From f947fe5d0ca7d2ee59c1a81cddccac0846394d85 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Thu, 9 Dec 2010 10:24:06 -0800 Subject: [PATCH 1/3] Disable InProcessCache plugin for CLI scripts, which are more likely to be long-running, greatly increasing the chance of data corruption. --- .../InProcessCache/InProcessCachePlugin.php | 30 +++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/plugins/InProcessCache/InProcessCachePlugin.php b/plugins/InProcessCache/InProcessCachePlugin.php index 1b6fbcdbea..4871fa7500 100644 --- a/plugins/InProcessCache/InProcessCachePlugin.php +++ b/plugins/InProcessCache/InProcessCachePlugin.php @@ -58,6 +58,22 @@ class InProcessCachePlugin extends Plugin { private $_items = array(); private $_hits = array(); + private $active; + + /** + * Constructor checks if it's safe to use the in-process cache. + * On CLI scripts, we'll disable ourselves to avoid data corruption + * due to keeping stale data around. + * + * On web requests we'll roll the dice; they're short-lived so have + * less chance of stale data. Race conditions are still possible, + * so beware! + */ + function __construct() + { + parent::__construct(); + $this->active = (PHP_SAPI != 'cli'); + } /** * Get an item from the cache @@ -75,7 +91,7 @@ class InProcessCachePlugin extends Plugin function onStartCacheGet(&$key, &$value) { - if (array_key_exists($key, $this->_items)) { + if ($this->active && array_key_exists($key, $this->_items)) { $value = $this->_items[$key]; if (array_key_exists($key, $this->_hits)) { $this->_hits[$key]++; @@ -103,8 +119,8 @@ class InProcessCachePlugin extends Plugin function onEndCacheGet($key, &$value) { - if (!array_key_exists($key, $this->_items) || - $this->_items[$key] != $value) { + if ($this->active && (!array_key_exists($key, $this->_items) || + $this->_items[$key] != $value)) { $this->_items[$key] = $value; } return true; @@ -126,7 +142,9 @@ class InProcessCachePlugin extends Plugin function onEndCacheSet($key, $value, $flag, $expiry) { - $this->_items[$key] = $value; + if ($this->active) { + $this->_items[$key] = $value; + } return true; } @@ -144,7 +162,7 @@ class InProcessCachePlugin extends Plugin function onStartCacheDelete(&$key, &$success) { - if (array_key_exists($key, $this->_items)) { + if ($this->active && array_key_exists($key, $this->_items)) { unset($this->_items[$key]); } return true; @@ -182,7 +200,7 @@ class InProcessCachePlugin extends Plugin function cleanup() { - if (common_config('inprocess', 'stats')) { + if ($this->active && common_config('inprocess', 'stats')) { $this->log(LOG_INFO, "cache size: " . count($this->_items)); $sum = 0; From d55f606cf8c7c73397258fdfd492b195b987b707 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Thu, 9 Dec 2010 16:43:35 -0800 Subject: [PATCH 2/3] Tweaking nickname format regexes: added one that explicitly allows numbers, to be used in router setup. --- lib/nickname.php | 22 ++++++++++++++++++++-- lib/router.php | 44 ++++++++++++++++++++++---------------------- 2 files changed, 42 insertions(+), 24 deletions(-) diff --git a/lib/nickname.php b/lib/nickname.php index a0c9378cd3..562f1e2052 100644 --- a/lib/nickname.php +++ b/lib/nickname.php @@ -20,7 +20,25 @@ class Nickname { /** - * Regex fragment for pulling an arbitrarily-formated nickname. + * Regex fragment for pulling a formated nickname *OR* ID number. + * Suitable for router def of 'id' parameters on API actions. + * + * Not guaranteed to be valid after normalization; run the string through + * Nickname::normalize() to get the canonical form, or Nickname::isValid() + * if you just need to check if it's properly formatted. + * + * This, DISPLAY_FMT, and CANONICAL_FMT replace the old NICKNAME_FMT, + * but be aware that these should not be enclosed in []s. + * + * @fixme would prefer to define in reference to the other constants + */ + const INPUT_FMT = '(?:[0-9]+|[0-9a-zA-Z_]{1,64})'; + + /** + * Regex fragment for acceptable user-formatted variant of a nickname. + * This includes some chars such as underscore