* @param MailAddress $from Sender's email
* @param string $subject Email's subject.
* @param string $body Email's text or Array of two strings to be the text and html bodies
- * @param array $options:
- * 'replyTo' MailAddress
- * 'contentType' string default 'text/plain; charset=UTF-8'
- * 'headers' array Extra headers to set
+ * @param array $options Keys:
+ * 'replyTo' MailAddress
+ * 'contentType' string default 'text/plain; charset=UTF-8'
+ * 'headers' array Extra headers to set
*
* @throws MWException
* @throws Exception
// first send to non-split address list, then to split addresses one by one
$status = Status::newGood();
if ( $to ) {
- $status->merge( UserMailer::sendInternal(
+ $status->merge( self::sendInternal(
$to, $from, $subject, $body, $options ) );
}
foreach ( $splitTo as $newTo ) {
- $status->merge( UserMailer::sendInternal(
+ $status->merge( self::sendInternal(
[ $newTo ], $from, $subject, $body, $options ) );
}
return $status;
}
}
- return UserMailer::sendInternal( $to, $from, $subject, $body, $options );
+ return self::sendInternal( $to, $from, $subject, $body, $options );
}
/**
* @param MailAddress $from Sender's email
* @param string $subject Email's subject.
* @param string $body Email's text or Array of two strings to be the text and html bodies
- * @param array $options:
- * 'replyTo' MailAddress
- * 'contentType' string default 'text/plain; charset=UTF-8'
- * 'headers' array Extra headers to set
+ * @param array $options Keys:
+ * 'replyTo' MailAddress
+ * 'contentType' string default 'text/plain; charset=UTF-8'
+ * 'headers' array Extra headers to set
*
* @throws MWException
* @throws Exception
// Add the envelope sender address using the -f command line option when PHP mail() is used.
// Will default to the $from->address when the UserMailerChangeReturnPath hook fails and the
// generated VERP address when the hook runs effectively.
- $extraParams .= ' -f ' . $returnPath;
+
+ // PHP runs this through escapeshellcmd(). However that's not sufficient
+ // escaping (e.g. due to spaces). MediaWiki's email sanitizer should generally
+ // be good enough, but just in case, put in double quotes, and remove any
+ // double quotes present (" is not allowed in emails, so should have no
+ // effect, although this might cause apostrophees to be double escaped)
+ $returnPathCLI = '"' . str_replace( '"', '', $returnPath ) . '"';
+ $extraParams .= ' -f ' . $returnPathCLI;
$headers['Return-Path'] = $returnPath;