set email return-path
This commit is contained in:
parent
1e4ff3ce11
commit
981b0320f9
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
2009 - 2019 Roland Gruber
|
2009 - 2020 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -1279,7 +1279,8 @@ function sendPasswordMail($pwd, $user, $recipient = null) {
|
||||||
$found = preg_match('/\@\@[^\@]+\@\@/', $body, $results);
|
$found = preg_match('/\@\@[^\@]+\@\@/', $body, $results);
|
||||||
}
|
}
|
||||||
$headerLines = createEMailHeaders($mailFrom, ($mailIsHTML == 'true'), $mailReplyTo);
|
$headerLines = createEMailHeaders($mailFrom, ($mailIsHTML == 'true'), $mailReplyTo);
|
||||||
$success = sendEMail($mailTo, $subject, $body, $headerLines);
|
$returnPath = empty($mailReplyTo) ? $mailFrom : $mailReplyTo;
|
||||||
|
$success = sendEMail($mailTo, $subject, $body, $headerLines, $returnPath);
|
||||||
if ($success) {
|
if ($success) {
|
||||||
logNewMessage(LOG_DEBUG, 'Sent password mail to ' . $mailTo);
|
logNewMessage(LOG_DEBUG, 'Sent password mail to ' . $mailTo);
|
||||||
return array(
|
return array(
|
||||||
|
@ -1360,14 +1361,42 @@ function base64EncodeForEMail($value) {
|
||||||
* @param String $subject email subject
|
* @param String $subject email subject
|
||||||
* @param String $text mail body (with \r\n EOL)
|
* @param String $text mail body (with \r\n EOL)
|
||||||
* @param String $headers header lines (with \r\n EOL)
|
* @param String $headers header lines (with \r\n EOL)
|
||||||
|
* @param string $returnPath email to be used for return path
|
||||||
*/
|
*/
|
||||||
function sendEMail($to, $subject, $text, $headers) {
|
function sendEMail($to, $subject, $text, $headers, $returnPath) {
|
||||||
if (!empty($_SESSION['cfgMain']->mailEOL) && ($_SESSION['cfgMain']->mailEOL === 'unix')) {
|
if (!empty($_SESSION['cfgMain']->mailEOL) && ($_SESSION['cfgMain']->mailEOL === 'unix')) {
|
||||||
$text = str_replace("\r\n", "\n", $text);
|
$text = str_replace("\r\n", "\n", $text);
|
||||||
$headers = str_replace("\r\n", "\n", $headers);
|
$headers = str_replace("\r\n", "\n", $headers);
|
||||||
}
|
}
|
||||||
logNewMessage(LOG_DEBUG, "Send mail to $to\n" . $text);
|
logNewMessage(LOG_DEBUG, "Send mail to $to\n" . $text);
|
||||||
return mail($to, base64EncodeForEMail($subject), $text, $headers);
|
$additionalParams = null;
|
||||||
|
if (isCommandlineSafeEmailAddress($returnPath)) {
|
||||||
|
$additionalParams = '-f' . $returnPath;
|
||||||
|
}
|
||||||
|
return mail($to, base64EncodeForEMail($subject), $text, $headers, $additionalParams);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if an email address is safe for use on commandline
|
||||||
|
*
|
||||||
|
* @param $address email address
|
||||||
|
* @return bool is safe
|
||||||
|
*/
|
||||||
|
function isCommandlineSafeEmailAddress($address) {
|
||||||
|
$cmdEscaped = escapeshellcmd($address);
|
||||||
|
$argEscaped = escapeshellarg($address);
|
||||||
|
if (($address !== $cmdEscaped) || ("'$address'" !== $argEscaped)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$addressLength = strlen($address);
|
||||||
|
$allowedSpecialChars = array('@', '_', '-', '.');
|
||||||
|
for ($i = 0; $i < $addressLength; $i++) {
|
||||||
|
$char = $address[$i];
|
||||||
|
if (!ctype_alnum($char) && !in_array($char, $allowedSpecialChars)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
use PHPUnit\Framework\TestCase;
|
use PHPUnit\Framework\TestCase;
|
||||||
/*
|
/*
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2018 - 2019 Roland Gruber
|
Copyright (C) 2018 - 2020 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -145,4 +145,14 @@ class AccountTest extends TestCase {
|
||||||
$this->assertEquals('test,user > test > de', getAbstractDN('cn=test\\2Cuser,o=test,c=de'));
|
$this->assertEquals('test,user > test > de', getAbstractDN('cn=test\\2Cuser,o=test,c=de'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests isCommandlineSafeEmailAddress().
|
||||||
|
*/
|
||||||
|
function testIsCommandlineSafeEmailAddress() {
|
||||||
|
$this->assertTrue(isCommandlineSafeEmailAddress(''));
|
||||||
|
$this->assertTrue(isCommandlineSafeEmailAddress('test@example.com'));
|
||||||
|
$this->assertTrue(isCommandlineSafeEmailAddress('test-123_abc@example.com'));
|
||||||
|
$this->assertFalse(isCommandlineSafeEmailAddress('test+abc@example.com'));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue