security + multiple replyTo addreses

author: yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> 2019-08-24 22:08:56 +0000
committer: yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> 2019-08-24 22:08:56 +0000
commit: 59be4e796441e494f25b18ece7438dbf02442e47 (patch)
tree: dd893b6005411fa7621d3dd6a8ab0d5d664e75e4
parent: 0c1f84b79c768e695fff224730b823517d3c5cc9 (diff)
download: Post-SMTP-59be4e796441e494f25b18ece7438dbf02442e47.zip
5 files changed, 43 insertions, 21 deletions
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php
index d22b265..2df2377 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogController.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php
@@ -3,7 +3,7 @@ if ( ! defined( 'ABSPATH' ) ) {
     exit; // Exit if accessed directly
 }
 
-require_once dirname(__DIR__) . '/PostmanEmailLogs.php';
+require_once dirname(__DIR__) . '/PostmanLogFields.php';
 require_once 'PostmanEmailLogService.php';
 require_once 'PostmanEmailLogView.php';
 
@@ -82,7 +82,7 @@ class PostmanEmailLogController {
 		// get the email address of the recipient from the HTTP Request
 		$postid = $this->getRequestParameter( 'email' );
 		if ( ! empty( $postid ) ) {
-			$meta_values = PostmanEmailLogs::get_data( $postid );
+			$meta_values = PostmanLogFields::get_instance()->get( $postid );
 
 			if ( isset( $_POST['mail_to'] ) && ! empty( $_POST['mail_to'] ) ) {
 				$emails = explode( ',', $_POST['mail_to'] );
@@ -211,7 +211,7 @@ class PostmanEmailLogController {
 			    return;
             }
 
-			$meta_values = PostmanEmailLogs::get_data( $postid );
+			$meta_values = PostmanLogFields::get_instance()->get( $postid );
 			// https://css-tricks.com/examples/hrs/
 			print '<html><head><style>body {font-family: monospace;} hr {
     border: 0;
@@ -269,7 +269,7 @@ class PostmanEmailLogController {
 			$this->logger->trace( 'handling view transcript item' );
 			$postid = $_REQUEST ['email'];
 			$post = get_post( $postid );
-			$meta_values = PostmanEmailLogs::get_data( $postid );
+			$meta_values = PostmanLogFields::get_instance()->get( $postid );
 			// https://css-tricks.com/examples/hrs/
 			print '<html><head><style>body {font-family: monospace;} hr {
     border: 0;
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogService.php b/Postman/Postman-Email-Log/PostmanEmailLogService.php
index 75c3879..eeb25c6 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogService.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogService.php
@@ -3,6 +3,8 @@ if ( ! defined( 'ABSPATH' ) ) {
     exit; // Exit if accessed directly
 }
 
+require_once dirname(__DIR__ ) . '/PostmanLogFields.php';
+
 if ( ! class_exists( 'PostmanEmailLog' ) ) {
 	class PostmanEmailLog {
 		public $sender;
@@ -153,32 +155,32 @@ if ( ! class_exists( 'PostmanEmailLogService' ) ) {
 			$this->logger->trace( $log );
 
 			// Write the meta data related to the email
-			update_post_meta( $post_id, 'success', $log->success );
-			update_post_meta( $post_id, 'from_header', $log->sender );
+			PostmanLogFields::get_instance()->update( $post_id, 'success', $log->success );
+			PostmanLogFields::get_instance()->update( $post_id, 'from_header', $log->sender );
 			if ( ! empty( $log->toRecipients ) ) {
-				update_post_meta( $post_id, 'to_header', $log->toRecipients );
+                PostmanLogFields::get_instance()->update( $post_id, 'to_header', $log->toRecipients );
 			}
 			if ( ! empty( $log->ccRecipients ) ) {
-				update_post_meta( $post_id, 'cc_header', $log->ccRecipients );
+                PostmanLogFields::get_instance()->update( $post_id, 'cc_header', $log->ccRecipients );
 			}
 			if ( ! empty( $log->bccRecipients ) ) {
-				update_post_meta( $post_id, 'bcc_header', $log->bccRecipients );
+                PostmanLogFields::get_instance()->update( $post_id, 'bcc_header', $log->bccRecipients );
 			}
 			if ( ! empty( $log->replyTo ) ) {
-				update_post_meta( $post_id, 'reply_to_header', $log->replyTo );
+                PostmanLogFields::get_instance()->update( $post_id, 'reply_to_header', $log->replyTo );
 			}
-			update_post_meta( $post_id, 'transport_uri', $log->transportUri );
+            PostmanLogFields::get_instance()->update( $post_id, 'transport_uri', $log->transportUri );
 
 			if ( ! $log->success || true ) {
 				// alwas add the meta data so we can re-send it
-				update_post_meta( $post_id, 'original_to', $log->originalTo );
-				update_post_meta( $post_id, 'original_subject', $log->originalSubject );
-				update_post_meta( $post_id, 'original_message', $log->originalMessage );
-				update_post_meta( $post_id, 'original_headers', $log->originalHeaders );
+                PostmanLogFields::get_instance()->update( $post_id, 'original_to', $log->originalTo );
+                PostmanLogFields::get_instance()->update( $post_id, 'original_subject', $log->originalSubject );
+                PostmanLogFields::get_instance()->update( $post_id, 'original_message', $log->originalMessage );
+                PostmanLogFields::get_instance()->update( $post_id, 'original_headers', $log->originalHeaders );
 			}
 
