8000 Add cid default domain by mariuszkrzaczkowski · Pull Request #3036 · PHPMailer/PHPMailer · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add cid default domain #3036

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add cid default domain #3036

wants to merge 2 commits into from

Conversation

mariuszkrzaczkowski
Copy link

In reference to issue 3031, I have prepared a patch

@Synchro
Copy link
Member
Synchro commented Mar 15, 2024
edited
Loading

This is simple, but it opens the door for people setting it to an empty string, something too long, containing spaces, or other invalid value, which would result in invalid cids. I'd suggest either making it protected and using a setter method (that validates it), or validating the value before using it, and if it's invalid, reverting to a fixed (but valid) string. Also, this needs test coverage.

@Synchro
Copy link
Member
Synchro commented Mar 15, 2024

Another thought: this issue only occurs inside msgHTML(), so it would seem sensible to add it as an optional param to that method. That way we don't need a new property (we already have too many), and can inline the validation for it, so don't need a new method either.

@mariuszkrzaczkowski
Copy link
Author

I've added some corrections, check them out

@Synchro
Copy link
Member
Synchro commented Mar 19, 2024

While that's much neater, the default of a for the domain is as identifiable as the original phpmailer.0 default so it's not solving much from a security perspective (though obviously it is if you populate the parameter). Also I recall that there was something that required a . within the domain part, so that it would parse as a domain, but didn't need to actually exist, hence the current .0.

@mariuszkrzaczkowski
Copy link
Author

To make it work automatically, maybe let's set $cid_domain to the sender's domain from $this->From ?

@mariuszkrzaczkowski
Copy link
Author

maybe something like that?

    public function msgHTML($message, $basedir = '', $advanced = false)
    {
        $cid_domain = '@phpmailer.0';
        if (filter_var($this->From, FILTER_VALIDATE_EMAIL)) {
            //prepend with a character to create valid RFC822 string in order to validate
            $cid_domain = substr( $this->From, strpos( $this->From, '@') + 1);
        }

        preg_match_all('/(?<!-)(src|background)=["\'](.*)["\']/Ui', $message, $images);

@mariuszkrzaczkowski
Copy link
Author
mariuszkrzaczkowski commented Mar 26, 2024
edited
Loading

@Synchro Any comment on this?

@Synchro
Copy link
Member
Synchro commented Oct 2, 2024

Apologies for the late response. That's a much better idea, and I'm looking at doing that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joangava joangava joangava approved these changes

@Shinogreat Shinogreat Shinogreat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mariuszkrzaczkowski @Synchro @joangava @Shinogreat
0