which will be removed + * from the normalized canonical form, but still must fit within + * field length limits. * * Not guaranteed to be valid after normalization; run the string through * Nickname::normalize() to get the canonical form, or Nickname::isValid() @@ -29,7 +47,7 @@ class Nickname * This and CANONICAL_FMT replace the old NICKNAME_FMT, but be aware * that these should not be enclosed in []s. */ - const DISPLAY_FMT = '[0-9a-zA-Z_]+'; + const DISPLAY_FMT = '[0-9a-zA-Z_]{1,64}'; /** * Regex fragment for checking a canonical nickname. diff --git a/lib/router.php b/lib/router.php index ca895c8bb6..d747493ded 100644 --- a/lib/router.php +++ b/lib/router.php @@ -403,7 +403,7 @@ class Router $m->connect('api/statuses/friends_timeline/:id.:format', array('action' => 'ApiTimelineFriends', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/statuses/home_timeline.:format', @@ -412,7 +412,7 @@ class Router $m->connect('api/statuses/home_timeline/:id.:format', array('action' => 'ApiTimelineHome', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/statuses/user_timeline.:format', @@ -421,7 +421,7 @@ class Router $m->connect('api/statuses/user_timeline/:id.:format', array('action' => 'ApiTimelineUser', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/statuses/mentions.:format', @@ -430,7 +430,7 @@ class Router $m->connect('api/statuses/mentions/:id.:format', array('action' => 'ApiTimelineMentions', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/statuses/replies.:format', @@ -439,7 +439,7 @@ class Router $m->connect('api/statuses/replies/:id.:format', array('action' => 'ApiTimelineMentions', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/statuses/retweeted_by_me.:format', @@ -460,7 +460,7 @@ class Router $m->connect('api/statuses/friends/:id.:format', array('action' => 'ApiUserFriends', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/statuses/followers.:format', @@ -469,7 +469,7 @@ class Router $m->connect('api/statuses/followers/:id.:format', array('action' => 'ApiUserFollowers', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/statuses/show.:format', @@ -512,7 +512,7 @@ class Router $m->connect('api/users/show/:id.:format', array('action' => 'ApiUserShow', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); // direct messages @@ -550,12 +550,12 @@ class Router $m->connect('api/friendships/create/:id.:format', array('action' => 'ApiFriendshipsCreate', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/friendships/destroy/:id.:format', array('action' => 'ApiFriendshipsDestroy', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); // Social graph @@ -612,17 +612,17 @@ class Router $m->connect('api/favorites/:id.:format', array('action' => 'ApiTimelineFavorites', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/favorites/create/:id.:format', array('action' => 'ApiFavoriteCreate', - 'id' => Nickname::DISPLAY_FMT, + 'id' => '[0-9]+', 'format' => '(xml|json)')); $m->connect('api/favorites/destroy/:id.:format', array('action' => 'ApiFavoriteDestroy', - 'id' => Nickname::DISPLAY_FMT, + 'id' => '[0-9]+', 'format' => '(xml|json)')); // blocks @@ -632,7 +632,7 @@ class Router $m->connect('api/blocks/create/:id.:format', array('action' => 'ApiBlockCreate', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/blocks/destroy.:format', @@ -641,7 +641,7 @@ class Router $m->connect('api/blocks/destroy/:id.:format', array('action' => 'ApiBlockDestroy', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); // help @@ -677,7 +677,7 @@ class Router $m->connect('api/statusnet/groups/timeline/:id.:format', array('action' => 'ApiTimelineGroup', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/statusnet/groups/show.:format', @@ -686,12 +686,12 @@ class Router $m->connect('api/statusnet/groups/show/:id.:format', array('action' => 'ApiGroupShow', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/statusnet/groups/join.:format', array('action' => 'ApiGroupJoin', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/statusnet/groups/join/:id.:format', @@ -700,7 +700,7 @@ class Router $m->connect('api/statusnet/groups/leave.:format', array('action' => 'ApiGroupLeave', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/statusnet/groups/leave/:id.:format', @@ -717,7 +717,7 @@ class Router $m->connect('api/statusnet/groups/list/:id.:format', array('action' => 'ApiGroupList', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json|rss|atom)')); $m->connect('api/statusnet/groups/list_all.:format', @@ -730,7 +730,7 @@ class Router $m->connect('api/statusnet/groups/membership/:id.:format', array('action' => 'ApiGroupMembership', - 'id' => Nickname::DISPLAY_FMT, + 'id' => Nickname::INPUT_FMT, 'format' => '(xml|json)')); $m->connect('api/statusnet/groups/create.:format', @@ -763,7 +763,7 @@ class Router $m->connect('api/statusnet/app/service/:id.xml', array('action' => 'ApiAtomService', - 'id' => Nickname::DISPLAY_FMT)); + 'id' => Nickname::INPUT_FMT)); $m->connect('api/statusnet/app/service.xml', array('action' => 'ApiAtomService')); From baae319aefc8500b9d50d267937aab1022c723e5 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 3 May 2010 16:49:59 -0700 Subject: [PATCH 3/3] extlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together as a pair) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as: 1.2.0: • QA release - stable. • Updated minimum dependencies (Net_SMTP, PEAR, PHP) • Doc Bug #15620 Licence change to BSD • Bug #13659 Mail parse error in special condition • Bug #16200 - Security hole allow to read/write Arbitrary File _hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137). • Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772). • Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764). • Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766). PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail: 1.4.2: • Fixing header string quoting in data(). (Bug #17199) 1.4.1: • The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349) • Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012) 1.4.0: • The data() method now accepts either a string or a file resource containing the message data. (Request #16962) 1.3.4: • All Net_Socket write failures are now recognized. (Bug #16831) 1.3.3: • Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail] • We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254) • You can now specify a debug output handler via setDebug(). (Request #16420) 1.3.2: • TLS connection only gets started if no AUTH methods are sent. (Bug #14944) --- extlib/Mail.php | 82 +++++++++++----- extlib/Mail/RFC822.php | 83 +++++++++------- extlib/Mail/mail.php | 63 +++++++++---- extlib/Mail/mock.php | 64 +++++++++---- extlib/Mail/null.php | 64 +++++++++---- extlib/Mail/sendmail.php | 7 +- extlib/Mail/smtp.php | 73 +++++++++++---- extlib/Mail/smtpmx.php | 44 +++++++-- extlib/Net/SMTP.php | 198 ++++++++++++++++++++++++++++++--------- 9 files changed, 481 insertions(+), 197 deletions(-) mode change 100644 => 100755 extlib/Mail.php mode change 100644 => 100755 extlib/Mail/RFC822.php mode change 100644 => 100755 extlib/Mail/mail.php mode change 100644 => 100755 extlib/Mail/mock.php mode change 100644 => 100755 extlib/Mail/null.php mode change 100644 => 100755 extlib/Mail/sendmail.php mode change 100644 => 100755 extlib/Mail/smtp.php mode change 100644 => 100755 extlib/Mail/smtpmx.php diff --git a/extlib/Mail.php b/extlib/Mail.php old mode 100644 new mode 100755 index 3a0c1a9cb8..75132ac2a6 --- a/extlib/Mail.php +++ b/extlib/Mail.php @@ -1,22 +1,47 @@ | -// +----------------------------------------------------------------------+ -// -// $Id: Mail.php,v 1.17 2006/09/15 03:41:18 jon Exp $ +/** + * PEAR's Mail:: interface. + * + * PHP versions 4 and 5 + * + * LICENSE: + * + * Copyright (c) 2002-2007, Richard Heyes + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * o Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * o Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * o The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * @category Mail + * @package Mail + * @author Chuck Hagenbuch + * @copyright 1997-2010 Chuck Hagenbuch + * @license http://opensource.org/licenses/bsd-license.php New BSD License + * @version CVS: $Id: Mail.php 294747 2010-02-08 08:18:33Z clockwerx $ + * @link http://pear.php.net/package/Mail/ + */ require_once 'PEAR.php'; @@ -26,7 +51,7 @@ require_once 'PEAR.php'; * useful in multiple mailer backends. * * @access public - * @version $Revision: 1.17 $ + * @version $Revision: 294747 $ * @package Mail */ class Mail @@ -82,12 +107,20 @@ class Mail * @return mixed Returns true on success, or a PEAR_Error * containing a descriptive error message on * failure. + * * @access public * @deprecated use Mail_mail::send instead */ function send($recipients, $headers, $body) { - $this->_sanitizeHeaders($headers); + if (!is_array($headers)) { + return PEAR::raiseError('$headers must be an array'); + } + + $result = $this->_sanitizeHeaders($headers); + if (is_a($result, 'PEAR_Error')) { + return $result; + } // if we're passed an array of recipients, implode it. if (is_array($recipients)) { @@ -103,10 +136,9 @@ class Mail } // flatten the headers out. - list(,$text_headers) = Mail::prepareHeaders($headers); + list(, $text_headers) = Mail::prepareHeaders($headers); return mail($recipients, $subject, $body, $text_headers); - } /** @@ -151,9 +183,9 @@ class Mail foreach ($headers as $key => $value) { if (strcasecmp($key, 'From') === 0) { include_once 'Mail/RFC822.php'; - $parser = &new Mail_RFC822(); + $parser = new Mail_RFC822(); $addresses = $parser->parseAddressList($value, 'localhost', false); - if (PEAR::isError($addresses)) { + if (is_a($addresses, 'PEAR_Error')) { return $addresses; } @@ -221,7 +253,7 @@ class Mail $addresses = Mail_RFC822::parseAddressList($recipients, 'localhost', false); // If parseAddressList() returned a PEAR_Error object, just return it. - if (PEAR::isError($addresses)) { + if (is_a($addresses, 'PEAR_Error')) { return $addresses; } diff --git a/extlib/Mail/RFC822.php b/extlib/Mail/RFC822.php old mode 100644 new mode 100755 index 8714df2e29..58d36465cb --- a/extlib/Mail/RFC822.php +++ b/extlib/Mail/RFC822.php @@ -1,37 +1,48 @@ | -// | Chuck Hagenbuch | -// +-----------------------------------------------------------------------+ +/** + * RFC 822 Email address list validation Utility + * + * PHP versions 4 and 5 + * + * LICENSE: + * + * Copyright (c) 2001-2010, Richard Heyes + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * o Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * o Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * o The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * @category Mail + * @package Mail + * @author Richard Heyes + * @author Chuck Hagenbuch * @author Chuck Hagenbuch - * @version $Revision: 1.24 $ + * @version $Revision: 294749 $ * @license BSD * @package Mail */ @@ -635,8 +646,8 @@ class Mail_RFC822 { $comment = $this->_splitCheck($parts, ')'); $comments[] = $comment; - // +1 is for the trailing ) - $_mailbox = substr($_mailbox, strpos($_mailbox, $comment)+strlen($comment)+1); + // +2 is for the brackets + $_mailbox = substr($_mailbox, strpos($_mailbox, '('.$comment)+strlen($comment)+2); } else { break; } diff --git a/extlib/Mail/mail.php b/extlib/Mail/mail.php old mode 100644 new mode 100755 index b13d695656..a8b4b5dbee --- a/extlib/Mail/mail.php +++ b/extlib/Mail/mail.php @@ -1,27 +1,52 @@ | -// +----------------------------------------------------------------------+ -// -// $Id: mail.php,v 1.20 2007/10/06 17:00:00 chagenbu Exp $ +/** + * internal PHP-mail() implementation of the PEAR Mail:: interface. + * + * PHP versions 4 and 5 + * + * LICENSE: + * + * Copyright (c) 2010 Chuck Hagenbuch + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * o Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * o Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * o The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * @category Mail + * @package Mail + * @author Chuck Hagenbuch + * @copyright 2010 Chuck Hagenbuch + * @license