X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fmail%2FUserMailer.php;h=21effa0e02d7a25a09c94a43a300a53944649a68;hb=8c1086225d413bca03e2fce7b8f947e68d0a3a7e;hp=1c7fb9857b9b4f67b2345e8d261df191a969363e;hpb=dcf70dfbcd7d58570e42d50368c430bbe67c2f36;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/mail/UserMailer.php b/includes/mail/UserMailer.php index 1c7fb9857b..21effa0e02 100644 --- a/includes/mail/UserMailer.php +++ b/includes/mail/UserMailer.php @@ -107,9 +107,6 @@ class UserMailer { * 'contentType' string default 'text/plain; charset=UTF-8' * 'headers' array Extra headers to set * - * Previous versions of this function had $replyto as the 5th argument and $contentType - * as the 6th. These are still supported for backwards compatability, but deprecated. - * * @throws MWException * @throws Exception * @return Status @@ -117,14 +114,6 @@ class UserMailer { public static function send( $to, $from, $subject, $body, $options = [] ) { global $wgAllowHTMLEmail; - if ( !is_array( $options ) ) { - // Old calling style - wfDeprecated( __METHOD__ . ' with $replyto as 5th parameter', '1.26' ); - $options = [ 'replyTo' => $options ]; - if ( func_num_args() === 6 ) { - $options['contentType'] = func_get_arg( 5 ); - } - } if ( !isset( $options['contentType'] ) ) { $options['contentType'] = 'text/plain; charset=UTF-8'; } @@ -279,7 +268,14 @@ class UserMailer { // Add the envelope sender address using the -f command line option when PHP mail() is used. // Will default to the $from->address when the UserMailerChangeReturnPath hook fails and the // generated VERP address when the hook runs effectively. - $extraParams .= ' -f ' . $returnPath; + + // PHP runs this through escapeshellcmd(). However that's not sufficient + // escaping (e.g. due to spaces). MediaWiki's email sanitizer should generally + // be good enough, but just in case, put in double quotes, and remove any + // double quotes present (" is not allowed in emails, so should have no + // effect, although this might cause apostrophees to be double escaped) + $returnPathCLI = '"' . str_replace( '"', '', $returnPath ) . '"'; + $extraParams .= ' -f ' . $returnPathCLI; $headers['Return-Path'] = $returnPath; @@ -294,7 +290,7 @@ class UserMailer { ->getFullURL( '', false, PROTO_CANONICAL ) . '>'; // Line endings need to be different on Unix and Windows due to - // the bug described at http://trac.wordpress.org/ticket/2603 + // the bug described at https://core.trac.wordpress.org/ticket/2603 $endl = PHP_EOL; if ( is_array( $body ) ) {