updated mimemail
This commit is contained in:
@@ -35,6 +35,10 @@ function mimemail_menu() {
|
||||
*/
|
||||
function mimemail_permission() {
|
||||
return array(
|
||||
'view mimemail user settings' => array(
|
||||
'title' => t('View Mime Mail user settings'),
|
||||
'description' => t('View user specific settings for Mime Mail.'),
|
||||
),
|
||||
'edit mimemail user settings' => array(
|
||||
'title' => t('Edit Mime Mail user settings'),
|
||||
'description' => t('Edit user specific settings for Mime Mail.'),
|
||||
@@ -85,6 +89,7 @@ function mimemail_user_view($account, $view_mode, $langcode) {
|
||||
$account->content['mimemail'] = array(
|
||||
'#type' => 'user_profile_category',
|
||||
'#title' => t('Email'),
|
||||
'#access' => user_access('view mimemail user settings'),
|
||||
);
|
||||
|
||||
$account->content['mimemail']['textonly'] = array(
|
||||
@@ -247,7 +252,9 @@ function mimemail_mailengine($op, $message = array()) {
|
||||
|
||||
$result = TRUE;
|
||||
foreach ($recipients as $to) {
|
||||
if (isset($return_path) && !empty($return_path)) {
|
||||
// We validate the return path, unless it is equal to the site mail, which
|
||||
// we assume to be safe.
|
||||
if (isset($return_path) && !empty($return_path) && (variable_get('site_mail', ini_get('sendmail_from')) === $return_path || mimemail_isshellsafe($return_path))) {
|
||||
if (isset($_SERVER['WINDIR']) || strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE) {
|
||||
// On Windows, PHP will use the value of sendmail_from for the
|
||||
// Return-Path header.
|
||||
@@ -359,7 +366,7 @@ function mimemail_prepare_message($message) {
|
||||
|
||||
$hook = array(
|
||||
'mimemail_message__' . $key,
|
||||
'mimemail_message__' . $module .'__'. $key,
|
||||
'mimemail_message__' . $module . '__' . $key,
|
||||
);
|
||||
|
||||
$variables = array(
|
||||
@@ -367,10 +374,13 @@ function mimemail_prepare_message($message) {
|
||||
'key' => $key,
|
||||
'recipient' => $to,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
'body' => $body,
|
||||
'message' => $message
|
||||
);
|
||||
|
||||
$body = theme($hook, $variables);
|
||||
if (!$plain) {
|
||||
$body = theme($hook, $variables);
|
||||
}
|
||||
|
||||
foreach (module_implements('mail_post_process') as $module) {
|
||||
$function = $module . '_mail_post_process';
|
||||
@@ -390,3 +400,22 @@ function mimemail_prepare_message($message) {
|
||||
|
||||
return $message;
|
||||
}
|
||||
|
||||
/**
|
||||
* Disallows potentially unsafe shell characters.
|
||||
*
|
||||
* @param string $string
|
||||
* The string to be validated.
|
||||
*
|
||||
* @return bool
|
||||
* True if the string is shell-safe.
|
||||
*/
|
||||
function mimemail_isshellsafe($string) {
|
||||
if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))) {
|
||||
return FALSE;
|
||||
}
|
||||
if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) {
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user