- Timestamp:
- Dec 15, 2005 1:28:09 AM (19 years ago)
- Location:
- trunk/lib
- Files:
-
- 3 edited
-
App.inc.php (modified) (1 diff)
-
Email.inc.php (modified) (6 diffs)
-
MCVE.inc.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r37 r38 1003 1003 } 1004 1004 1005 if ('on' != getenv('HTTPS') && $this->getParam('ssl_enabled') && preg_match('/mod_ssl/i', getenv('SERVER_SOFTWARE'))) { 1005 if (function_exists('apache_get_modules')) { 1006 $modules = apache_get_modules(); 1007 } else { 1008 // It's safe to assume we have mod_ssl if we can't determine otherwise. 1009 $modules = array('mod_ssl'); 1010 } 1011 1012 if ('on' != getenv('HTTPS') && $this->getParam('ssl_enabled') && in_array('mod_ssl', $modules)) { 1006 1013 $this->raiseMsg(sprintf(_("Secure SSL connection made to %s"), $this->getParam('ssl_domain')), MSG_NOTICE, __FILE__, __LINE__); 1007 1014 // Always append session because some browsers do not send cookie when crossing to SSL URL. -
trunk/lib/Email.inc.php
r37 r38 36 36 'from' => null, 37 37 'subject' => null, 38 'headers' => null, 38 39 'regex' => null 39 40 ); … … 207 208 * @since 28 Nov 2005 12:56:09 208 209 */ 209 function send($to=null, $from=null, $subject=null )210 function send($to=null, $from=null, $subject=null, $headers=null) 210 211 { 211 212 // Use arguments if provided. … … 219 220 $this->setParam(array('subject' => $subject)); 220 221 } 222 if (isset($headers)) { 223 $this->setParam(array('headers' => $headers)); 224 } 221 225 222 226 // Ensure required values exist. … … 248 252 249 253 // From headers are custom headers. 250 $headers = sprintf("From: %s\r\n\r\n", $this->_params['from']); 254 $headers = array('From' => $this->_params['from']); 255 256 // Additional headers. 257 if (isset($this->_params['headers']) && is_array($this->_params['headers'])) { 258 $headers = array_merge($this->_params['headers'], $headers); 259 } 260 261 // Process headers. 262 $final_headers = array(); 263 foreach ($headers as $key => $val) { 264 $final_headers[] = sprintf('%s: %s', $key, $val); 265 } 266 $final_headers = join("\r\n", $final_headers); 251 267 252 268 // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part. … … 254 270 255 271 // Check for mail header injection attacks. 256 $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body, $ headers, $envelope_sender_header));272 $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header)); 257 273 if (preg_match("/(Content-Type:|MIME-Version:|Content-Transfer-Encoding:|[\n\r]Bcc:|[\n\r]Cc:)/i", $full_mail_content)) { 258 274 App::logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); … … 262 278 263 279 // Ensure message was successfully accepted for delivery. 264 if (!mail($final_to, $this->_params['subject'], $final_body, $ headers, $envelope_sender_header)) {265 App::logMsg(sprintf('Email failure with parameters: %s, %s, %s, %s', $this->_params['to'], $this->_params['subject'], str_replace("\r\n", '', $ headers), $envelope_sender_header), LOG_NOTICE, __FILE__, __LINE__);280 if (!mail($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header)) { 281 App::logMsg(sprintf('Email failure with parameters: %s, %s, %s, %s', $this->_params['to'], $this->_params['subject'], str_replace("\r\n", '', $final_headers), $envelope_sender_header), LOG_NOTICE, __FILE__, __LINE__); 266 282 return false; 267 283 } -
trunk/lib/MCVE.inc.php
r37 r38 26 26 trigger_error('MCVE class instantiation failed: MCVE extension not available.', E_USER_WARNING); 27 27 die; 28 } 29 if ('' == $username || '' == $password) { 30 App::logMsg(sprintf('Empty username or password provided.', null), LOG_ERR, __FILE__, __LINE__); 28 31 } 29 32 $this->username = $username;
Note: See TracChangeset
for help on using the changeset viewer.