 			// we do not sanitize the session transcript - let the reader decide how to handle the data
-			update_post_meta( $post_id, 'session_transcript', $log->sessionTranscript );
+            PostmanLogFields::get_instance()->update( $post_id, 'session_transcript', $log->sessionTranscript );
 
 			// truncate the log (remove older entries)
 			$purger = new PostmanEmailLogPurger();
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php
index 02da123..2f78ec0 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogView.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php
@@ -2,7 +2,7 @@
 if ( ! defined( 'ABSPATH' ) ) {
     exit; // Exit if accessed directly
 }
-require_once dirname(__DIR__) . '/PostmanEmailLogs.php';
+require_once dirname(__DIR__) . '/PostmanLogFields.php';
 
 /**
  * See http://wpengineer.com/2426/wp_list_table-a-step-by-step-guide/
@@ -96,7 +96,7 @@ class PostmanEmailLogView extends WP_List_Table {
 		$transcriptUrl = admin_url( sprintf( $iframeUri, 'transcript', $item ['ID'] ) );
 		$resendUrl = admin_url( sprintf( $iframeUri, 'resend', $item ['ID'] ) );
 
-		$meta_values = PostmanEmailLogs::get_data( $item ['ID'] );
+		$meta_values = PostmanLogFields::get_instance()->get( $item ['ID'] );
 
 		$actions = array(
 				'delete' => sprintf( '<a href="%s">%s</a>', $deleteUrl, _x( 'Delete', 'Delete an item from the email log', 'post-smtp' ) ),
@@ -373,7 +373,7 @@ class PostmanEmailLogView extends WP_List_Table {
 				/* Translators: where %s indicates the relative time from now */
 				$date = sprintf( _x( '%s ago', 'A relative time as in "five days ago"', 'post-smtp' ), $humanTime );
 			}
-			$meta_values = PostmanEmailLogs::get_data( $post->ID );
+			$meta_values = PostmanLogFields::get_instance()->get( $post->ID );
 			$sent_to = array_map( 'sanitize_email', explode( ',' , $meta_values ['to_header'] [0] ) );
 			$flattenedPost = array(
 					// the post title must be escaped as they are displayed in the HTML output
diff --git a/Postman/Postman-Mail/Zend-1.12.10/Mail.php b/Postman/Postman-Mail/Zend-1.12.10/Mail.php
index 67ba4b9..702add0 100644
--- a/Postman/Postman-Mail/Zend-1.12.10/Mail.php
+++ b/Postman/Postman-Mail/Zend-1.12.10/Mail.php
@@ -706,10 +706,21 @@ class Postman_Zend_Mail extends Postman_Zend_Mime_Message
             throw new Postman_Zend_Mail_Exception('Reply-To Header set twice');
         }
 
-        $email = $this->_filterEmail($email);
         $name  = $this->_filterName($name);
         $this->_replyTo = $email;
-        $this->_storeHeader('Reply-To', $this->_formatAddress($email, $name), true);
+
+        if ( strpos( $email, ',' ) !== false ) {
+            $emails = explode(',', $email );
+            foreach ( $emails as $email ) {
+                $email = $this->_filterEmail($email);
+                $replyToList[] = $this->_formatAddress($email, $name);
+            }
+        } else {
+            $email = $this->_filterEmail($email);
+            $replyToList[] = $this->_formatAddress($email, $name);
+        }
+
+        $this->_storeHeader('Reply-To', implode(',', $replyToList ), true);
 
         return $this;
     }
diff --git a/Postman/PostmanUtils.php b/Postman/PostmanUtils.php
index 335d0f3..6f628ec 100644
--- a/Postman/PostmanUtils.php
+++ b/Postman/PostmanUtils.php
@@ -345,6 +345,15 @@ class PostmanUtils {
 		if ( ! isset( PostmanUtils::$emailValidator ) ) {
 			PostmanUtils::$emailValidator = new Postman_Zend_Validate_EmailAddress();
 		}
+		if ( strpos( $email, ',' ) !== false ) {
+		    $emails = explode(',', $email);
+		    $result = [];
+		    foreach ( $emails as $email ) {
+		        $result[] = PostmanUtils::$emailValidator->isValid( $email );
+            }
+
+		    return ! in_array(false, $result );
+        }
 		return PostmanUtils::$emailValidator->isValid( $email );
 	}
author	yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>	2019-08-24 22:08:56 +0000
committer	yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>	2019-08-24 22:08:56 +0000
commit	59be4e796441e494f25b18ece7438dbf02442e47 (patch)
tree	dd893b6005411fa7621d3dd6a8ab0d5d664e75e4
parent	0c1f84b79c768e695fff224730b823517d3c5cc9 (diff)
download	Post-SMTP-59be4e796441e494f25b18ece7438dbf02442e47.zip