Changeset 622

Timestamp:

Feb 15, 2018 12:31:38 PM (6 years ago)

Author:

anonymous

Message:

Add Email() sandbox mode. Add Email->send() test. Fix minor bugs.

Location:

trunk

Files:

• docs/version.txt (modified) (1 diff)
• js/Msg.js (modified) (1 diff)
• lib/Auth_SQL.inc.php (modified) (1 diff)
• lib/Email.inc.php (modified) (4 diffs)
• tests/EmailTest.php (modified) (3 diffs)
• tests/run_tests.sh (modified) (1 diff)

trunk/docs/version.txt

@@ -1 @@
-2.2.0
+2.2.1-1

trunk/js/Msg.js

@@ -56 +56 @@
         // Warn if the target doesn't exist.
         if (!$(options.container).length) {
-            console.warn('Strangecode.Msg container not found: ' + this.o.container);
+            console.warn('Strangecode.Msg container not found: ' + options.container);
         }
     });

trunk/lib/Auth_SQL.inc.php

@@ -826 +826 @@
             $db->query("
                 UPDATE " . $this->_params['db_table'] . " SET
-                blocked = '',
+                blocked = NULL,
                 blocked_reason = ''
                 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'

trunk/lib/Email.inc.php

@@ -73 +73 @@
         'wrap' => true,
         'line_length' => 75,
+
+        'sandbox_mode' => null,
+        'sandbox_to_addr' => null,
     );
 
@@ -80 +83 @@
     // String that contains the email body after replacements.
     protected $_template_replaced;
+
+    // Email debug modes.
+    const SANDBOX_MODE_REDIRECT = 1; // Send all mail to 'sandbox_to_addr'
+    const SANDBOX_MODE_STDERR = 2; // Log all mail to stderr
 
     /**
@@ -359 +366 @@
             }
             // If the envelope_sender_address was given as a header, move it to the correct place.
-            if ('envelope_sender_address' == $key) {
+            if ('envelope_sender_address' == strtolower($key)) {
                 $this->_params['envelope_sender_address'] = isset($this->_params['envelope_sender_address']) ? $this->_params['envelope_sender_address'] : $val;
+                continue;
+            }
+            // If we're sending in sandbox mode, remove any headers with recipient addresses.
+            if ($this->getParam('sandbox_mode') == self::SANDBOX_MODE_REDIRECT && in_array(strtolower($key), array('to', 'cc', 'bcc')) && mb_strpos($val, '@') !== false) {
+                // Don't carry this into the $final_headers.
+                $app->logMsg(sprintf('Skipping header in sandbox mode: %s=%s', $key, $val), LOG_DEBUG, __FILE__, __LINE__);
                 continue;
             }
@@ -384 +397 @@
             $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__);
             return false;
+        }
+
+        // Enter sandbox mode, if specified.
+        switch ($this->getParam('sandbox_mode')) {
+        case self::SANDBOX_MODE_REDIRECT:
+            if (!$this->getParam('sandbox_to_addr')) {
+                $app->logMsg(sprintf('Email sandbox_mode is SANDBOX_MODE_REDIRECT but sandbox_to_addr is not set.', null), LOG_ERR, __FILE__, __LINE__);
+                break;
+            }
+            $final_to = $this->getParam('sandbox_to_addr');
+            break;
+
+        case self::SANDBOX_MODE_STDERR:
+            file_put_contents('php://stderr', sprintf("Subject: %s\nTo: %s\n%s\n\n%s", $this->getParam('subject'), $final_to, str_replace($this->getParam('crlf'), "\n", $final_headers), $final_body), FILE_APPEND);
+            return true;
         }
 

trunk/tests/EmailTest.php

@@ -5 +5 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -12 +12 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -83 +83 @@
 //     }
 //
-//     function testsend()
-//     {
-//         $result   = $this->Email->send(PARAM);
-//         $expected = EXPECTED_VAL;
-//         $this->assertEquals($expected, $result);
-//     }
+    function testsend()
+    {
+
+        $this->Email = new Email(array(
+            'to' => 'Rob Recipient <to@example.com>',
+            'from' => 'Sam Sender <from@example.com>',
+            'subject' => 'EmailTest',
+            'headers' => array(
+                'CC' => 'This header removed in REDIRECT sandbox mode <remove-me@example.com>',
+                'X-Hello' => 'Hi there',
+            ),
+            'sandbox_mode' => Email::SANDBOX_MODE_REDIRECT,
+            'sandbox_to_addr' => 'quinn@strangecode.com',
+        ));
+        $this->Email->setString('This is a {TEST}');
+        $this->Email->replace(array(
+            'test' => '– you guessed it – a test!'
+        ));
+        $result   = $this->Email->send();
+        $expected = true;
+        $this->assertEquals($expected, $result);
+    }
 
     function testvalidemail()

trunk/tests/run_tests.sh

@@ -38 +38 @@
 # Config options go in phpunit.xml
 # phpunit --tap | grep -v '^ok '
-phpunit --stderr || err "\nSomething went wrong (code $?). If there is no output above, check the php_error_log";
+../vendor/phpunit/phpunit/composer/bin/phpunit --stderr || err "\nSomething went wrong (code $?). If there is no output above, check the php_error_log";