http://opensource.org/licenses/bsd-license.php New BSD License + * @version CVS: $Id: mail.php 294747 2010-02-08 08:18:33Z clockwerx $ + * @link http://pear.php.net/package/Mail/ + */ /** * internal PHP-mail() implementation of the PEAR Mail:: interface. * @package Mail - * @version $Revision: 1.20 $ + * @version $Revision: 294747 $ */ class Mail_mail extends Mail { diff --git a/extlib/Mail/mock.php b/extlib/Mail/mock.php old mode 100644 new mode 100755 index 971dae6a0e..61570ba408 --- a/extlib/Mail/mock.php +++ b/extlib/Mail/mock.php @@ -1,29 +1,53 @@ | -// +----------------------------------------------------------------------+ -// -// $Id: mock.php,v 1.1 2007/12/08 17:57:54 chagenbu Exp $ -// +/** + * Mock implementation + * + * PHP versions 4 and 5 + * + * LICENSE: + * + * Copyright (c) 2010 Chuck Hagenbuch + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * o Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * o Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * o The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * @category Mail + * @package Mail + * @author Chuck Hagenbuch + * @copyright 2010 Chuck Hagenbuch + * @license http://opensource.org/licenses/bsd-license.php New BSD License + * @version CVS: $Id: mock.php 294747 2010-02-08 08:18:33Z clockwerx $ + * @link http://pear.php.net/package/Mail/ + */ /** * Mock implementation of the PEAR Mail:: interface for testing. * @access public * @package Mail - * @version $Revision: 1.1 $ + * @version $Revision: 294747 $ */ class Mail_mock extends Mail { diff --git a/extlib/Mail/null.php b/extlib/Mail/null.php old mode 100644 new mode 100755 index 982bfa45b6..f8d58272ee --- a/extlib/Mail/null.php +++ b/extlib/Mail/null.php @@ -1,29 +1,53 @@ | -// +----------------------------------------------------------------------+ -// -// $Id: null.php,v 1.2 2004/04/06 05:19:03 jon Exp $ -// +/** + * Null implementation of the PEAR Mail interface + * + * PHP versions 4 and 5 + * + * LICENSE: + * + * Copyright (c) 2010 Phil Kernick + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * o Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * o Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * o The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * @category Mail + * @package Mail + * @author Phil Kernick + * @copyright 2010 Phil Kernick + * @license http://opensource.org/licenses/bsd-license.php New BSD License + * @version CVS: $Id: null.php 294747 2010-02-08 08:18:33Z clockwerx $ + * @link http://pear.php.net/package/Mail/ + */ /** * Null implementation of the PEAR Mail:: interface. * @access public * @package Mail - * @version $Revision: 1.2 $ + * @version $Revision: 294747 $ */ class Mail_null extends Mail { diff --git a/extlib/Mail/sendmail.php b/extlib/Mail/sendmail.php old mode 100644 new mode 100755 index cd248e61d2..b056575e99 --- a/extlib/Mail/sendmail.php +++ b/extlib/Mail/sendmail.php @@ -20,7 +20,7 @@ * Sendmail implementation of the PEAR Mail:: interface. * @access public * @package Mail - * @version $Revision: 1.19 $ + * @version $Revision: 294744 $ */ class Mail_sendmail extends Mail { @@ -117,7 +117,7 @@ class Mail_sendmail extends Mail { if (is_a($recipients, 'PEAR_Error')) { return $recipients; } - $recipients = escapeShellCmd(implode(' ', $recipients)); + $recipients = implode(' ', array_map('escapeshellarg', $recipients)); $headerElements = $this->prepareHeaders($headers); if (is_a($headerElements, 'PEAR_Error')) { @@ -141,7 +141,8 @@ class Mail_sendmail extends Mail { return PEAR::raiseError('From address specified with dangerous characters.'); } - $from = escapeShellCmd($from); + $from = escapeshellarg($from); // Security bug #16200 + $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w'); if (!