Subversion-Projekte lars-tiefland.ci

Revision

Revision 1257 | Revision 2107 | Zur aktuellen Revision | Ganze Datei anzeigen | Leerzeichen ignorieren | Details | Blame | Letzte Ă„nderung | Log anzeigen | RSS feed

Revision 1257 Revision 2049
Zeile 4... Zeile 4...
4 
 *
 4 
 *
5 
 * An open source application development framework for PHP
 5 
 * An open source application development framework for PHP
6 
 *
 6 
 *
7 
 * This content is released under the MIT License (MIT)
 7 
 * This content is released under the MIT License (MIT)
8 
 *
 8 
 *
9 
 * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
 9 
 * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
10 
 *
 10 
 *
11 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 11 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 
 * of this software and associated documentation files (the "Software"), to deal
 12 
 * of this software and associated documentation files (the "Software"), to deal
13 
 * in the Software without restriction, including without limitation the rights
 13 
 * in the Software without restriction, including without limitation the rights
14 
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 14 
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
Zeile 27... Zeile 27...
27 
 * THE SOFTWARE.
 27 
 * THE SOFTWARE.
28 
 *
 28 
 *
29 
 * @package	CodeIgniter
 29 
 * @package	CodeIgniter
30 
 * @author	EllisLab Dev Team
 30 
 * @author	EllisLab Dev Team
31 
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
 31 
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
32 
 * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
 32 
 * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
33 
 * @license	http://opensource.org/licenses/MIT	MIT License
 33 
 * @license	http://opensource.org/licenses/MIT	MIT License
34 
 * @link	https://codeigniter.com
 34 
 * @link	https://codeigniter.com
35 
 * @since	Version 1.0.0
 35 
 * @since	Version 1.0.0
36 
 * @filesource
 36 
 * @filesource
37 
 */
 37 
 */
Zeile 456... Zeile 456...
456 
		$this->_cc_array	= array();
 456 
		$this->_cc_array	= array();
457 
		$this->_bcc_array	= array();
 457 
		$this->_bcc_array	= array();
458 
		$this->_headers		= array();
 458 
		$this->_headers		= array();
459 
		$this->_debug_msg	= array();
 459 
		$this->_debug_msg	= array();
Zeile 460... Zeile -...
460 
 
 - 
 
461 
		$this->set_header('User-Agent', $this->useragent);
 460 
 
Zeile 462... Zeile 461...
462 
		$this->set_header('Date', $this->_set_date());
 461 
		$this->set_header('Date', $this->_set_date());
463 
 
 462 
 
464 
		if ($clear_attachments !== FALSE)
 463 
		if ($clear_attachments !== FALSE)
Zeile 1213... Zeile 1212...
1213 
	 *
 1212 
	 *
1214 
	 * @return	void
 1213 
	 * @return	void
1215 
	 */
 1214 
	 */
1216 
	protected function _build_headers()
 1215 
	protected function _build_headers()
1217 
	{
 1216 
	{
- 
 
 1217 
		$this->set_header('User-Agent', $this->useragent);
1218 
		$this->set_header('X-Sender', $this->clean_email($this->_headers['From']));
 1218 
		$this->set_header('X-Sender', $this->clean_email($this->_headers['From']));
1219 
		$this->set_header('X-Mailer', $this->useragent);
 1219 
		$this->set_header('X-Mailer', $this->useragent);
1220 
		$this->set_header('X-Priority', $this->_priorities[$this->priority]);
 1220 
		$this->set_header('X-Priority', $this->_priorities[$this->priority]);
1221 
		$this->set_header('Message-ID', $this->_get_message_id());
 1221 
		$this->set_header('Message-ID', $this->_get_message_id());
1222 
		$this->set_header('Mime-Version', '1.0');
 1222 
		$this->set_header('Mime-Version', '1.0');
Zeile 1841... Zeile 1841...
1841 
	}
 1841 
	}
Zeile 1842... Zeile 1842...
1842 
 
 1842 
 
Zeile 1843... Zeile 1843...
1843 
	// --------------------------------------------------------------------
 1843 
	// --------------------------------------------------------------------
- 
 
 1844 
 
- 
 
 1845 
	/**
- 
 
 1846 
	 * Validate email for shell
- 
 
 1847 
	 *
- 
 
 1848 
	 * Applies stricter, shell-safe validation to email addresses.
- 
 
 1849 
	 * Introduced to prevent RCE via sendmail's -f option.
- 
 
 1850 
	 *
- 
 
 1851 
	 * @see	https://github.com/bcit-ci/CodeIgniter/issues/4963
- 
 
 1852 
	 * @see	https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36
- 
 
 1853 
	 * @license	https://creativecommons.org/publicdomain/zero/1.0/	CC0 1.0, Public Domain
- 
 
