From ec77406dba452270fdc24b38b2d8e7e2b3587f97 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 17 Dec 2025 14:27:38 +0100
Subject: [PATCH] Fix autodiscover.php: Use random error IDs and fix SQL type
 casting

- Replace hardcoded error IDs with random values (1-10 billion range) for better debugging
- Cast SimpleXMLElement email to string before SQL query to prevent type errors
- Qualify ambiguous 'active' column with table names in JOIN query
- Add proper error XML response for database errors instead of die()
- Ensure all error paths return complete XML documents
---
 data/web/autodiscover.php | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index fe1e8e910..e5d159815 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -94,7 +94,7 @@ if(!$data) {
   list($usec, $sec) = explode(' ', microtime());
 ?>
   <Response>
-    <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272013">
+    <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
       <ErrorCode>600</ErrorCode>
       <Message>Invalid Request</Message>
       <DebugData />
@@ -128,7 +128,7 @@ try {
   list($usec, $sec) = explode(' ', microtime());
 ?>
   <Response>
-    <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272013">
+    <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
       <ErrorCode>600</ErrorCode>
       <Message>Invalid Request</Message>
       <DebugData />
@@ -139,9 +139,9 @@ try {
   exit(0);
 }
 
-$username = trim($email);
+$username = trim((string)$email);
 try {
-  $stmt = $pdo->prepare("SELECT `name`, `active` FROM `mailbox` 
+  $stmt = $pdo->prepare("SELECT `mailbox`.`name`, `mailbox`.`active` FROM `mailbox` 
     INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
     WHERE `mailbox`.`username` = :username 
     AND `mailbox`.`active` = '1'
@@ -150,7 +150,19 @@ try {
   $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
 }
 catch(PDOException $e) {
-  die("Failed to determine name from SQL");
+  // Database error - return error response with complete XML
+  list($usec, $sec) = explode(' ', microtime());
+?>
+  <Response>
+    <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
+      <ErrorCode>500</ErrorCode>
+      <Message>Database Error</Message>
+      <DebugData />
+    </Error>
+  </Response>
+</Autodiscover>
+<?php
+  exit(0);
 }
 
 // Mailbox not found or not active - return error
@@ -174,7 +186,7 @@ if (empty($MailboxData)) {
   list($usec, $sec) = explode(' ', microtime());
 ?>
   <Response>
-    <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272014">
+    <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
       <ErrorCode>600</ErrorCode>
       <Message>Mailbox not found</Message>
       <DebugData />