$mail) { return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.'); diff --git a/extlib/Mail/smtp.php b/extlib/Mail/smtp.php old mode 100644 new mode 100755 index baf3a962ba..52ea602086 --- a/extlib/Mail/smtp.php +++ b/extlib/Mail/smtp.php @@ -1,21 +1,48 @@ | -// | Jon Parise | -// +----------------------------------------------------------------------+ +/** + * SMTP implementation of the PEAR Mail interface. Requires the Net_SMTP class. + * + * PHP versions 4 and 5 + * + * LICENSE: + * + * Copyright (c) 2010, Chuck Hagenbuch + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * o Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * o Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * o The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * @category HTTP + * @package HTTP_Request + * @author Jon Parise + * @author Chuck Hagenbuch + * @copyright 2010 Chuck Hagenbuch + * @license http://opensource.org/licenses/bsd-license.php New BSD License + * @version CVS: $Id: smtp.php 294747 2010-02-08 08:18:33Z clockwerx $ + * @link http://pear.php.net/package/Mail/ + */ /** Error: Failed to create a Net_SMTP object */ define('PEAR_MAIL_SMTP_ERROR_CREATE', 10000); @@ -42,7 +69,7 @@ define('PEAR_MAIL_SMTP_ERROR_DATA', 10006); * SMTP implementation of the PEAR Mail interface. Requires the Net_SMTP class. * @access public * @package Mail - * @version $Revision: 1.33 $ + * @version $Revision: 294747 $ */ class Mail_smtp extends Mail { @@ -278,6 +305,16 @@ class Mail_smtp extends Mail { /* Send the message's headers and the body as SMTP data. */ $res = $this->_smtp->data($textHeaders . "\r\n\r\n" . $body); + list(,$args) = $this->_smtp->getResponse(); + + if (preg_match("/Ok: queued as (.*)/", $args, $queued)) { + $this->queued_as = $queued[1]; + } + + /* we need the greeting; from it we can extract the authorative name of the mail server we've really connected to. + * ideal if we're connecting to a round-robin of relay servers and need to track which exact one took the email */ + $this->greeting = $this->_smtp->getGreeting(); + if (is_a($res, 'PEAR_Error')) { $error = $this->_error('Failed to send data', $res); $this->_smtp->rset(); diff --git a/extlib/Mail/smtpmx.php b/extlib/Mail/smtpmx.php old mode 100644 new mode 100755 index 9d2dccfb13..f0b6940868 --- a/extlib/Mail/smtpmx.php +++ b/extlib/Mail/smtpmx.php @@ -8,19 +8,43 @@ * * PHP versions 4 and 5 * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. + * LICENSE: + * + * Copyright (c) 2010, gERD Schaufelberger + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * o Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * o Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * o The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category Mail * @package Mail_smtpmx * @author gERD Schaufelberger - * @copyright 1997-2005 The PHP Group - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: smtpmx.php,v 1.2 2007/10/06 17:00:00 chagenbu Exp $ - * @see Mail + * @copyright 2010 gERD Schaufelberger + * @license http://opensource.org/licenses/bsd-license.php New BSD License + * @version CVS: $Id: smtpmx.php 294747 2010-02-08 08:18:33Z clockwerx $ + * @link http://pear.php.net/package/Mail/ */ require_once 'Net/SMTP.php'; @@ -32,7 +56,7 @@ require_once 'Net/SMTP.php'; * @access public * @author gERD Schaufelberger * @package Mail - * @version $Revision: 1.2 $ + * @version $Revision: 294747 $ */ class Mail_smtpmx extends Mail { diff --git a/extlib/Net/SMTP.php b/extlib/Net/SMTP.php index d632258d63..ea4b55e8d2 100644 --- a/extlib/Net/SMTP.php +++ b/extlib/Net/SMTP.php @@ -18,7 +18,7 @@ // | Damian Alejandro Fernandez Sosa | // +----------------------------------------------------------------------+ // -// $Id: SMTP.php,v 1.63 2008/06/10 05:39:12 jon Exp $ +// $Id: SMTP.php 293948 2010-01-24 21:46:00Z jon $ require_once 'PEAR.php'; require_once 'Net/Socket.php'; @@ -91,6 +91,13 @@ class Net_SMTP */ var $_debug = false; + /** + * Debug output handler. + * @var callback + * @access private + */ + var $_debug_handler = null; + /** * The socket resource being used to connect to the SMTP server. * @var resource @@ -112,6 +119,13 @@ class Net_SMTP */ var $_arguments = array(); + /** + * Stores the SMTP server's greeting string. + * @var string + * @access private + */ + var $_greeting = null; + /** * Stores detected