diff options
author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-24 22:08:56 +0000 |
---|---|---|
committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-24 22:08:56 +0000 |
commit | 59be4e796441e494f25b18ece7438dbf02442e47 (patch) | |
tree | dd893b6005411fa7621d3dd6a8ab0d5d664e75e4 /Postman | |
parent | 0c1f84b79c768e695fff224730b823517d3c5cc9 (diff) | |
download | Post-SMTP-59be4e796441e494f25b18ece7438dbf02442e47.zip |
security + multiple replyTo addreses
Diffstat (limited to 'Postman')
-rw-r--r-- | Postman/Postman-Email-Log/PostmanEmailLogController.php | 8 | ||||
-rw-r--r-- | Postman/Postman-Email-Log/PostmanEmailLogService.php | 26 | ||||
-rw-r--r-- | Postman/Postman-Email-Log/PostmanEmailLogView.php | 6 | ||||
-rw-r--r-- | Postman/Postman-Mail/Zend-1.12.10/Mail.php | 15 | ||||
-rw-r--r-- | Postman/PostmanUtils.php | 9 |
5 files changed, 43 insertions, 21 deletions
diff --git a/Postman/Postman-Email-Log/PostmanEmailLogController.php b/Postman/Postman-Email-Log/PostmanEmailLogController.php index d22b265..2df2377 100644 --- a/Postman/Postman-Email-Log/PostmanEmailLogController.php +++ b/Postman/Postman-Email-Log/PostmanEmailLogController.php @@ -3,7 +3,7 @@ if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly } -require_once dirname(__DIR__) . '/PostmanEmailLogs.php'; +require_once dirname(__DIR__) . '/PostmanLogFields.php'; require_once 'PostmanEmailLogService.php'; require_once 'PostmanEmailLogView.php'; @@ -82,7 +82,7 @@ class PostmanEmailLogController { // get the email address of the recipient from the HTTP Request $postid = $this->getRequestParameter( 'email' ); if ( ! empty( $postid ) ) { - $meta_values = PostmanEmailLogs::get_data( $postid ); + $meta_values = PostmanLogFields::get_instance()->get( $postid ); if ( isset( $_POST['mail_to'] ) && ! empty( $_POST['mail_to'] ) ) { $emails = explode( ',', $_POST['mail_to'] ); @@ -211,7 +211,7 @@ class PostmanEmailLogController { return; } - $meta_values = PostmanEmailLogs::get_data( $postid ); + $meta_values = PostmanLogFields::get_instance()->get( $postid ); // https://css-tricks.com/examples/hrs/ print '<html><head><style>body {font-family: monospace;} hr { border: 0; @@ -269,7 +269,7 @@ class PostmanEmailLogController { $this->logger->trace( 'handling view transcript item' ); $postid = $_REQUEST ['email']; $post = get_post( $postid ); - $meta_values = PostmanEmailLogs::get_data( $postid ); + $meta_values = PostmanLogFields::get_instance()->get( $postid ); // https://css-tricks.com/examples/hrs/ print '<html><head><style>body {font-family: monospace;} hr { border: 0; diff --git a/Postman/Postman-Email-Log/PostmanEmailLogService.php b/Postman/Postman-Email-Log/PostmanEmailLogService.php index 75c3879..eeb25c6 100644 --- a/Postman/Postman-Email-Log/PostmanEmailLogService.php +++ b/Postman/Postman-Email-Log/PostmanEmailLogService.php @@ -3,6 +3,8 @@ if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly } +require_once dirname(__DIR__ ) . '/PostmanLogFields.php'; + if ( ! class_exists( 'PostmanEmailLog' ) ) { class PostmanEmailLog { public $sender; @@ -153,32 +155,32 @@ if ( ! class_exists( 'PostmanEmailLogService' ) ) { $this->logger->trace( $log ); // Write the meta data related to the email - update_post_meta( $post_id, 'success', $log->success ); - update_post_meta( $post_id, 'from_header', $log->sender ); + PostmanLogFields::get_instance()->update( $post_id, 'success', $log->success ); + PostmanLogFields::get_instance()->update( $post_id, 'from_header', $log->sender ); if ( ! empty( $log->toRecipients ) ) { - update_post_meta( $post_id, 'to_header', $log->toRecipients ); + PostmanLogFields::get_instance()->update( $post_id, 'to_header', $log->toRecipients ); } if ( ! empty( $log->ccRecipients ) ) { - update_post_meta( $post_id, 'cc_header', $log->ccRecipients ); + PostmanLogFields::get_instance()->update( $post_id, 'cc_header', $log->ccRecipients ); } if ( ! empty( $log->bccRecipients ) ) { - update_post_meta( $post_id, 'bcc_header', $log->bccRecipients ); + PostmanLogFields::get_instance()->update( $post_id, 'bcc_header', $log->bccRecipients ); } if ( ! empty( $log->replyTo ) ) { - update_post_meta( $post_id, 'reply_to_header', $log->replyTo ); + PostmanLogFields::get_instance()->update( $post_id, 'reply_to_header', $log->replyTo ); } - update_post_meta( $post_id, 'transport_uri', $log->transportUri ); + PostmanLogFields::get_instance()->update( $post_id, 'transport_uri', $log->transportUri ); if ( ! $log->success || true ) { // alwas add the meta data so we can re-send it - update_post_meta( $post_id, 'original_to', $log->originalTo ); - update_post_meta( $post_id, 'original_subject', $log->originalSubject ); - update_post_meta( $post_id, 'original_message', $log->originalMessage ); - update_post_meta( $post_id, 'original_headers', $log->originalHeaders ); + PostmanLogFields::get_instance()->update( $post_id, 'original_to', $log->originalTo ); + PostmanLogFields::get_instance()->update( $post_id, 'original_subject', $log->originalSubject ); + PostmanLogFields::get_instance()->update( $post_id, 'original_message', $log->originalMessage ); + PostmanLogFields::get_instance()->update( $post_id, 'original_headers', $log->originalHeaders ); } // we do not sanitize the session transcript - let the reader decide how to handle the data - update_post_meta( $post_id, 'session_transcript', $log->sessionTranscript ); + PostmanLogFields::get_instance()->update( $post_id, 'session_transcript', $log->sessionTranscript ); // truncate the log (remove older entries) $purger = new PostmanEmailLogPurger(); diff --git a/Postman/Postman-Email-Log/PostmanEmailLogView.php b/Postman/Postman-Email-Log/PostmanEmailLogView.php index 02da123..2f78ec0 100644 --- a/Postman/Postman-Email-Log/PostmanEmailLogView.php +++ b/Postman/Postman-Email-Log/PostmanEmailLogView.php @@ -2,7 +2,7 @@ if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly } -require_once dirname(__DIR__) . '/PostmanEmailLogs.php'; +require_once dirname(__DIR__) . '/PostmanLogFields.php'; /** * See http://wpengineer.com/2426/wp_list_table-a-step-by-step-guide/ @@ -96,7 +96,7 @@ class PostmanEmailLogView extends WP_List_Table { $transcriptUrl = admin_url( sprintf( $iframeUri, 'transcript', $item ['ID'] ) ); $resendUrl = admin_url( sprintf( $iframeUri, 'resend', $item ['ID'] ) ); - $meta_values = PostmanEmailLogs::get_data( $item ['ID'] ); + $meta_values = PostmanLogFields::get_instance()->get( $item ['ID'] ); $actions = array( 'delete' => sprintf( '<a href="%s">%s</a>', $deleteUrl, _x( 'Delete', 'Delete an item from the email log', 'post-smtp' ) ), @@ -373,7 +373,7 @@ class PostmanEmailLogView extends WP_List_Table { /* Translators: where %s indicates the relative time from now */ $date = sprintf( _x( '%s ago', 'A relative time as in "five days ago"', 'post-smtp' ), $humanTime ); } - $meta_values = PostmanEmailLogs::get_data( $post->ID ); + $meta_values = PostmanLogFields::get_instance()->get( $post->ID ); $sent_to = array_map( 'sanitize_email', explode( ',' , $meta_values ['to_header'] [0] ) ); $flattenedPost = array( // the post title must be escaped as they are displayed in the HTML output diff --git a/Postman/Postman-Mail/Zend-1.12.10/Mail.php b/Postman/Postman-Mail/Zend-1.12.10/Mail.php index 67ba4b9..702add0 100644 --- a/Postman/Postman-Mail/Zend-1.12.10/Mail.php +++ b/Postman/Postman-Mail/Zend-1.12.10/Mail.php @@ -706,10 +706,21 @@ class Postman_Zend_Mail extends Postman_Zend_Mime_Message throw new Postman_Zend_Mail_Exception('Reply-To Header set twice'); } - $email = $this->_filterEmail($email); $name = $this->_filterName($name); $this->_replyTo = $email; - $this->_storeHeader('Reply-To', $this->_formatAddress($email, $name), true); + + if ( strpos( $email, ',' ) !== false ) { + $emails = explode(',', $email ); + foreach ( $emails as $email ) { + $email = $this->_filterEmail($email); + $replyToList[] = $this->_formatAddress($email, $name); + } + } else { + $email = $this->_filterEmail($email); + $replyToList[] = $this->_formatAddress($email, $name); + } + + $this->_storeHeader('Reply-To', implode(',', $replyToList ), true); return $this; } diff --git a/Postman/PostmanUtils.php b/Postman/PostmanUtils.php index 335d0f3..6f628ec 100644 --- a/Postman/PostmanUtils.php +++ b/Postman/PostmanUtils.php @@ -345,6 +345,15 @@ class PostmanUtils { if ( ! isset( PostmanUtils::$emailValidator ) ) { PostmanUtils::$emailValidator = new Postman_Zend_Validate_EmailAddress(); } + if ( strpos( $email, ',' ) !== false ) { + $emails = explode(',', $email); + $result = []; + foreach ( $emails as $email ) { + $result[] = PostmanUtils::$emailValidator->isValid( $email ); + } + + return ! in_array(false, $result ); + } return PostmanUtils::$emailValidator->isValid( $email ); } |