/** * Tests this denial of service attack: * https://sourceforge.net/p/phpmailer/bugs/383/ * According to the ticket, this should get stuck in a loop, though I can't make it happen. */ function test_DenialOfServiceAttack2() { //Encoding name longer than 68 chars $this->Mail->Encoding = '1234567890123456789012345678901234567890123456789012345678901234567890'; //Call WrapText with a zero length value $t = $this->Mail->WrapText(str_repeat('This should no longer cause a denial of service. ', 30), 0); }
/** * Sends an HTML email using the phpmailer class (and multipart/alternative to downgrade gracefully) * Sender name and email can be specified, if not specified * name and email of the platform admin are used * * @author Bert Vanderkimpen ICT&O UGent * @author Yannick Warnier <*****@*****.**> * * @param string name of recipient * @param string email of recipient * @param string email subject * @param string email body * @param string sender name * @param string sender e-mail * @param array extra headers in form $headers = array($name => $value) to allow parsing * @param array data file (path and filename) * @param array data to attach a file (optional) * @param bool True for attaching a embedded file inside content html (optional) * @return returns true if mail was sent * @see class.phpmailer.php */ function api_mail_html($recipient_name, $recipient_email, $subject, $message, $senderName = '', $senderEmail = '', $extra_headers = array(), $data_file = array(), $embedded_image = false, $additionalParameters = array()) { global $platform_email; $mail = new PHPMailer(); $mail->Mailer = $platform_email['SMTP_MAILER']; $mail->Host = $platform_email['SMTP_HOST']; $mail->Port = $platform_email['SMTP_PORT']; $mail->CharSet = $platform_email['SMTP_CHARSET']; // Stay far below SMTP protocol 980 chars limit. $mail->WordWrap = 200; if ($platform_email['SMTP_AUTH']) { $mail->SMTPAuth = 1; $mail->Username = $platform_email['SMTP_USER']; $mail->Password = $platform_email['SMTP_PASS']; } // 5 = low, 1 = high $mail->Priority = 3; $mail->SMTPKeepAlive = true; // Default values $notification = new Notification(); $defaultEmail = $notification->getDefaultPlatformSenderEmail(); $defaultName = $notification->getDefaultPlatformSenderName(); // Error to admin. $mail->AddCustomHeader('Errors-To: ' . $defaultEmail); // If the parameter is set don't use the admin. $senderName = !empty($senderName) ? $senderName : $defaultEmail; $senderEmail = !empty($senderEmail) ? $senderEmail : $defaultName; // Reply to first if (isset($extra_headers['reply_to'])) { $mail->AddReplyTo($extra_headers['reply_to']['mail'], $extra_headers['reply_to']['name']); $mail->Sender = $extra_headers['reply_to']['mail']; unset($extra_headers['reply_to']); } $mail->SetFrom($senderEmail, $senderName); $mail->Subject = $subject; $mail->AltBody = strip_tags(str_replace('<br />', "\n", api_html_entity_decode($message))); // Send embedded image. if ($embedded_image) { // Get all images html inside content. preg_match_all("/<img\\s+.*?src=[\"\\']?([^\"\\' >]*)[\"\\']?[^>]*>/i", $message, $m); // Prepare new tag images. $new_images_html = array(); $i = 1; if (!empty($m[1])) { foreach ($m[1] as $image_path) { $real_path = realpath($image_path); $filename = basename($image_path); $image_cid = $filename . '_' . $i; $encoding = 'base64'; $image_type = mime_content_type($real_path); $mail->AddEmbeddedImage($real_path, $image_cid, $filename, $encoding, $image_type); $new_images_html[] = '<img src="cid:' . $image_cid . '" />'; $i++; } } // Replace origin image for new embedded image html. $x = 0; if (!empty($m[0])) { foreach ($m[0] as $orig_img) { $message = str_replace($orig_img, $new_images_html[$x], $message); $x++; } } } $message = str_replace(array("\n\r", "\n", "\r"), '<br />', $message); $mail->Body = '<html><head></head><body>' . $message . '</body></html>'; // Attachment ... if (!empty($data_file)) { $mail->AddAttachment($data_file['path'], $data_file['filename']); } // Only valid addresses are accepted. if (is_array($recipient_email)) { foreach ($recipient_email as $dest) { if (api_valid_email($dest)) { $mail->AddAddress($dest, $recipient_name); } } } else { if (api_valid_email($recipient_email)) { $mail->AddAddress($recipient_email, $recipient_name); } else { return 0; } } if (is_array($extra_headers) && count($extra_headers) > 0) { foreach ($extra_headers as $key => $value) { switch (strtolower($key)) { case 'encoding': case 'content-transfer-encoding': $mail->Encoding = $value; break; case 'charset': $mail->Charset = $value; break; case 'contenttype': case 'content-type': $mail->ContentType = $value; break; default: $mail->AddCustomHeader($key . ':' . $value); break; } } } else { if (!empty($extra_headers)) { $mail->AddCustomHeader($extra_headers); } } // WordWrap the html body (phpMailer only fixes AltBody) FS#2988 $mail->Body = $mail->WrapText($mail->Body, $mail->WordWrap); // Send the mail message. if (!$mail->Send()) { error_log('ERROR: mail not sent to ' . $recipient_name . ' (' . $recipient_email . ') because of ' . $mail->ErrorInfo . '<br />'); return 0; } $plugin = new AppPlugin(); $installedPluginsList = $plugin->getInstalledPluginListObject(); foreach ($installedPluginsList as $installedPlugin) { if ($installedPlugin->isMailPlugin and array_key_exists("smsType", $additionalParameters)) { $clockworksmsObject = new Clockworksms(); $clockworksmsObject->send($additionalParameters); } } // Clear all the addresses. $mail->ClearAddresses(); return 1; }
/** * Sends an HTML email using the phpmailer class (and multipart/alternative to downgrade gracefully) * Sender name and email can be specified, if not specified * name and email of the platform admin are used * * @author Bert Vanderkimpen ICT&O UGent * @author Yannick Warnier <*****@*****.**> * * @param string name of recipient * @param string email of recipient * @param string email subject * @param string email body * @param string sender name * @param string sender e-mail * @param array extra headers in form $headers = array($name => $value) to allow parsing * @param array data file (path and filename) * @param array data to attach a file (optional) * @param bool True for attaching a embedded file inside content html (optional) * @return returns true if mail was sent * @see class.phpmailer.php */ function api_mail_html($recipient_name, $recipient_email, $subject, $message, $senderName = '', $senderEmail = '', $extra_headers = array(), $data_file = array(), $embedded_image = false, $additionalParameters = array()) { // Default values $notification = new Notification(); $defaultEmail = $notification->getDefaultPlatformSenderEmail(); $defaultName = $notification->getDefaultPlatformSenderName(); // If the parameter is set don't use the admin. $senderName = !empty($senderName) ? $senderName : $defaultName; $senderEmail = !empty($senderEmail) ? $senderEmail : $defaultEmail; $link = isset($additionalParameters['link']) ? $additionalParameters['link'] : ''; $swiftMessage = \Swift_Message::newInstance()->setSubject($subject)->setFrom($senderEmail, $senderName)->setTo($recipient_email, $recipient_name)->setBody(Container::getTemplating()->render('ChamiloCoreBundle:default/mail:mail.html.twig', array('content' => $message, 'link' => $link)), 'text/html'); if (!empty($additionalParameters)) { $plugin = new AppPlugin(); $smsPlugin = $plugin->getSMSPluginLibrary(); if ($smsPlugin) { $smsPlugin->send($additionalParameters); } } Container::getMailer()->send($swiftMessage); return 1; global $platform_email; $mail = new PHPMailer(); $mail->Mailer = $platform_email['SMTP_MAILER']; $mail->Host = $platform_email['SMTP_HOST']; $mail->Port = $platform_email['SMTP_PORT']; $mail->CharSet = $platform_email['SMTP_CHARSET']; // Stay far below SMTP protocol 980 chars limit. $mail->WordWrap = 200; if ($platform_email['SMTP_AUTH']) { $mail->SMTPAuth = 1; $mail->Username = $platform_email['SMTP_USER']; $mail->Password = $platform_email['SMTP_PASS']; } // 5 = low, 1 = high $mail->Priority = 3; $mail->SMTPKeepAlive = true; // Default values $notification = new Notification(); $defaultEmail = $notification->getDefaultPlatformSenderEmail(); $defaultName = $notification->getDefaultPlatformSenderName(); // Error to admin. $mail->AddCustomHeader('Errors-To: ' . $defaultEmail); // If the parameter is set don't use the admin. $senderName = !empty($senderName) ? $senderName : $defaultName; $senderEmail = !empty($senderEmail) ? $senderEmail : $defaultEmail; // Reply to first if (isset($extra_headers['reply_to'])) { $mail->AddReplyTo($extra_headers['reply_to']['mail'], $extra_headers['reply_to']['name']); $mail->Sender = $extra_headers['reply_to']['mail']; unset($extra_headers['reply_to']); } //If the SMTP configuration only accept one sender if ($platform_email['SMTP_UNIQUE_SENDER']) { $senderName = $platform_email['SMTP_FROM_NAME']; $senderEmail = $platform_email['SMTP_FROM_EMAIL']; } $mail->SetFrom($senderEmail, $senderName); $mail->Subject = $subject; $mail->AltBody = strip_tags(str_replace('<br />', "\n", api_html_entity_decode($message))); // Send embedded image. if ($embedded_image) { // Get all images html inside content. preg_match_all("/<img\\s+.*?src=[\"\\']?([^\"\\' >]*)[\"\\']?[^>]*>/i", $message, $m); // Prepare new tag images. $new_images_html = array(); $i = 1; if (!empty($m[1])) { foreach ($m[1] as $image_path) { $real_path = realpath($image_path); $filename = basename($image_path); $image_cid = $filename . '_' . $i; $encoding = 'base64'; $image_type = mime_content_type($real_path); $mail->AddEmbeddedImage($real_path, $image_cid, $filename, $encoding, $image_type); $new_images_html[] = '<img src="cid:' . $image_cid . '" />'; $i++; } } // Replace origin image for new embedded image html. $x = 0; if (!empty($m[0])) { foreach ($m[0] as $orig_img) { $message = str_replace($orig_img, $new_images_html[$x], $message); $x++; } } } $message = str_replace(array("\n\r", "\n", "\r"), '<br />', $message); $mailView = new Template(null, false, false, false, false, false, false); $mailView->assign('content', $message); $link = $additionalParameters['link']; $mailView->assign('link', $link); $layout = $mailView->get_template('mail/mail.tpl'); $mail->Body = $mailView->fetch($layout); // Attachment ... if (!empty($data_file)) { $mail->AddAttachment($data_file['path'], $data_file['filename']); } // Only valid addresses are accepted. if (is_array($recipient_email)) { foreach ($recipient_email as $dest) { if (api_valid_email($dest)) { $mail->AddAddress($dest, $recipient_name); } } } else { if (api_valid_email($recipient_email)) { $mail->AddAddress($recipient_email, $recipient_name); } else { return 0; } } if (is_array($extra_headers) && count($extra_headers) > 0) { foreach ($extra_headers as $key => $value) { switch (strtolower($key)) { case 'encoding': case 'content-transfer-encoding': $mail->Encoding = $value; break; case 'charset': $mail->Charset = $value; break; case 'contenttype': case 'content-type': $mail->ContentType = $value; break; default: $mail->AddCustomHeader($key . ':' . $value); break; } } } else { if (!empty($extra_headers)) { $mail->AddCustomHeader($extra_headers); } } // WordWrap the html body (phpMailer only fixes AltBody) FS#2988 $mail->Body = $mail->WrapText($mail->Body, $mail->WordWrap); // Send the mail message. if (!$mail->Send()) { error_log('ERROR: mail not sent to ' . $recipient_name . ' (' . $recipient_email . ') because of ' . $mail->ErrorInfo . '<br />'); return 0; } if (!empty($additionalParameters)) { $plugin = new AppPlugin(); $smsPlugin = $plugin->getSMSPluginLibrary(); if ($smsPlugin) { $smsPlugin->send($additionalParameters); } } // Clear all the addresses. $mail->ClearAddresses(); return 1; }