features of the SMTP server. * @var array @@ -172,9 +186,30 @@ class Net_SMTP * @access public * @since 1.1.0 */ - function setDebug($debug) + function setDebug($debug, $handler = null) { $this->_debug = $debug; + $this->_debug_handler = $handler; + } + + /** + * Write the given debug text to the current debug output handler. + * + * @param string $message Debug mesage text. + * + * @access private + * @since 1.3.3 + */ + function _debug($message) + { + if ($this->_debug) { + if ($this->_debug_handler) { + call_user_func_array($this->_debug_handler, + array(&$this, $message)); + } else { + echo "DEBUG: $message\n"; + } + } } /** @@ -189,13 +224,12 @@ class Net_SMTP */ function _send($data) { - if ($this->_debug) { - echo "DEBUG: Send: $data\n"; - } + $this->_debug("Send: $data"); - if (PEAR::isError($error = $this->_socket->write($data))) { - return PEAR::raiseError('Failed to write to socket: ' . - $error->getMessage()); + $error = $this->_socket->write($data); + if ($error === false || PEAR::isError($error)) { + $msg = ($error) ? $error->getMessage() : "unknown error"; + return PEAR::raiseError("Failed to write to socket: $msg"); } return true; @@ -262,9 +296,7 @@ class Net_SMTP for ($i = 0; $i <= $this->_pipelined_commands; $i++) { while ($line = $this->_socket->readLine()) { - if ($this->_debug) { - echo "DEBUG: Recv: $line\n"; - } + $this->_debug("Recv: $line"); /* If we receive an empty line, the connection has been closed. */ if (empty($line)) { @@ -319,6 +351,20 @@ class Net_SMTP return array($this->_code, join("\n", $this->_arguments)); } + /** + * Return the SMTP server's greeting string. + * + * @return string A string containing the greeting string, or null if a + * greeting has not been received. + * + * @access public + * @since 1.3.3 + */ + function getGreeting() + { + return $this->_greeting; + } + /** * Attempt to connect to the SMTP server. * @@ -334,6 +380,7 @@ class Net_SMTP */ function connect($timeout = null, $persistent = false) { + $this->_greeting = null; $result = $this->_socket->connect($this->host, $this->port, $persistent, $timeout); if (PEAR::isError($result)) { @@ -344,6 +391,10 @@ class Net_SMTP if (PEAR::isError($error = $this->_parseResponse(220))) { return $error; } + + /* Extract and store a copy of the server's greeting string. */ + list(, $this->_greeting) = $this->getResponse(); + if (PEAR::isError($error = $this->_negotiate())) { return $error; } @@ -452,40 +503,43 @@ class Net_SMTP * @param string The password to authenticate with. * @param string The requested authentication method. If none is * specified, the best supported method will be used. + * @param bool Flag indicating whether or not TLS should be attempted. * * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. * @access public * @since 1.0 */ - function auth($uid, $pwd , $method = '') + function auth($uid, $pwd , $method = '', $tls = true) { - if (empty($this->_esmtp['AUTH'])) { - if (version_compare(PHP_VERSION, '5.1.0', '>=')) { - if (!isset($this->_esmtp['STARTTLS'])) { - return PEAR::raiseError('SMTP server does not support authentication'); - } - if (PEAR::isError($result = $this->_put('STARTTLS'))) { - return $result; - } - if (PEAR::isError($result = $this->_parseResponse(220))) { - return $result; - } - if (PEAR::isError($result = $this->_socket->enableCrypto(true, STREAM_CRYPTO_METHOD_TLS_CLIENT))) { - return $result; - } elseif ($result !== true) { - return PEAR::raiseError('STARTTLS failed'); - } - - /* Send EHLO again to recieve the AUTH string from the - * SMTP server. */ - $this->_negotiate(); - if (empty($this->_esmtp['AUTH'])) { - return PEAR::raiseError('SMTP server does not support authentication'); - } - } else { - return PEAR::raiseError('SMTP server does not support authentication'); + /* We can only attempt a TLS connection if one has been requested, + * we're running PHP 5.1.0 or later, have access to the OpenSSL + * extension, are connected to an SMTP server which supports the + * STARTTLS extension, and aren't already connected over a secure + * (SSL) socket connection. */ + if ($tls && version_compare(PHP_VERSION, '5.1.0', '>=') && + extension_loaded('openssl') && isset($this->_esmtp['STARTTLS']) && + strncasecmp($this->host, 'ssl://', 6) !