mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Several security fix in using mailings.
This commit is contained in:
Laurent Destailleur
parent
b2fbef4a91
commit
e297b64722
|
|
@ -753,8 +753,9 @@ else
|
|||
$sendingmode=$conf->global->MAIN_MAIL_SENDMODE;
|
||||
if (empty($sendingmode)) $sendingmode='mail'; // If not defined, we use php mail function
|
||||
|
||||
// MAILING_NO_USING_PHPMAIL may be defined or not
|
||||
// MAILING_LIMIT_SENDBYWEB is always defined to something != 0, MAILING_LIMIT_SENDBYCLI may be defined ot not.
|
||||
// MAILING_NO_USING_PHPMAIL may be defined or not.
|
||||
// MAILING_LIMIT_SENDBYWEB is always defined to something != 0 (-1=forbidden).
|
||||
// MAILING_LIMIT_SENDBYCLI may be defined ot not (-1=forbidden, 0=no limit).
|
||||
if (! empty($conf->global->MAILING_NO_USING_PHPMAIL) && $sendingmode == 'mail')
|
||||
{
|
||||
// EMailing feature may be a spam problem, so when you host several users/instance, having this option may force each user to use their own SMTP agent.
|
||||
|
|
@ -794,7 +795,7 @@ else
|
|||
}
|
||||
$text.=$langs->trans('ConfirmSendingEmailing').'<br>';
|
||||
$text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
|
||||
print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id,$langs->trans('SendMailing'),$text,'sendallconfirmed',$formquestion,'',1,270);
|
||||
print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id,$langs->trans('SendMailing'),$text,'sendallconfirmed',$formquestion,'',1,300);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -832,23 +833,28 @@ else
|
|||
print $langs->trans("TotalNbOfDistinctRecipients");
|
||||
print '</td><td colspan="3">';
|
||||
$nbemail = ($object->nbemail?$object->nbemail:img_warning('').' <font class="warning">'.$langs->trans("NoTargetYet").'</font>');
|
||||
if ($object->statut != 3 && !empty($conf->global->MAILING_LIMIT_SENDBYWEB) && is_numeric($nbemail) && $conf->global->MAILING_LIMIT_SENDBYWEB < $nbemail)
|
||||
if ($object->statut != 3 && is_numeric($nbemail))
|
||||
{
|
||||
if ($conf->global->MAILING_LIMIT_SENDBYWEB > 0)
|
||||
{
|
||||
$text=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
|
||||
print $form->textwithpicto($nbemail,$text,1,'warning');
|
||||
}
|
||||
else
|
||||
{
|
||||
$text=$langs->trans('NotEnoughPermissions');
|
||||
print $form->textwithpicto($nbemail,$text,1,'warning');
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
print $nbemail;
|
||||
$text='';
|
||||
if (! empty($conf->global->MAILING_LIMIT_SENDBYWEB) && $conf->global->MAILING_LIMIT_SENDBYWEB < $nbemail)
|
||||
{
|
||||
if ($conf->global->MAILING_LIMIT_SENDBYWEB > 0)
|
||||
{
|
||||
$text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
|
||||
}
|
||||
else
|
||||
{
|
||||
$text.=$langs->trans('NotEnoughPermissions');
|
||||
}
|
||||
}
|
||||
if ($text)
|
||||
{
|
||||
print $form->textwithpicto($nbemail,$text,1,'warning');
|
||||
}
|
||||
else
|
||||
{
|
||||
print $nbemail;
|
||||
}
|
||||
}
|
||||
print '</td></tr>';
|
||||
|
||||
|
|
|
|||
|
|
@ -251,11 +251,16 @@ $dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore';
|
|||
$dolibarr_nocsrfcheck='0';
|
||||
|
||||
// dolibarr_mailing_limit_sendbyweb
|
||||
// Can set a limit for mailing send by web. Can be used for a restricted mode.
|
||||
// Default value: 0 (use database value if exist)
|
||||
// Examples:
|
||||
// $dolibarr_mailing_limit_sendbyweb='0';
|
||||
// Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level.
|
||||
// Default value: '25'
|
||||
// Examples: '-1' (sending by web is forbidden)
|
||||
// $dolibarr_mailing_limit_sendbyweb='25';
|
||||
|
||||
// dolibarr_mailing_limit_sendbycli
|
||||
// Can set a limit for mailing send by cli. This overwrite database value. Can be used to restrict on OS level.
|
||||
// Default value: '0' (no hard limit, use soft database value if exists)
|
||||
// Examples: '-1' (sending by cli is forbidden)
|
||||
// $dolibarr_mailing_limit_sendbycli='0';
|
||||
|
||||
|
||||
//##################
|
||||
|
|
@ -274,18 +279,6 @@ $dolibarr_nocsrfcheck='0';
|
|||
// Examples:
|
||||
// $dolibarr_main_limit_users='0';
|
||||
|
||||
// dolibarr_mailing_limit_sendbyweb
|
||||
// Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level.
|
||||
// Default value: '0' (no overwrite, use database value if exists)
|
||||
// Examples: '-1' (sending by web is forbidden)
|
||||
// $dolibarr_mailing_limit_sendbyweb='0';
|
||||
|
||||
// dolibarr_mailing_limit_sendbycli
|
||||
// Can set a limit for mailing send by cli. This overwrite database value. Can be used to restrict on OS level.
|
||||
// Default value: '0' (no overwrite, use database value if exists)
|
||||
// Examples: '-1' (sending by cli is forbidden)
|
||||
// $dolibarr_mailing_limit_sendbycli='0';
|
||||
|
||||
// dolibarr_strict_mode
|
||||
// Set this to 1 to enable the PHP strict mode. For dev environment only.
|
||||
// Default value: 0 (use database value if exist)
|
||||
|
|
|
|||
|
|
@ -483,28 +483,35 @@ class CMailFile
|
|||
|
||||
// Check number of recipient is lower or equal than MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL
|
||||
if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL=10;
|
||||
$tmparray = explode(',', $this->addr_to);
|
||||
if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
|
||||
$tmparray1 = explode(',', $this->addr_to);
|
||||
if (count($tmparray1) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL)
|
||||
{
|
||||
$this->error = 'Too much recipients in to:';
|
||||
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
$tmparray = explode(',', $this->addr_cc);
|
||||
if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
|
||||
$tmparray2 = explode(',', $this->addr_cc);
|
||||
if (count($tmparray2) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL)
|
||||
{
|
||||
$this->error = 'Too much recipients in cc:';
|
||||
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
$tmparray = explode(',', $this->addr_bcc);
|
||||
if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
|
||||
$tmparray3 = explode(',', $this->addr_bcc);
|
||||
if (count($tmparray3) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL)
|
||||
{
|
||||
$this->error = 'Too much recipients in bcc:';
|
||||
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((count($tmparray1)+count($tmparray2)+count($tmparray3)) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
|
||||
{
|
||||
$this->error = 'Too much recipients in to:, cc:, bcc:';
|
||||
dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
// Action according to choosed sending method
|
||||
if ($conf->global->MAIN_MAIL_SENDMODE == 'mail')
|
||||
{
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
*/
|
||||
|
||||
if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr');
|
||||
if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.3');
|
||||
if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.4');
|
||||
|
||||
if (! defined('EURO')) define('EURO',chr(128));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user