Merge "Do not lose message parameters in UploadFromChunks::verifyChunk()"

[lhc/web/wiklou.git] / includes / mail / UserMailer.php

diff --git a/includes/mail/UserMailer.php b/includes/mail/UserMailer.php
index 464e7b8..21effa0 100644 (file)
--- a/includes/mail/UserMailer.php
+++ b/includes/mail/UserMailer.php
@@ -107,9 +107,6 @@ class UserMailer {
         *              'contentType' string default 'text/plain; charset=UTF-8'
         *              'headers' array Extra headers to set
         *
-        * Previous versions of this function had $replyto as the 5th argument and $contentType
-        * as the 6th. These are still supported for backwards compatability, but deprecated.
-        *
         * @throws MWException
         * @throws Exception
         * @return Status
@@ -117,14 +114,6 @@ class UserMailer {
        public static function send( $to, $from, $subject, $body, $options = [] ) {
                global $wgAllowHTMLEmail;
 
-               if ( !is_array( $options ) ) {
-                       // Old calling style
-                       wfDeprecated( __METHOD__ . ' with $replyto as 5th parameter', '1.26' );
-                       $options = [ 'replyTo' => $options ];
-                       if ( func_num_args() === 6 ) {
-                               $options['contentType'] = func_get_arg( 5 );
-                       }
-               }
                if ( !isset( $options['contentType'] ) ) {
                        $options['contentType'] = 'text/plain; charset=UTF-8';
                }
@@ -279,7 +268,14 @@ class UserMailer {
                // Add the envelope sender address using the -f command line option when PHP mail() is used.
                // Will default to the $from->address when the UserMailerChangeReturnPath hook fails and the
                // generated VERP address when the hook runs effectively.
-               $extraParams .= ' -f ' . $returnPath;
+
+               // PHP runs this through escapeshellcmd(). However that's not sufficient
+               // escaping (e.g. due to spaces). MediaWiki's email sanitizer should generally
+               // be good enough, but just in case, put in double quotes, and remove any
+               // double quotes present (" is not allowed in emails, so should have no
+               // effect, although this might cause apostrophees to be double escaped)
+               $returnPathCLI = '"' . str_replace( '"', '', $returnPath ) . '"';
+               $extraParams .= ' -f ' . $returnPathCLI;
 
                $headers['Return-Path'] = $returnPath;
 
@@ -294,7 +290,7 @@ class UserMailer {
                        ->getFullURL( '', false, PROTO_CANONICAL ) . '>';
 
                // Line endings need to be different on Unix and Windows due to
-               // the bug described at http://trac.wordpress.org/ticket/2603
+               // the bug described at https://core.trac.wordpress.org/ticket/2603
                $endl = PHP_EOL;
 
                if ( is_array( $body ) ) {
@@ -501,12 +497,12 @@ class UserMailer {
                }
                $out = "=?$charset?Q?";
                $out .= preg_replace_callback( "/([$replace])/",
-                       [ __CLASS__, 'quotedPrintableCallback' ], $string );
+                       function ( $matches ) {
+                               return sprintf( "=%02X", ord( $matches[1] ) );
+                       },
+                       $string
+               );
                $out .= '?=';
                return $out;
        }
-
-       protected static function quotedPrintableCallback( $matches ) {
-               return sprintf( "=%02X", ord( $matches[1] ) );
-       }
 }