== 0) { + /* Start the TLS connection attempt. */ + if (PEAR::isError($result = $this->_put('STARTTLS'))) { + return $result; } + if (PEAR::isError($result = $this->_parseResponse(220))) { + return $result; + } + if (PEAR::isError($result = $this->_socket->enableCrypto(true, STREAM_CRYPTO_METHOD_TLS_CLIENT))) { + return $result; + } elseif ($result !== true) { + return PEAR::raiseError('STARTTLS failed'); + } + + /* Send EHLO again to recieve the AUTH string from the + * SMTP server. */ + $this->_negotiate(); + } + + if (empty($this->_esmtp['AUTH'])) { + return PEAR::raiseError('SMTP server does not support authentication'); } /* If no method has been specified, get the name of the best @@ -844,30 +898,51 @@ class Net_SMTP /** * Send the DATA command. * - * @param string $data The message body to send. + * @param mixed $data The message data, either as a string or an open + * file resource. + * @param string $headers The message headers. If $headers is provided, + * $data is assumed to contain only body data. * * @return mixed Returns a PEAR_Error with an error message on any * kind of failure, or true on success. * @access public * @since 1.0 */ - function data($data) + function data($data, $headers = null) { + /* Verify that $data is a supported type. */ + if (!is_string($data) && !is_resource($data)) { + return PEAR::raiseError('Expected a string or file resource'); + } + /* RFC 1870, section 3, subsection 3 states "a value of zero * indicates that no fixed maximum message size is in force". * Furthermore, it says that if "the parameter is omitted no * information is conveyed about the server's fixed maximum * message size". */ if (isset($this->_esmtp['SIZE']) && ($this->_esmtp['SIZE'] > 0)) { - if (strlen($data) >= $this->_esmtp['SIZE']) { + /* Start by considering the size of the optional headers string. + * We also account for the addition 4 character "\r\n\r\n" + * separator sequence. */ + $size = (is_null($headers)) ? 0 : strlen($headers) + 4; + + if (is_resource($data)) { + $stat = fstat($data); + if ($stat === false) { + return PEAR::raiseError('Failed to get file size'); + } + $size += $stat['size']; + } else { + $size += strlen($data); + } + + if ($size >= $this->_esmtp['SIZE']) { $this->disconnect(); - return PEAR::raiseError('Message size excedes the server limit'); + return PEAR::raiseError('Message size exceeds server limit'); } } - /* Quote the data based on the SMTP standards. */ - $this->quotedata($data); - + /* Initiate the DATA command. */ if (PEAR::isError($error = $this->_put('DATA'))) { return $error; } @@ -875,9 +950,40 @@ class Net_SMTP return $error; } - if (PEAR::isError($result = $this->_send($data . "\r\n.\r\n"))) { - return $result; + /* If we have a separate headers string, send it first. */ + if (!is_null($headers)) { + $this->quotedata($headers); + if (PEAR::isError($result = $this->_send($headers . "\r\n\r\n"))) { + return $result; + } } + + /* Now we can send the message body data. */ + if (is_resource($data)) { + /* Stream the contents of the file resource out over our socket + * connection, line by line. Each line must be run through the + * quoting routine. */ + while ($line = fgets($data, 1024)) { + $this->quotedata($line); + if (PEAR::isError($result = $this->_send($line))) { + return $result; + } + } + + /* Finally, send the DATA terminator sequence. */ + if (PEAR::isError($result = $this->_send("\r\n.\r\n"))) { + return $result; + } + } else { + /* Just send the entire quoted string followed by the DATA + * terminator. */ + $this->quotedata($data); + if (PEAR::isError($result = $this->_send($data . "\r\n.\r\n"))) { + return $result; + } + } + + /* Verify that the data was successfully received by the server. */ if (PEAR::isError($error = $this->_parseResponse(250, $this->pipelining))) { return $error; }