phpBB

Code Changes

File: includes/functions_messenger.php

  Unmodified   Added   Modified   Removed
Line 320Line 320
		// We add some standard variables we always use, no need to specify them always
$this->assign_vars(array(
'U_BOARD' => generate_board_url(),

		// We add some standard variables we always use, no need to specify them always
$this->assign_vars(array(
'U_BOARD' => generate_board_url(),

			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])),
'SITENAME' => htmlspecialchars_decode($config['sitename']),

			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . html_entity_decode($config['board_email_sig'], ENT_COMPAT)),
'SITENAME' => html_entity_decode($config['sitename'], ENT_COMPAT),

		));

$subject = $this->subject;

		));

$subject = $this->subject;

Line 427Line 427
			$user->session_begin();
}


			$user->session_begin();
}


		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'));

		$calling_page = html_entity_decode($request->server('REQUEST_URI'), ENT_COMPAT);


switch ($type)
{


switch ($type)
{

Line 440Line 440
			break;
}


			break;
}


		$message .= '<br /><em>' . htmlspecialchars($calling_page) . '</em><br /><br />' . $msg . '<br />';

		$message .= '<br /><em>' . htmlspecialchars($calling_page, ENT_COMPAT) . '</em><br /><br />' . $msg . '<br />';

		$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_' . $type, false, array($message));
}


		$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_' . $type, false, array($message));
}


Line 557Line 557
			$use_queue = true;
}


			$use_queue = true;
}


		$contact_name = htmlspecialchars_decode($config['board_contact_name']);

		$contact_name = html_entity_decode($config['board_contact_name'], ENT_COMPAT);

		$board_contact = (($contact_name !== '') ? '"' . mail_encode($contact_name) . '" ' : '') . '<' . $config['board_contact'] . '>';

$break = false;

		$board_contact = (($contact_name !== '') ? '"' . mail_encode($contact_name) . '" ' : '') . '<' . $config['board_contact'] . '>';

$break = false;

Line 581Line 581
			'msg',
);
extract($phpbb_dispatcher->trigger_event('core.notification_message_email', compact($vars)));

			'msg',
);
extract($phpbb_dispatcher->trigger_event('core.notification_message_email', compact($vars)));

 

$this->addresses = $addresses;
$this->subject = $subject;
$this->msg = $msg;
unset($addresses, $subject, $msg);


if ($break)
{


if ($break)
{

Line 597Line 602
			$this->from = $board_contact;
}


			$this->from = $board_contact;
}


		$encode_eol = ($config['smtp_delivery']) ? "\r\n" : PHP_EOL;

		$encode_eol = $config['smtp_delivery'] || PHP_VERSION_ID >= 80000 ? "\r\n" : PHP_EOL;


// Build to, cc and bcc strings
$to = $cc = $bcc = '';


// Build to, cc and bcc strings
$to = $cc = $bcc = '';

Line 629Line 634
			}
else
{

			}
else
{

				$result = phpbb_mail($mail_to, $this->subject, $this->msg, $headers, PHP_EOL, $err_msg);

				$result = phpbb_mail($mail_to, $this->subject, $this->msg, $headers, $encode_eol, $err_msg);

			}

if (!$result)

			}

if (!$result)

Line 691Line 696
		if (!$use_queue)
{
include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);

		if (!$use_queue)
{
include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);

			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);

			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], html_entity_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);


if (!$this->jabber->connect())
{


if (!$this->jabber->connect())
{

Line 891Line 896
					}

include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);

					}

include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);

					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);

					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], html_entity_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);


if (!$this->jabber->connect())
{


if (!$this->jabber->connect())
{

Line 952Line 957
							}
else
{

							}
else
{

								$result = phpbb_mail($to, $subject, $msg, $headers, PHP_EOL, $err_msg);


								$encode_eol = $config['smtp_delivery'] || PHP_VERSION_ID >= 80000 ? "\r\n" : PHP_EOL;
$result = phpbb_mail($to, $subject, $msg, $headers, $encode_eol, $err_msg);

							}

if (!$result)

							}

if (!$result)

Line 1196Line 1202
		}

$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";

		}

$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";

		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents) : '';

		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents, ENT_COMPAT) : '';

		return false;
}


		return false;
}


Line 1208Line 1214
	}

// Let me in. This function handles the complete authentication process

	}

// Let me in. This function handles the complete authentication process

	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password']), $config['smtp_auth_method']))

	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], html_entity_decode($config['smtp_password'], ENT_COMPAT), $config['smtp_auth_method']))

	{
$smtp->close_session($err_msg);
return false;

	{
$smtp->close_session($err_msg);
return false;

Line 1259Line 1265
	{
$user->session_begin();
$err_msg .= '<br /><br />';

	{
$user->session_begin();
$err_msg .= '<br /><br />';

		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?';

		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address, ENT_COMPAT)) : '<strong>' . htmlspecialchars($mail_to_address, ENT_COMPAT) . '</strong> possibly an invalid email address?';

		$smtp->close_session($err_msg);
return false;
}

		$smtp->close_session($err_msg);
return false;
}

Line 1342Line 1348
	{
if ($this->backtrace)
{

	{
if ($this->backtrace)
{

			$this->backtrace_log[] = utf8_htmlspecialchars($message);

			$this->backtrace_log[] = utf8_htmlspecialchars($message, ENT_COMPAT);

		}
}


		}
}


Line 1840Line 1846
}

/**

}

/**

* Encodes the given string for proper display in UTF-8.

 * Encodes the given string for proper display in UTF-8 or US-ASCII.

*

*

* This version is using base64 encoded data. The downside of this
* is if the mail client does not understand this encoding the user
* is basically doomed with an unreadable subject.

