security updates
have to check views and entityreference for custom patches
This commit is contained in:
Bachir Soussi Chiadmi
@@ -26,16 +26,18 @@ function mimemail_rfc_headers($headers) {
|
||||
// Collapse spaces and get rid of newline characters.
|
||||
$value = preg_replace('/(\s+|\n|\r|^\s|\s$)/', ' ', $value);
|
||||
// Fold headers if they're too long.
|
||||
// A CRLF may be inserted before any WSP.
|
||||
// @see http://tools.ietf.org/html/rfc2822#section-2.2.3
|
||||
if (drupal_strlen($value) > 60) {
|
||||
// If there's a semicolon, use that to separate.
|
||||
if (count($array = preg_split('/;\s*/', $value)) > 1) {
|
||||
$value = trim(join(";$crlf ", $array));
|
||||
$value = trim(join(";$crlf ", $array));
|
||||
}
|
||||
else {
|
||||
$value = wordwrap($value, 50, "$crlf ", FALSE);
|
||||
$value = wordwrap($value, 50, "$crlf ", FALSE);
|
||||
}
|
||||
}
|
||||
$header .= "$key: $value$crlf";
|
||||
$header .= $key . ":" . $value . $crlf;
|
||||
}
|
||||
return trim($header);
|
||||
}
|
||||
@@ -64,8 +66,9 @@ function mimemail_headers($headers, $from = NULL) {
|
||||
}
|
||||
// This may not work. The MTA may rewrite the Return-Path.
|
||||
if (!isset($headers['Return-Path']) || $headers['Return-Path'] == $default_from) {
|
||||
preg_match('/[a-z\d\-\.\+_]+@(?:[a-z\d\-]+\.)+[a-z\d]{2,4}/i', $from, $matches);
|
||||
$headers['Return-Path'] = "<$matches[0]>";
|
||||
if (preg_match('/[a-z\d\-\.\+_]+@(?:[a-z\d\-]+\.)+[a-z\d]{2,4}/i', $from, $matches)) {
|
||||
$headers['Return-Path'] = "<$matches[0]>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -185,6 +188,12 @@ function _mimemail_file($url = NULL, $content = NULL, $name = '', $type = '', $d
|
||||
}
|
||||
|
||||
if (isset($file) && (@is_file($file) || $content)) {
|
||||
$public_path = file_default_scheme() . '://';
|
||||
$no_access = !user_access('send arbitrary files');
|
||||
$not_in_public_path = strpos(drupal_realpath($file), drupal_realpath($public_path)) !== 0;
|
||||
if (@is_file($file) && $not_in_public_path && $no_access) {
|
||||
return $url;
|
||||
}
|
||||
|
||||
if (!$name) {
|
||||
$name = (@is_file($file)) ? basename($file) : 'attachment.dat';
|
||||
@@ -250,7 +259,10 @@ function _mimemail_file($url = NULL, $content = NULL, $name = '', $type = '', $d
|
||||
* - headers: An array that includes some headers for the mail to be sent.
|
||||
*/
|
||||
function mimemail_multipart_body($parts, $content_type = 'multipart/mixed; charset=utf-8', $sub_part = FALSE) {
|
||||
$boundary = md5(uniqid($_SERVER['REQUEST_TIME'], TRUE));
|
||||
// Control variable to avoid boundary collision.
|
||||
static $part_num = 0;
|
||||
|
||||
$boundary = sha1(uniqid($_SERVER['REQUEST_TIME'], TRUE)) . $part_num++;
|
||||
$body = '';
|
||||
$headers = array(
|
||||
'Content-Type' => "$content_type; boundary=\"$boundary\"",
|
||||
@@ -423,35 +435,41 @@ function mimemail_html_body($body, $subject, $plain = FALSE, $plaintext = NULL,
|
||||
*
|
||||
* @param string $url
|
||||
* The file path.
|
||||
* @param boolean $to_embed
|
||||
* (optional) Wheter the URL is used to embed the file. Defaults to NULL.
|
||||
*
|
||||
* @return string
|
||||
* A processed URL.
|
||||
*/
|
||||
function _mimemail_url($url, $embed_file = NULL) {
|
||||
function _mimemail_url($url, $to_embed = NULL) {
|
||||
global $base_url;
|
||||
$url = urldecode($url);
|
||||
|
||||
// If the URL is absolute or a mailto, return it as-is.
|
||||
if (strpos($url, '://') !== FALSE || preg_match('!(mailto|callto|tel)\:!', $url)) {
|
||||
$url = str_replace(' ', '%20', $url);
|
||||
return $url;
|
||||
}
|
||||
// If the image embedding is disabled, return the absolute URL for the image.
|
||||
elseif (variable_get('mimemail_linkonly', 0) && preg_match('!\.(png|gif|jpg|jpeg)$!i', $url)) {
|
||||
$url = $base_url . $url;
|
||||
$url = str_replace(' ', '%20', $url);
|
||||
return $url;
|
||||
}
|
||||
$to_link = variable_get('mimemail_linkonly', 0);
|
||||
$is_image = preg_match('!\.(png|gif|jpg|jpeg)!i', $url);
|
||||
$is_absolute = file_uri_scheme($url) != FALSE || preg_match('!(mailto|callto|tel)\:!', $url);
|
||||
|
||||
$url = preg_replace('!^' . base_path() . '!', '', $url, 1);
|
||||
|
||||
// If we're processing to embed the file, we're done here so return.
|
||||
if ($embed_file) {
|
||||
return $url;
|
||||
if (!$to_embed) {
|
||||
if ($is_absolute) {
|
||||
return str_replace(' ', '%20', $url);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$url = preg_replace('!^' . base_path() . '!', '', $url, 1);
|
||||
if ($is_image) {
|
||||
if ($to_link) {
|
||||
// Exclude images from embedding if needed.
|
||||
$url = file_create_url($url);
|
||||
$url = str_replace(' ', '%20', $url);
|
||||
}
|
||||
else {
|
||||
// Remove security token from URL, this allows for styled image embedding.
|
||||
// @see https://drupal.org/drupal-7.20-release-notes
|
||||
$url = preg_replace('/\\?itok=.*$/', '', $url);
|
||||
}
|
||||
|
||||
if (!preg_match('!^\?q=*!', $url)) {
|
||||
$strip_clean = TRUE;
|
||||
}
|
||||
return $url;
|
||||
}
|
||||
|
||||
$url = str_replace('?q=', '', $url);
|
||||
@@ -493,7 +511,7 @@ function _mimemail_url($url, $embed_file = NULL) {
|
||||
$url = url($path, $options);
|
||||
|
||||
// If url() added a ?q= where there should not be one, remove it.
|
||||
if (isset($strip_clean) && $strip_clean) {
|
||||
if (preg_match('!^\?q=*!', $url)) {
|
||||
$url = preg_replace('!\?q=!', '', $url);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user