vtiger/models/Systems.php

@@ -26,7 +26,13 @@ class Settings_Vtiger_Systems_Model extends Vtiger_Base_Model{
 
         $id = $this->getId();
         $params = array();
-        array_push($params, $this->get('server'),$this->get('server_port'),$this->get('server_username'),$this->get('server_password'),$this->get('server_type'),
+
+        $server_password = $this->get('server_password');
+        if ($id && !Vtiger_Functions::isProtectedText($server_password)) {
+            $server_password = Vtiger_Functions::toProtectedText($server_password);
+        }
+        
+        array_push($params, $this->get('server'),$this->get('server_port'),$this->get('server_username'),$server_password,$this->get('server_type'),
                    $this->isSmtpAuthEnabled(),$this->get('server_path'),$this->get('from_email_field'));
 
         if(empty($id)) {

schema/DatabaseSchema.xml

@@ -1822,7 +1822,7 @@
 		<field name="server" type="C" size="100" />
 		<field name="server_port" type="I" size="19" />
 		<field name="server_username" type="C" size="100" />
-		<field name="server_password" type="C" size="100" />
+		<field name="server_password" type="C" size="255" />
 		<field name="server_type" type="C" size="20" />
 		<field name="smtp_auth" type="C" size="5" />
 		<field name="server_path" type="C" size="256" />

vtlib/Vtiger/Mailer.php

@@ -52,7 +52,7 @@ class Vtiger_Mailer extends PHPMailer {
 		if($adb->num_rows($result)) {
 			$this->Host = $adb->query_result($result, 0, 'server');
 			$this->Username = decode_html($adb->query_result($result, 0, 'server_username'));
-			$this->Password = decode_html($adb->query_result($result, 0, 'server_password'));
+			$this->Password = Vtiger_Functions::fromProtectedText(decode_html($adb->query_result($result, 0, 'server_password')));
 			$this->SMTPAuth = $adb->query_result($result, 0, 'smtp_auth');
 
 			// To support TLS