lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #14187 from atm-john/10.0_fix_email_spoofing

Browse Source 
Fix email spoofing - with hidden conf
This commit is contained in:
Laurent Destailleur 2020-07-06 12:01:35 +02:00 committed by GitHub
commit eb7f3b81d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/core/class/CMailFile.class.php
View File

@ -420,7 +420,20 @@ class CMailFile
//$this->message->setFrom(array('john@doe.com' => 'John Doe'));
if (!empty($from)) {
try {
$result = $this->message->setFrom($this->getArrayAddress($from));
if (! empty($conf->global->MAIN_FORCE_DISABLE_MAIL_SPOOFING)) {
// Prevent email spoofing for smtp server with a strict configuration
$regexp = '/([a-z0-9_\.\-\+])+\@(([a-z0-9\-])+\.)+([a-z0-9]{2,4})+/i'; // This regular expression extracts all emails from a string
$emailMatchs = preg_match_all($regexp, $from, $adressEmailFrom);
$adressEmailFrom = reset($adressEmailFrom);
if ($emailMatchs !== false && filter_var($conf->global->MAIN_MAIL_SMTPS_ID, FILTER_VALIDATE_EMAIL) && $conf->global->MAIN_MAIL_SMTPS_ID !== $adressEmailFrom)
{
$result = $this->message->setFrom($conf->global->MAIN_MAIL_SMTPS_ID);
} else {
$result = $this->message->setFrom($this->getArrayAddress($from));
}
} else {
$result = $this->message->setFrom($this->getArrayAddress($from));
}
} catch (Exception $e) {
$this->errors[] = $e->getMessage();
}