Changeset 622 for trunk/lib

Timestamp:

Feb 15, 2018 12:31:38 PM (6 years ago)

Author:

anonymous

Message:

Add Email() sandbox mode. Add Email->send() test. Fix minor bugs.

Location:

trunk/lib

Files:

• Auth_SQL.inc.php (modified) (1 diff)
• Email.inc.php (modified) (4 diffs)

trunk/lib/Auth_SQL.inc.php

@@ -826 +826 @@
             $db->query("
                 UPDATE " . $this->_params['db_table'] . " SET
-                blocked = '',
+                blocked = NULL,
                 blocked_reason = ''
                 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'

trunk/lib/Email.inc.php

@@ -73 +73 @@
         'wrap' => true,
         'line_length' => 75,
+
+        'sandbox_mode' => null,
+        'sandbox_to_addr' => null,
     );
 
@@ -80 +83 @@
     // String that contains the email body after replacements.
     protected $_template_replaced;
+
+    // Email debug modes.
+    const SANDBOX_MODE_REDIRECT = 1; // Send all mail to 'sandbox_to_addr'
+    const SANDBOX_MODE_STDERR = 2; // Log all mail to stderr
 
     /**
@@ -359 +366 @@
             }
             // If the envelope_sender_address was given as a header, move it to the correct place.
-            if ('envelope_sender_address' == $key) {
+            if ('envelope_sender_address' == strtolower($key)) {
                 $this->_params['envelope_sender_address'] = isset($this->_params['envelope_sender_address']) ? $this->_params['envelope_sender_address'] : $val;
+                continue;
+            }
+            // If we're sending in sandbox mode, remove any headers with recipient addresses.
+            if ($this->getParam('sandbox_mode') == self::SANDBOX_MODE_REDIRECT && in_array(strtolower($key), array('to', 'cc', 'bcc')) && mb_strpos($val, '@') !== false) {
+                // Don't carry this into the $final_headers.
+                $app->logMsg(sprintf('Skipping header in sandbox mode: %s=%s', $key, $val), LOG_DEBUG, __FILE__, __LINE__);
                 continue;
             }
@@ -384 +397 @@
             $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__);
             return false;
+        }
+
+        // Enter sandbox mode, if specified.
+        switch ($this->getParam('sandbox_mode')) {
+        case self::SANDBOX_MODE_REDIRECT:
+            if (!$this->getParam('sandbox_to_addr')) {
+                $app->logMsg(sprintf('Email sandbox_mode is SANDBOX_MODE_REDIRECT but sandbox_to_addr is not set.', null), LOG_ERR, __FILE__, __LINE__);
+                break;
+            }
+            $final_to = $this->getParam('sandbox_to_addr');
+            break;
+
+        case self::SANDBOX_MODE_STDERR:
+            file_put_contents('php://stderr', sprintf("Subject: %s\nTo: %s\n%s\n\n%s", $this->getParam('subject'), $final_to, str_replace($this->getParam('crlf'), "\n", $final_headers), $final_body), FILE_APPEND);
+            return true;
         }