summaryrefslogtreecommitdiff
path: root/Postman
diff options
context:
space:
mode:
authoryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-24 22:08:56 +0000
committeryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-24 22:08:56 +0000
commit59be4e796441e494f25b18ece7438dbf02442e47 (patch)
treedd893b6005411fa7621d3dd6a8ab0d5d664e75e4 /Postman
parent0c1f84b79c768e695fff224730b823517d3c5cc9 (diff)
downloadPost-SMTP-59be4e796441e494f25b18ece7438dbf02442e47.zip
security + multiple replyTo addreses
Diffstat (limited to 'Postman')
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogController.php8
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogService.php26
-rw-r--r--Postman/Postman-Email-Log/PostmanEmailLogView.php6
-rw-r--r--Postman/Postman-Mail/Zend-1.12.10/Mail.php15
-rw-r--r--Postman/PostmanUtils.php9
5 files changed, 43 insertions, 21 deletions
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php
index d22b265..2df2377 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogController.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php
@@ -3,7 +3,7 @@ if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly
}
-require_once dirname(__DIR__) . '/PostmanEmailLogs.php';
+require_once dirname(__DIR__) . '/PostmanLogFields.php';
require_once 'PostmanEmailLogService.php';
require_once 'PostmanEmailLogView.php';
@@ -82,7 +82,7 @@ class PostmanEmailLogController {
// get the email address of the recipient from the HTTP Request
$postid = $this->getRequestParameter( 'email' );
if ( ! empty( $postid ) ) {
- $meta_values = PostmanEmailLogs::get_data( $postid );
+ $meta_values = PostmanLogFields::get_instance()->get( $postid );
if ( isset( $_POST['mail_to'] ) && ! empty( $_POST['mail_to'] ) ) {
$emails = explode( ',', $_POST['mail_to'] );
@@ -211,7 +211,7 @@ class PostmanEmailLogController {
return;
}
- $meta_values = PostmanEmailLogs::get_data( $postid );
+ $meta_values = PostmanLogFields::get_instance()->get( $postid );
// https://css-tricks.com/examples/hrs/
print '<html><head><style>body {font-family: monospace;} hr {
border: 0;
@@ -269,7 +269,7 @@ class PostmanEmailLogController {
$this->logger->trace( 'handling view transcript item' );
$postid = $_REQUEST ['email'];
$post = get_post( $postid );
- $meta_values = PostmanEmailLogs::get_data( $postid );
+ $meta_values = PostmanLogFields::get_instance()->get( $postid );
// https://css-tricks.com/examples/hrs/
print '<html><head><style>body {font-family: monospace;} hr {
border: 0;
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogService.php b/Postman/Postman-Email-Log/PostmanEmailLogService.php
index 75c3879..eeb25c6 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogService.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogService.php
@@ -3,6 +3,8 @@ if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly
}
+require_once dirname(__DIR__ ) . '/PostmanLogFields.php';
+
if ( ! class_exists( 'PostmanEmailLog' ) ) {
class PostmanEmailLog {
public $sender;
@@ -153,32 +155,32 @@ if ( ! class_exists( 'PostmanEmailLogService' ) ) {
$this->logger->trace( $log );
// Write the meta data related to the email
- update_post_meta( $post_id, 'success', $log->success );
- update_post_meta( $post_id, 'from_header', $log->sender );
+ PostmanLogFields::get_instance()->update( $post_id, 'success', $log->success );
+ PostmanLogFields::get_instance()->update( $post_id, 'from_header', $log->sender );
if ( ! empty( $log->toRecipients ) ) {
- update_post_meta( $post_id, 'to_header', $log->toRecipients );
+ PostmanLogFields::get_instance()->update( $post_id, 'to_header', $log->toRecipients );
}
if ( ! empty( $log->ccRecipients ) ) {
- update_post_meta( $post_id, 'cc_header', $log->ccRecipients );
+ PostmanLogFields::get_instance()->update( $post_id, 'cc_header', $log->ccRecipients );
}
if ( ! empty( $log->bccRecipients ) ) {
- update_post_meta( $post_id, 'bcc_header', $log->bccRecipients );
+ PostmanLogFields::get_instance()->update( $post_id, 'bcc_header', $log->bccRecipients );
}
if ( ! empty( $log->replyTo ) ) {
- update_post_meta( $post_id, 'reply_to_header', $log->replyTo );
+ PostmanLogFields::get_instance()->update( $post_id, 'reply_to_header', $log->replyTo );
}
- update_post_meta( $post_id, 'transport_uri', $log->transportUri );
