Changeset 490


Ignore:
Timestamp:
Sep 1, 2014 4:50:11 PM (10 years ago)
Author:
anonymous
Message:

Increased robustness of Email(); added envelope_sender_address param. Clarity in Validator class.

Location:
trunk/lib
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/Email.inc.php

    r484 r490  
    6161        'subject' => null,
    6262        'headers' => null,
     63        'envelope_sender_address' => null, // AKA the bounce-to address. Will default to 'from' if left null.
    6364        'regex' => null,
    6465
     
    103104        . '[.-]?(?:[A-Z0-9]+[-.])*(?:[A-Z0-9]+\.)+[A-Z]{2,6}))'         // FALSE, matches domain name
    104105        . '(?(1)'                                                       // Comment conditional for if initial < exists
    105         . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)'                                  // TRUE, ensure ending >
     106        . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)'                               // TRUE, ensure ending >
    106107        . '|'
    107108        . '(?:|\s*|\s+\([^,@]+\)\s*))$/i'));                            // FALSE ensure there is no ending >
     
    129130            if (isset($params['from']) && !$this->validEmail($params['from'])) {
    130131                $params['from'] = null;
     132            }
     133            if (isset($params['envelope_sender_address']) && !$this->validEmail($params['envelope_sender_address'])) {
     134                $params['envelope_sender_address'] = null;
    131135            }
    132136
     
    256260        // Use arguments if provided.
    257261        if (isset($to)) {
    258              $this->setParam(array('to' => $to));
     262            $this->setParam(array('to' => $to));
    259263        }
    260264        if (isset($from)) {
    261              $this->setParam(array('from' => $from));
     265            $this->setParam(array('from' => $from));
    262266        }
    263267        if (isset($subject)) {
    264              $this->setParam(array('subject' => $subject));
     268            $this->setParam(array('subject' => $subject));
    265269        }
    266270        if (isset($headers)) {
    267              $this->setParam(array('headers' => $headers));
     271            $this->setParam(array('headers' => $headers));
    268272        }
    269273
     
    309313        $final_headers = array();
    310314        foreach ($headers as $key => $val) {
    311             if (empty($key) || empty($val) || !is_string($key) || !is_string($val)) {
     315            // Validate key and values.
     316            if (empty($key) || empty($val) || !is_string($key) || !is_string($val) || preg_match("/[\n\r]/", $key . $val) || preg_match('/[^\w-]/', $key)) {
    312317                $app->logMsg(sprintf('Broken headers provided: %s=%s', $key, $val), LOG_WARNING, __FILE__, __LINE__);
     318                continue;
     319            }
     320            // If the envelope_sender_address was given as a header, move it to the correct place.
     321            if ('envelope_sender_address' == $key) {
     322                $this->_params['envelope_sender_address'] = isset($this->_params['envelope_sender_address']) ? $this->_params['envelope_sender_address'] : $val;
     323                continue;
    313324            }
    314325            $final_headers[] = sprintf('%s: %s', $key, $val);
     
    317328
    318329        // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part.
    319         $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']);
     330        if (isset($this->_params['envelope_sender_address'])) {
     331            $envelope_sender_address = sprintf('<%s>', trim($this->_params['envelope_sender_address'], '<>'));
     332        } else {
     333            $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']);
     334        }
    320335        if ('' != $envelope_sender_address && $this->validEmail($envelope_sender_address)) {
    321             $envelope_sender_header = sprintf('-f %s', $envelope_sender_address);
    322         } else {
    323             $envelope_sender_header = '';
     336            $additional_parameter = sprintf('-f %s', $envelope_sender_address);
     337        } else {
     338            $additional_parameter = '';
    324339        }
    325340
     
    328343        if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc)\s*:/i", $full_mail_content)) {
    329344            $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__);
    330             sleep(3);
    331345            return false;
    332346        }
     
    336350            $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers);
    337351        } else {
    338             $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header);
     352            $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $additional_parameter);
    339353        }
    340354
     
    344358            return true;
    345359        } else {
    346             $app->logMsg(sprintf('Email failure: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $envelope_sender_header), LOG_WARNING, __FILE__, __LINE__);
     360            $app->logMsg(sprintf('Email failure: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $additional_parameter), LOG_WARNING, __FILE__, __LINE__);
    347361            return false;
    348362        }

  • trunk/lib/FormValidator.inc.php

    r487 r490  
    276276    public function notEmpty($form_name, $msg='')
    277277    {
    278         if (Validator::notEmpty(getFormData($form_name))) {
     278        if (!Validator::isEmpty(getFormData($form_name))) {
    279279            return true;
    280280        } else {

  • trunk/lib/Validator.inc.php

    r487 r490  
    5353
    5454    /**
    55      * Ensures a value is empty.
     55     * Check if a value is not empty (just the opposite of isEmpty()).
    5656     *
    5757     * @param  string $val The input data to validate.
     
    6060    static public function notEmpty($val)
    6161    {
    62         return '' != trim((string)$val);
    63     }
    64 
    65     /**
    66      * Ensures a value is blank.
     62        return !self::isEmpty($val);
     63    }
     64
     65    /**
     66     * Check if a value is empty.
    6767     *
    6868     * @param  string $val The input data to validate.
     
    7171    static public function isEmpty($val)
    7272    {
    73         return '' == trim((string)$val);
     73        if (is_array($val)) {
     74            return empty($val);
     75        } else {
     76            return '' == trim((string)$val);
     77        }
    7478    }
    7579
Note: See TracChangeset for help on using the changeset viewer.