Update fMailbox.php handling 5.6+ Security#218
Open
BrendonKoz wants to merge 4 commits intoflourishlib:masterfrom
Open
Update fMailbox.php handling 5.6+ Security#218BrendonKoz wants to merge 4 commits intoflourishlib:masterfrom
BrendonKoz wants to merge 4 commits intoflourishlib:masterfrom
Conversation
As of PHP version 5.6 there is much stricter security checking being done on various levels. Flourish's excellent Mailbox class unfortunately isn't up-to-date enough to handle the new restrictions by default. This fix is simply a fallback to allow for its previous level of functionality. It bypasses the new security implementations that PHP 5.6 brings to the table, but users of Gmail's mail server, or users of shared hosting will be able to continue to use this library with the class as expected. (It has to do with domain mismatch.)
Fixes an issue with how Microsoft Exchange (2010) and Outlook Web Access incorrectly handles some file attachment types and therefore cause the attachment to be seen as an inline attachment, but with no ability to recover the file from the body.
Author
|
Also fixed an issue with Exchange server's OWA attachments. See Issue #220 for further explanation. |
In most circumstances there's little reason to need to know the filename of the related email attachments (those embedded in to the body of the email) since most email clients render HTML now. However, when rendered in plaintext and the related file becomes an attachment, there's no filename that can be provided for the attachment, only the data and the mimetype. I'm not sure if this was simply an oversight or it was purposefully left out. I can't personally think of a reason not to provide the filename *if it's provided*, and if it's not the value will simply be blank as is the case with "inline" or embedded attachment types as well. At least this way a file extension can be provided to associate the file with an application. This change simply moves the detection of content_id and inline attachments inside the test for **$has_disposition** in the __handleParts()__ method.
Author
|
Added the ability to recover, if provided, the filename of "related" attachment types in the case of plaintext emails (or programmatic systems) needing access to the downloaded file(s) and its type (file extensions are super handy here). This was the only attachment type that did not include the filename value in its data array. See commit 9d29ac0 |
Fixes cases where email clients do not separate the *references* in the header with a simple space, or space character. The RFC somehow even allows textual comments between references. By simply splitting on everything not a closing angle bracket after an open angle bracket (non-greedy) this should work and split the string to an array, as expected, for all edge cases.
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As of PHP version 5.6 there is much stricter security checking being done on various levels. Flourish's excellent Mailbox class unfortunately isn't up-to-date enough to handle the new restrictions by default. This fix is simply a fallback to allow for its previous level of functionality. It bypasses the new security implementations that PHP 5.6 brings to the table, but users of Gmail's mail server, or users of shared hosting will be able to continue to use this library with the class as expected. (It has to do with domain mismatch.)