+ PostmanLogFields::get_instance()->update( $post_id, 'transport_uri', $log->transportUri );
if ( ! $log->success || true ) {
// alwas add the meta data so we can re-send it
- update_post_meta( $post_id, 'original_to', $log->originalTo );
- update_post_meta( $post_id, 'original_subject', $log->originalSubject );
- update_post_meta( $post_id, 'original_message', $log->originalMessage );
- update_post_meta( $post_id, 'original_headers', $log->originalHeaders );
+ PostmanLogFields::get_instance()->update( $post_id, 'original_to', $log->originalTo );
+ PostmanLogFields::get_instance()->update( $post_id, 'original_subject', $log->originalSubject );
+ PostmanLogFields::get_instance()->update( $post_id, 'original_message', $log->originalMessage );
+ PostmanLogFields::get_instance()->update( $post_id, 'original_headers', $log->originalHeaders );
}
// we do not sanitize the session transcript - let the reader decide how to handle the data
- update_post_meta( $post_id, 'session_transcript', $log->sessionTranscript );
+ PostmanLogFields::get_instance()->update( $post_id, 'session_transcript', $log->sessionTranscript );
// truncate the log (remove older entries)
$purger = new PostmanEmailLogPurger();
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php
index 02da123..2f78ec0 100644
--- a/Postman/Postman-Email-Log/PostmanEmailLogView.php
+++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php
@@ -2,7 +2,7 @@
if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly
}
-require_once dirname(__DIR__) . '/PostmanEmailLogs.php';
+require_once dirname(__DIR__) . '/PostmanLogFields.php';
/**
* See http://wpengineer.com/2426/wp_list_table-a-step-by-step-guide/
@@ -96,7 +96,7 @@ class PostmanEmailLogView extends WP_List_Table {
$transcriptUrl = admin_url( sprintf( $iframeUri, 'transcript', $item ['ID'] ) );
$resendUrl = admin_url( sprintf( $iframeUri, 'resend', $item ['ID'] ) );
- $meta_values = PostmanEmailLogs::get_data( $item ['ID'] );
+ $meta_values = PostmanLogFields::get_instance()->get( $item ['ID'] );
$actions = array(
'delete' => sprintf( '<a href="%s">%s</a>', $deleteUrl, _x( 'Delete', 'Delete an item from the email log', 'post-smtp' ) ),
@@ -373,7 +373,7 @@ class PostmanEmailLogView extends WP_List_Table {
/* Translators: where %s indicates the relative time from now */
$date = sprintf( _x( '%s ago', 'A relative time as in "five days ago"', 'post-smtp' ), $humanTime );
}
- $meta_values = PostmanEmailLogs::get_data( $post->ID );
+ $meta_values = PostmanLogFields::get_instance()->get( $post->ID );
$sent_to = array_map( 'sanitize_email', explode( ',' , $meta_values ['to_header'] [0] ) );
$flattenedPost = array(
// the post title must be escaped as they are displayed in the HTML output
diff --git a/Postman/Postman-Mail/Zend-1.12.10/Mail.php b/Postman/Postman-Mail/Zend-1.12.10/Mail.php
index 67ba4b9..702add0 100644
--- a/Postman/Postman-Mail/Zend-1.12.10/Mail.php
+++ b/Postman/Postman-Mail/Zend-1.12.10/Mail.php
@@ -706,10 +706,21 @@ class Postman_Zend_Mail extends Postman_Zend_Mime_Message
throw new Postman_Zend_Mail_Exception('Reply-To Header set twice');
}
- $email = $this->_filterEmail($email);
$name = $this->_filterName($name);
$this->_replyTo = $email;
- $this->_storeHeader('Reply-To', $this->_formatAddress($email, $name), true);
+
+ if ( strpos( $email, ',' ) !== false ) {
+ $emails = explode(',', $email );
+ foreach ( $emails as $email ) {
+ $email = $this->_filterEmail($email);
+ $replyToList[] = $this->_formatAddress($email, $name);
+ }
+ } else {
+ $email = $this->_filterEmail($email);
+ $replyToList[] = $this->_formatAddress($email, $name);
+ }
+
+ $this->_storeHeader('Reply-To', implode(',', $replyToList ), true);
return $this;
}
diff --git a/Postman/PostmanUtils.php b/Postman/PostmanUtils.php
index 335d0f3..6f628ec 100644
--- a/Postman/PostmanUtils.php
+++ b/Postman/PostmanUtils.php
@@ -345,6 +345,15 @@ class PostmanUtils {
if ( ! isset( PostmanUtils::$emailValidator ) ) {
PostmanUtils::$emailValidator = new Postman_Zend_Validate_EmailAddress();
}
+ if ( strpos( $email, ',' ) !== false ) {
+ $emails = explode(',', $email);
+ $result = [];
+ foreach ( $emails as $email ) {
+ $result[] = PostmanUtils::$emailValidator->isValid( $email );
+ }
+
+ return ! in_array(false, $result );
+ }
return PostmanUtils::$emailValidator->isValid( $email );
}