diff --git a/public_html/index.php b/public_html/index.php index 40259c2ff..5816c7ec9 100644 --- a/public_html/index.php +++ b/public_html/index.php @@ -32,6 +32,8 @@ // | | // +---------------------------------------------------------------------------+ +use Geeklog\Session; + require_once 'lib-common.php'; require_once $_CONF['path_system'] . 'lib-article.php'; @@ -179,6 +181,12 @@ function fixTopic(&$A, $tid_list) if (isset($_GET['msg'])) { $plugin = Geeklog\Input::fGet('plugin', ''); $display .= COM_showMessage((int) Geeklog\Input::fGet('msg'), $plugin); +} else { + $msg = Session::getFlashVar('msg'); + if (!empty($msg)) { + $display .= COM_showMessage($msg, ''); + } + unset($msg); } if (SEC_inGroup('Root') && ($page === 1)) { diff --git a/public_html/lib-common.php b/public_html/lib-common.php index 77c07a7f4..90551660e 100644 --- a/public_html/lib-common.php +++ b/public_html/lib-common.php @@ -38,6 +38,7 @@ use Geeklog\Input; use Geeklog\Mail; use Geeklog\Resource; +use Geeklog\Session; // Prevent PHP from reporting uninitialized variables error_reporting(E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR | E_RECOVERABLE_ERROR); @@ -3652,15 +3653,47 @@ function COM_mail($to, $subject, $message, $from = '', $html = false, $priority if (!empty($status) && ($status == USER_ACCOUNT_DISABLED || $status == USER_ACCOUNT_LOCKED || $status == USER_ACCOUNT_NEW_EMAIL)) { return false; } else { - return Mail::send($to, $subject, $message, $from, $html, $priority, $optional, $attachments); - /* NOT IMPLEMENTED YET FOR DEMO MODE NEED TO UPDATE SESSION HANDLING AND COM_showMessageText FIRST SEE https://github.com/Geeklog-Core/geeklog/issues/765 - if (isset($_CONF['demo_mode']) && $_CONF['demo_mode']) { - // Don't send any emails in demo mode + if (COM_isDemoMode()) { + // Don't send any emails in demo mode. Instead, redirect to the home page and show a message. + $charset = COM_getCharset(); + $subject = htmlspecialchars($subject, ENT_QUOTES, $charset); + $toAddress = array_keys($to)[0]; + $toAlias = array_values($to)[0]; + $to = htmlspecialchars( + $toAlias . ' <' . $toAddress . '>', + ENT_QUOTES, + $charset + ); + $fromAddress = array_keys($from)[0]; + $fromAlias = array_values($from)[0]; + $from = htmlspecialchars( + $fromAlias . ' <' . $fromAddress . '>', + ENT_QUOTES, + $charset + ); + $priority = htmlspecialchars($priority, ENT_QUOTES, $charset); + $message = htmlspecialchars($message, ENT_QUOTES, $charset); + $message = str_replace(["\r\n", "\n", "\r"], '
', $message); + $msg = <<Notice +

Please note sending emails is disabled in Demo mode. The last email which would have been sent was:

+---------- Header ----------
+Subject: {$subject}
+To: {$to}
+From: {$from}
+Priority: {$priority}
+
+---------- Body ------------
+{$message}
+----------------------------
+EOD; + Session::setFlashVar('msg', $msg); + COM_redirect($_CONF['site_url']); + return true; } else { - Mail::send($to, $subject, $message, $from, $html, $priority, $optional, $attachments); + return Mail::send($to, $subject, $message, $from, $html, $priority, $optional, $attachments); } - */ } } @@ -4955,15 +4988,6 @@ function COM_showMessageText($message, $title = '') $tcc->set_var('end_block_msg', COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'))); $retval = $tcc->finish($tcc->parse('output', 'system_message')); - - /* NOT IMPLEMENTED YET FOR DEMO MODE NEED TO UPDATE SESSION HANDLING AND com_mail FIRST SEE https://github.com/Geeklog-Core/geeklog/issues/765 - if (isset($_CONF['demo_mode']) && $_CONF['demo_mode']) { - if (!empty($_SESSION['LAST_EMAIL'])) { - $retval .= '

Please note sending emails is disabled in Demo mode. The last email which would have been sent was:

' . $_SESSION['LAST_EMAIL']; - $_SESSION['LAST_EMAIL'] = ''; - } - } - */ } return $retval; @@ -4974,8 +4998,8 @@ function COM_showMessageText($message, $title = '') * Display one of the predefined messages from the $MESSAGE array. If a plugin * name is provided, display that plugin's message instead. * - * @param int $msg ID of message to show - * @param string $plugin Optional name of plugin to lookup plugin defined message + * @param int|string $msg ID of message to show or a string message WHICH MUST BE SAFE AS HTML TEXT + * @param string $plugin Optional name of plugin to lookup plugin defined message * @return string HTML block with message * @see COM_showMessageFromParameter * @see COM_showMessageText @@ -4986,30 +5010,36 @@ function COM_showMessage($msg, $plugin = '') $retval = ''; - $msg = (int) $msg; - if ($msg > 0) { - if (!empty($plugin)) { - $var = 'PLG_' . $plugin . '_MESSAGE' . $msg; - global $$var; - if (isset($$var)) { - $message = $$var; + if (is_int($msg)) { + $msg = (int) $msg; + + if ($msg > 0) { + if (!empty($plugin)) { + $var = 'PLG_' . $plugin . '_MESSAGE' . $msg; + global $$var; + if (isset($$var)) { + $message = $$var; + } else { + $message = sprintf($MESSAGE[61], $plugin); + COM_errorLog($message . ": " . $var, 1); + } } else { - $message = sprintf($MESSAGE[61], $plugin); - COM_errorLog($message . ": " . $var, 1); - } - } else { - $message = $MESSAGE[$msg]; + $message = $MESSAGE[$msg]; - // Ugly workaround for mailstory function (public_html/profiles.php) - if ($msg === 153) { - $speedLimit = (int) Input::fGet('speedlimit', 0); - $message = sprintf($message, $speedLimit, $_CONF['speedlimit']); + // Ugly workaround for mailstory function (public_html/profiles.php) + if ($msg === 153) { + $speedLimit = (int) Input::fGet('speedlimit', 0); + $message = sprintf($message, $speedLimit, $_CONF['speedlimit']); + } } - } - if (!empty($message)) { - $retval .= COM_showMessageText($message); + if (!empty($message)) { + $retval .= COM_showMessageText($message); + } } + } elseif (is_string($msg) && !empty($msg)) { + // $msg MUST BE SAFE AS HTML TEXT! + $retval .= COM_showMessageText($msg); } return $retval; diff --git a/system/classes/Mail.php b/system/classes/Mail.php index 2c628b8c3..366fd8ac5 100644 --- a/system/classes/Mail.php +++ b/system/classes/Mail.php @@ -2,6 +2,17 @@ namespace Geeklog; +use Exception; +use Swift_Attachment; +use Swift_Mailer; +use Swift_MailTransport; +use Swift_Message; +use Swift_Mime_ContentEncoder_Base64ContentEncoder; +use Swift_Plugins_DecoratorPlugin; +use Swift_RfcComplianceException; +use Swift_SendmailTransport; +use Swift_SmtpTransport; + /** * Class Mail * @@ -35,15 +46,15 @@ public static function stripControlCharacters($item) * NOTE: Please note that using CC: will expose the email addresses of * all recipients. Use with care. * - * @param string $to recipients name and email address - * @param string $subject subject of the email - * @param string $body the text of the email - * @param string $from (optional) sender of the the email - * @param bool $html (optional) true if to be sent as HTML email - * @param int $priority (optional) add X-Priority header, if > 0 - * @param mixed $optional (optional) other headers or CC: - * @param array $attachments (optional) attachment files - * @return bool true if successful, otherwise false + * @param string|array $to recipients name and email address + * @param string $subject subject of the email + * @param string $body the text of the email + * @param string|array $from (optional) sender of the the email + * @param bool $html (optional) true if to be sent as HTML email + * @param int $priority (optional) add X-Priority header, if > 0 + * @param mixed $optional (optional) other headers or CC: + * @param array $attachments (optional) attachment files + * @return bool true if successful, otherwise false */ public static function send($to, $subject, $body, $from = '', $html = false, $priority = 0, $optional = null, array $attachments = array()) { @@ -64,11 +75,11 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr switch ($_CONF['mail_settings']['backend']) { case 'sendmail': $arg = $_CONF['mail_settings']['sendmail_path'] . ' ' . $_CONF['mail_settings']['sendmail_args']; - $transport = \Swift_SendmailTransport::newInstance($arg); + $transport = Swift_SendmailTransport::newInstance($arg); break; case 'smtp': - $transport = \Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port']); + $transport = Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port']); if (!empty($_CONF['mail_settings']['auth'])) { $transport->setUsername($_CONF['mail_settings']['username']); @@ -78,7 +89,7 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr break; case 'smtps': - $transport = \Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port'], 'ssl'); + $transport = Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port'], 'ssl'); if (!empty($_CONF['mail_settings']['auth'])) { $transport->setUsername($_CONF['mail_settings']['username']); @@ -89,21 +100,21 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr case 'mail': default: - $transport = \Swift_MailTransport::newInstance(); + $transport = Swift_MailTransport::newInstance(); break; } - $mailer = \Swift_Mailer::newInstance($transport); + $mailer = Swift_Mailer::newInstance($transport); // Set up replacements - $decorator = new \Swift_Plugins_DecoratorPlugin(new MailReplacements()); + $decorator = new Swift_Plugins_DecoratorPlugin(new MailReplacements()); $mailer->registerPlugin($decorator); // Create a message - $message = \Swift_Message::newInstance(); + $message = Swift_Message::newInstance(); // Avoid double dots problem - $message->setEncoder(new \Swift_Mime_ContentEncoder_Base64ContentEncoder()); + $message->setEncoder(new Swift_Mime_ContentEncoder_Base64ContentEncoder()); if (!empty($_CONF['mail_charset'])) { $message->setCharset($_CONF['mail_charset']); @@ -124,7 +135,7 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr // Set to try { $message->setTo($to); - } catch (\Swift_RfcComplianceException $e) { + } catch (Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "to" ' . $to); return false; @@ -138,7 +149,7 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr // assume old (optional) CC: header try { $message->setCc($optional); - } catch (\Swift_RfcComplianceException $e) { + } catch (Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "Cc" ' . $optional); return false; @@ -181,7 +192,7 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr if (strcasecmp($h, 'Cc') === 0) { try { $message->setCc($v); - } catch (\Swift_RfcComplianceException $e) { + } catch (Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "Cc" ' . $v); return false; @@ -189,7 +200,7 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr } elseif (strcasecmp($h, 'Bcc') === 0) { try { $message->setBcc($v); - } catch (\Swift_RfcComplianceException $e) { + } catch (Swift_RfcComplianceException $e) { COM_errorLog(__METHOD__ . ': bad "Bcc" ' . $v); return false; @@ -203,7 +214,7 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr // Set attachments if (count($attachments) > 0) { foreach ($attachments as $attachment) { - $message->attach(\Swift_Attachment::fromPath($attachment)); + $message->attach(Swift_Attachment::fromPath($attachment)); } } @@ -216,7 +227,7 @@ public static function send($to, $subject, $body, $from = '', $html = false, $pr if ($numSent != 1) { COM_errorLog(__METHOD__ . ': failed to send an email to ' . @$failures[0]); } - } catch (\Exception $e) { + } catch (Exception $e) { COM_errorLog(__METHOD__ . 'Failed to send an email to ' . $to . '. Error message: ' . $e->getMessage()); }