 * This version is based on iconv_mime_encode() implementation
* from symfomy/polyfill-iconv
* https://github.com/symfony/polyfill-iconv/blob/fd324208ec59a39ebe776e6e9ec5540ad4f40aaa/Iconv.php#L355

*

*

* Please note that this version fully supports RFC 2045 section 6.8.


 * @param string $str
* @param string $eol Lines delimiter (optional to be backwards compatible)

*

*

* @param string $eol End of line we are using (optional to be backwards compatible)

 * @return string

*/
function mail_encode($str, $eol = "\r\n")
{

*/
function mail_encode($str, $eol = "\r\n")
{

	// define start delimimter, end delimiter and spacer
$start = "=?UTF-8?B?";
$end = "?=";
$delimiter = "$eol ";

	// Check if string contains ASCII only characters
$is_ascii = strlen($str) === utf8_strlen($str);







	// Maximum length is 75. $split_length *must* be a multiple of 4, but <= 75 - strlen($start . $delimiter . $end)!!!
$split_length = 60;
$encoded_str = base64_encode($str);

	$scheme = $is_ascii ? 'Q' : 'B';







	// If encoded string meets the limits, we just return with the correct data.
if (strlen($encoded_str) <= $split_length)




















	// Define start delimiter, end delimiter
// Use the Quoted-Printable encoding for ASCII strings to avoid unnecessary encoding in Base64
$start = '=?' . ($is_ascii ? 'US-ASCII' : 'UTF-8') . '?' . $scheme . '?';
$end = '?=';

// Maximum encoded-word length is 75 as per RFC 2047 section 2.
// $split_length *must* be a multiple of 4, but <= 75 - strlen($start . $eol . $end)!!!
$split_length = 75 - strlen($start . $eol . $end);
$split_length = $split_length - $split_length % 4;

$line_length = strlen($start) + strlen($end);
$line_offset = strlen($start) + 1;
$line_data = '';

$is_quoted_printable = 'Q' === $scheme;

preg_match_all('/./us', $str, $chars);
$chars = $chars[0] ?? [];

$str = [];
foreach ($chars as $char)

	{

	{

		return $start . $encoded_str . $end;
}











		$encoded_char = $is_quoted_printable
? $char = preg_replace_callback(
'/[()<>@,;:\\\\".\[\]=_?\x20\x00-\x1F\x80-\xFF]/',
function ($matches)
{
$hex = dechex(ord($matches[0]));
$hex = strlen($hex) == 1 ? "0$hex" : $hex;
return '=' . strtoupper($hex);
},
$char
)
: base64_encode($line_data . $char);





	// If there is only ASCII data, we just return what we want, correctly splitting the lines.
if (strlen($str) === utf8_strlen($str))

		if (isset($encoded_char[$split_length - $line_length]))


	{

	{

		return $start . implode($end . $delimiter . $start, str_split($encoded_str, $split_length)) . $end;







			if (!$is_quoted_printable)
{
$line_data = base64_encode($line_data);
}
$str[] = $start . $line_data . $end;
$line_length = $line_offset;
$line_data = '';

	}


	}


	// UTF-8 data, compose encoded lines
$array = utf8_str_split($str);
$str = '';

		$line_data .= $char;
$is_quoted_printable && $line_length += strlen($char);
}





	while (count($array))

	if ($line_data !== '')

	{

	{

		$text = '';

while (count($array) && intval((strlen($text . $array[0]) + 2) / 3) << 2 <= $split_length)

		if (!$is_quoted_printable)



		{

		{

			$text .= array_shift($array);

			$line_data = base64_encode($line_data);

		}

		}


$str .= $start . base64_encode($text) . $end . $delimiter;

		$str[] = $start . $line_data . $end;


	}


	}


	return substr($str, 0, -strlen($delimiter));

	return implode($eol . ' ', $str);

}

/**

}

/**

Line 1897Line 1931
 */
function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
{

 */
function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
{

	global $config, $phpbb_root_path, $phpEx;

	global $config, $phpbb_root_path, $phpEx, $phpbb_dispatcher;


// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
$subject = utf8_decode_ncr($subject);


// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
$subject = utf8_decode_ncr($subject);

Line 1925Line 1959
	 * (Use '' as parameter to mail_encode() results in SPACE used)
*/
$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';

	 * (Use '' as parameter to mail_encode() results in SPACE used)
*/
$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';

 

/**
* Modify data before sending out emails with PHP's mail function
*
* @event core.phpbb_mail_before
* @var string to The message recipient
* @var string subject The message subject
* @var string msg The message text
* @var string headers The email headers
* @var string eol The endline character
* @var string additional_parameters The additional parameters
* @since 3.3.6-RC1
*/
$vars = [
'to',
'subject',
'msg',
'headers',
'eol',
'additional_parameters',
];
extract($phpbb_dispatcher->trigger_event('core.phpbb_mail_before', compact($vars)));


$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);


$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);

 

/**
* Execute code after sending out emails with PHP's mail function
*
* @event core.phpbb_mail_after
* @var string to The message recipient
* @var string subject The message subject
* @var string msg The message text
* @var string headers The email headers
* @var string eol The endline character
* @var string additional_parameters The additional parameters
* @var bool result True if the email was sent, false otherwise
* @since 3.3.6-RC1
*/
$vars = [
'to',
'subject',
'msg',
'headers',
'eol',
'additional_parameters',
'result',
];
extract($phpbb_dispatcher->trigger_event('core.phpbb_mail_after', compact($vars)));


$collector->uninstall();
$err_msg = $collector->format_errors();


$collector->uninstall();
$err_msg = $collector->format_errors();