 1854 
	 *
- 
 
 1855 
	 * Credits for the base concept go to Paul Buonopane <paul@namepros.com>
- 
 
 1856 
	 *
- 
 
 1857 
	 * @param	string	$email
- 
 
 1858 
	 * @return	bool
- 
 
 1859 
	 */
- 
 
 1860 
	protected function _validate_email_for_shell(&$email)
- 
 
 1861 
	{
- 
 
 1862 
		if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@'))
- 
 
 1863 
		{
- 
 
 1864 
			$email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos));
- 
 
 1865 
		}
- 
 
 1866 
 
- 
 
 1867 
		return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email));
- 
 
 1868 
	}
- 
 
 1869 
 
- 
 
 1870 
	// --------------------------------------------------------------------
1844 
 
 1871 
 
1845 
	/**
 1872 
	/**
1846 
	 * Send using mail()
 1873 
	 * Send using mail()
1847 
	 *
 1874 
	 *
1848 
	 * @return	bool
 1875 
	 * @return	bool
Zeile 1852... Zeile 1879...
1852 
		if (is_array($this->_recipients))
 1879 
		if (is_array($this->_recipients))
1853 
		{
 1880 
		{
1854 
			$this->_recipients = implode(', ', $this->_recipients);
 1881 
			$this->_recipients = implode(', ', $this->_recipients);
1855 
		}
 1882 
		}
Zeile -... Zeile 1883...
- 
 
 1883 
 
- 
 
 1884 
		// _validate_email_for_shell() below accepts by reference,
- 
 
 1885 
		// so this needs to be assigned to a variable
- 
 
 1886 
		$from = $this->clean_email($this->_headers['Return-Path']);
1856 
 
 1887 
 
1857 
		if ($this->_safe_mode === TRUE)
 1888 
		if ($this->_safe_mode === TRUE || ! $this->_validate_email_for_shell($from))
1858 
		{
 1889 
		{
1859 
			return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str);
 1890 
			return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str);
1860 
		}
 1891 
		}
1861 
		else
 1892 
		else
1862 
		{
 1893 
		{
1863 
			// most documentation of sendmail using the "-f" flag lacks a space after it, however
 1894 
			// most documentation of sendmail using the "-f" flag lacks a space after it, however
1864 
			// we've encountered servers that seem to require it to be in place.
 1895 
			// we've encountered servers that seem to require it to be in place.
1865 
			return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str, '-f '.$this->clean_email($this->_headers['Return-Path']));
 1896 
			return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str, '-f '.$from);
1866 
		}
 1897 
		}
Zeile 1867... Zeile 1898...
1867 
	}
 1898 
	}
Zeile 1873... Zeile 1904...
1873 
	 *
 1904 
	 *
1874 
	 * @return	bool
 1905 
	 * @return	bool
1875 
	 */
 1906 
	 */
1876 
	protected function _send_with_sendmail()
 1907 
	protected function _send_with_sendmail()
1877 
	{
 1908 
	{
- 
 
 1909 
		// _validate_email_for_shell() below accepts by reference,
- 
 
 1910 
		// so this needs to be assigned to a variable
- 
 
 1911 
		$from = $this->clean_email($this->_headers['From']);
- 
 
 1912 
		if ($this->_validate_email_for_shell($from))
- 
 
 1913 
		{
- 
 
 1914 
			$from = '-f '.$from;
- 
 
 1915 
		}
- 
 
 1916 
		else
- 
 
 1917 
		{
- 
 
 1918 
			$from = '';
- 
 
 1919 
		}
- 
 
 1920 
 
1878 
		// is popen() enabled?
 1921 
		// is popen() enabled?
1879 
		if ( ! function_usable('popen')
 - 
 
1880 
			OR FALSE === ($fp = @popen(
 - 
 
1881 
						$this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']).' -t'
 1922 
		if ( ! function_usable('popen')	OR FALSE === ($fp = @popen($this->mailpath.' -oi '.$from.' -t', 'w')))
1882 
						, 'w'))
 - 
 
1883 
		) // server probably has popen disabled, so nothing we can do to get a verbose error.
 - 
 
1884 
		{
 1923 
		{
- 
 
 1924 
			// server probably has popen disabled, so nothing we can do to get a verbose error.
1885 
			return FALSE;
 1925 
			return FALSE;
1886 
		}
 1926 
		}
Zeile 1887... Zeile 1927...
1887 
 
 1927 
 
1888 
		fputs($fp, $this->_header_str);
 1928 
		fputs($fp, $this->_header_str);