Changeset 490
- Timestamp:
- Sep 1, 2014 4:50:11 PM (10 years ago)
- Location:
- trunk/lib
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Email.inc.php
r484 r490 61 61 'subject' => null, 62 62 'headers' => null, 63 'envelope_sender_address' => null, // AKA the bounce-to address. Will default to 'from' if left null. 63 64 'regex' => null, 64 65 … … 103 104 . '[.-]?(?:[A-Z0-9]+[-.])*(?:[A-Z0-9]+\.)+[A-Z]{2,6}))' // FALSE, matches domain name 104 105 . '(?(1)' // Comment conditional for if initial < exists 105 . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)' 106 . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)' // TRUE, ensure ending > 106 107 . '|' 107 108 . '(?:|\s*|\s+\([^,@]+\)\s*))$/i')); // FALSE ensure there is no ending > … … 129 130 if (isset($params['from']) && !$this->validEmail($params['from'])) { 130 131 $params['from'] = null; 132 } 133 if (isset($params['envelope_sender_address']) && !$this->validEmail($params['envelope_sender_address'])) { 134 $params['envelope_sender_address'] = null; 131 135 } 132 136 … … 256 260 // Use arguments if provided. 257 261 if (isset($to)) { 258 262 $this->setParam(array('to' => $to)); 259 263 } 260 264 if (isset($from)) { 261 265 $this->setParam(array('from' => $from)); 262 266 } 263 267 if (isset($subject)) { 264 268 $this->setParam(array('subject' => $subject)); 265 269 } 266 270 if (isset($headers)) { 267 271 $this->setParam(array('headers' => $headers)); 268 272 } 269 273 … … 309 313 $final_headers = array(); 310 314 foreach ($headers as $key => $val) { 311 if (empty($key) || empty($val) || !is_string($key) || !is_string($val)) { 315 // Validate key and values. 316 if (empty($key) || empty($val) || !is_string($key) || !is_string($val) || preg_match("/[\n\r]/", $key . $val) || preg_match('/[^\w-]/', $key)) { 312 317 $app->logMsg(sprintf('Broken headers provided: %s=%s', $key, $val), LOG_WARNING, __FILE__, __LINE__); 318 continue; 319 } 320 // If the envelope_sender_address was given as a header, move it to the correct place. 321 if ('envelope_sender_address' == $key) { 322 $this->_params['envelope_sender_address'] = isset($this->_params['envelope_sender_address']) ? $this->_params['envelope_sender_address'] : $val; 323 continue; 313 324 } 314 325 $final_headers[] = sprintf('%s: %s', $key, $val); … … 317 328 318 329 // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part. 319 $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']); 330 if (isset($this->_params['envelope_sender_address'])) { 331 $envelope_sender_address = sprintf('<%s>', trim($this->_params['envelope_sender_address'], '<>')); 332 } else { 333 $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']); 334 } 320 335 if ('' != $envelope_sender_address && $this->validEmail($envelope_sender_address)) { 321 $ envelope_sender_header = sprintf('-f %s', $envelope_sender_address);322 } else { 323 $ envelope_sender_header = '';336 $additional_parameter = sprintf('-f %s', $envelope_sender_address); 337 } else { 338 $additional_parameter = ''; 324 339 } 325 340 … … 328 343 if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc)\s*:/i", $full_mail_content)) { 329 344 $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); 330 sleep(3);331 345 return false; 332 346 } … … 336 350 $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers); 337 351 } else { 338 $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $ envelope_sender_header);352 $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $additional_parameter); 339 353 } 340 354 … … 344 358 return true; 345 359 } else { 346 $app->logMsg(sprintf('Email failure: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $ envelope_sender_header), LOG_WARNING, __FILE__, __LINE__);360 $app->logMsg(sprintf('Email failure: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $additional_parameter), LOG_WARNING, __FILE__, __LINE__); 347 361 return false; 348 362 } -
trunk/lib/FormValidator.inc.php
r487 r490 276 276 public function notEmpty($form_name, $msg='') 277 277 { 278 if ( Validator::notEmpty(getFormData($form_name))) {278 if (!Validator::isEmpty(getFormData($form_name))) { 279 279 return true; 280 280 } else { -
trunk/lib/Validator.inc.php
r487 r490 53 53 54 54 /** 55 * Ensures a value is empty.55 * Check if a value is not empty (just the opposite of isEmpty()). 56 56 * 57 57 * @param string $val The input data to validate. … … 60 60 static public function notEmpty($val) 61 61 { 62 return '' != trim((string)$val);63 } 64 65 /** 66 * Ensures a value is blank.62 return !self::isEmpty($val); 63 } 64 65 /** 66 * Check if a value is empty. 67 67 * 68 68 * @param string $val The input data to validate. … … 71 71 static public function isEmpty($val) 72 72 { 73 return '' == trim((string)$val); 73 if (is_array($val)) { 74 return empty($val); 75 } else { 76 return '' == trim((string)$val); 77 } 74 78 } 75 79
Note: See TracChangeset
for help on using the changeset viewer.