Skip to content
Snippets Groups Projects
Commit e297b647 authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Several security fix in using mailings.

parent b2fbef4a
No related branches found
No related tags found
No related merge requests found
...@@ -753,8 +753,9 @@ else ...@@ -753,8 +753,9 @@ else
$sendingmode=$conf->global->MAIN_MAIL_SENDMODE; $sendingmode=$conf->global->MAIN_MAIL_SENDMODE;
if (empty($sendingmode)) $sendingmode='mail'; // If not defined, we use php mail function if (empty($sendingmode)) $sendingmode='mail'; // If not defined, we use php mail function
// MAILING_NO_USING_PHPMAIL may be defined or not // MAILING_NO_USING_PHPMAIL may be defined or not.
// MAILING_LIMIT_SENDBYWEB is always defined to something != 0, MAILING_LIMIT_SENDBYCLI may be defined ot not. // MAILING_LIMIT_SENDBYWEB is always defined to something != 0 (-1=forbidden).
// MAILING_LIMIT_SENDBYCLI may be defined ot not (-1=forbidden, 0=no limit).
if (! empty($conf->global->MAILING_NO_USING_PHPMAIL) && $sendingmode == 'mail') if (! empty($conf->global->MAILING_NO_USING_PHPMAIL) && $sendingmode == 'mail')
{ {
// EMailing feature may be a spam problem, so when you host several users/instance, having this option may force each user to use their own SMTP agent. // EMailing feature may be a spam problem, so when you host several users/instance, having this option may force each user to use their own SMTP agent.
...@@ -794,7 +795,7 @@ else ...@@ -794,7 +795,7 @@ else
} }
$text.=$langs->trans('ConfirmSendingEmailing').'<br>'; $text.=$langs->trans('ConfirmSendingEmailing').'<br>';
$text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB); $text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id,$langs->trans('SendMailing'),$text,'sendallconfirmed',$formquestion,'',1,270); print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id,$langs->trans('SendMailing'),$text,'sendallconfirmed',$formquestion,'',1,300);
} }
} }
...@@ -832,24 +833,29 @@ else ...@@ -832,24 +833,29 @@ else
print $langs->trans("TotalNbOfDistinctRecipients"); print $langs->trans("TotalNbOfDistinctRecipients");
print '</td><td colspan="3">'; print '</td><td colspan="3">';
$nbemail = ($object->nbemail?$object->nbemail:img_warning('').' <font class="warning">'.$langs->trans("NoTargetYet").'</font>'); $nbemail = ($object->nbemail?$object->nbemail:img_warning('').' <font class="warning">'.$langs->trans("NoTargetYet").'</font>');
if ($object->statut != 3 && !empty($conf->global->MAILING_LIMIT_SENDBYWEB) && is_numeric($nbemail) && $conf->global->MAILING_LIMIT_SENDBYWEB < $nbemail) if ($object->statut != 3 && is_numeric($nbemail))
{
$text='';
if (! empty($conf->global->MAILING_LIMIT_SENDBYWEB) && $conf->global->MAILING_LIMIT_SENDBYWEB < $nbemail)
{ {
if ($conf->global->MAILING_LIMIT_SENDBYWEB > 0) if ($conf->global->MAILING_LIMIT_SENDBYWEB > 0)
{ {
$text=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB); $text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
print $form->textwithpicto($nbemail,$text,1,'warning');
} }
else else
{ {
$text=$langs->trans('NotEnoughPermissions'); $text.=$langs->trans('NotEnoughPermissions');
print $form->textwithpicto($nbemail,$text,1,'warning');
} }
}
if ($text)
{
print $form->textwithpicto($nbemail,$text,1,'warning');
} }
else else
{ {
print $nbemail; print $nbemail;
} }
}
print '</td></tr>'; print '</td></tr>';
// Other attributes // Other attributes
......
...@@ -251,11 +251,16 @@ $dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore'; ...@@ -251,11 +251,16 @@ $dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore';
$dolibarr_nocsrfcheck='0'; $dolibarr_nocsrfcheck='0';
// dolibarr_mailing_limit_sendbyweb // dolibarr_mailing_limit_sendbyweb
// Can set a limit for mailing send by web. Can be used for a restricted mode. // Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level.
// Default value: 0 (use database value if exist) // Default value: '25'
// Examples: // Examples: '-1' (sending by web is forbidden)
// $dolibarr_mailing_limit_sendbyweb='0'; // $dolibarr_mailing_limit_sendbyweb='25';
// dolibarr_mailing_limit_sendbycli
// Can set a limit for mailing send by cli. This overwrite database value. Can be used to restrict on OS level.
// Default value: '0' (no hard limit, use soft database value if exists)
// Examples: '-1' (sending by cli is forbidden)
// $dolibarr_mailing_limit_sendbycli='0';
//################## //##################
...@@ -274,18 +279,6 @@ $dolibarr_nocsrfcheck='0'; ...@@ -274,18 +279,6 @@ $dolibarr_nocsrfcheck='0';
// Examples: // Examples:
// $dolibarr_main_limit_users='0'; // $dolibarr_main_limit_users='0';
// dolibarr_mailing_limit_sendbyweb
// Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level.
// Default value: '0' (no overwrite, use database value if exists)
// Examples: '-1' (sending by web is forbidden)
// $dolibarr_mailing_limit_sendbyweb='0';
// dolibarr_mailing_limit_sendbycli
// Can set a limit for mailing send by cli. This overwrite database value. Can be used to restrict on OS level.
// Default value: '0' (no overwrite, use database value if exists)
// Examples: '-1' (sending by cli is forbidden)
// $dolibarr_mailing_limit_sendbycli='0';
// dolibarr_strict_mode // dolibarr_strict_mode
// Set this to 1 to enable the PHP strict mode. For dev environment only. // Set this to 1 to enable the PHP strict mode. For dev environment only.
// Default value: 0 (use database value if exist) // Default value: 0 (use database value if exist)
......
...@@ -483,27 +483,34 @@ class CMailFile ...@@ -483,27 +483,34 @@ class CMailFile
// Check number of recipient is lower or equal than MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL // Check number of recipient is lower or equal than MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL
if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL=10; if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL=10;
$tmparray = explode(',', $this->addr_to); $tmparray1 = explode(',', $this->addr_to);
if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL) if (count($tmparray1) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL)
{ {
$this->error = 'Too much recipients in to:'; $this->error = 'Too much recipients in to:';
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING); dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
return false; return false;
} }
$tmparray = explode(',', $this->addr_cc); $tmparray2 = explode(',', $this->addr_cc);
if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL) if (count($tmparray2) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL)
{ {
$this->error = 'Too much recipients in cc:'; $this->error = 'Too much recipients in cc:';
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING); dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
return false; return false;
} }
$tmparray = explode(',', $this->addr_bcc); $tmparray3 = explode(',', $this->addr_bcc);
if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL) if (count($tmparray3) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL)
{ {
$this->error = 'Too much recipients in bcc:'; $this->error = 'Too much recipients in bcc:';
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING); dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
return false; return false;
} }
if ((count($tmparray1)+count($tmparray2)+count($tmparray3)) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
{
$this->error = 'Too much recipients in to:, cc:, bcc:';
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
return false;
}
// Action according to choosed sending method // Action according to choosed sending method
if ($conf->global->MAIN_MAIL_SENDMODE == 'mail') if ($conf->global->MAIN_MAIL_SENDMODE == 'mail')
......
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
*/ */
if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr'); if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr');
if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.3'); if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.4');
if (! defined('EURO')) define('EURO',chr(128)); if (! defined('EURO')) define('EURO',chr(128));
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment