From 64d62038cd8e2e69eb101c5256ea458cff98ae10 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 20 Nov 2011 04:15:44 -0500 Subject: [PATCH 1/4] [ticket/10446] DRY X-AntiAbuse header addition. PHPBB3-10446 --- phpBB/includes/acp/acp_email.php | 5 +---- phpBB/includes/acp/acp_inactive.php | 10 ++-------- phpBB/includes/acp/acp_users.php | 10 ++-------- phpBB/includes/functions_messenger.php | 12 ++++++++++++ phpBB/includes/ucp/ucp_activate.php | 5 +---- phpBB/includes/ucp/ucp_profile.php | 5 +---- phpBB/includes/ucp/ucp_register.php | 9 +++------ phpBB/includes/ucp/ucp_resend.php | 10 ++-------- phpBB/install/install_install.php | 5 +---- phpBB/memberlist.php | 5 +---- 10 files changed, 26 insertions(+), 50 deletions(-) diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index e98b7a19a5..29d6903691 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -195,10 +195,7 @@ class acp_email $messenger->template('admin_send_email', $used_lang); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->subject(htmlspecialchars_decode($subject)); $messenger->set_mail_priority($priority); diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index c93cbc457f..a4b2a3ca2f 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -118,10 +118,7 @@ class acp_inactive $messenger->to($row['user_email'], $row['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($row['username'])) @@ -209,10 +206,7 @@ class acp_inactive $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($row['username']), diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index abf1481000..590103d519 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -348,10 +348,7 @@ class acp_users $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), @@ -406,10 +403,7 @@ class acp_users $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username'])) diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 08c686d9e3..04b2502210 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -162,6 +162,18 @@ class messenger $this->extra_headers[] = trim($headers); } + /** + * Adds X-AntiAbuse headers + */ + function anti_abuse_headers($headers) + { + global $config, $user; + $this->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); + $this->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); + $this->headers('X-AntiAbuse: Username - ' . $user->data['username']); + $this->headers('X-AntiAbuse: User IP - ' . $user->ip); + } + /** * Set the email priority */ diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index b00c1b9f52..a1468895a9 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -117,10 +117,7 @@ class ucp_activate $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username'])) diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 65b32bd0c4..03a0e3d746 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -150,10 +150,7 @@ class ucp_profile $messenger->to($data['email'], $data['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($data['username']), diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 13b9945851..e3e719d63c 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -155,8 +155,8 @@ class ucp_register $this->tpl_name = 'ucp_agreement'; return; } - - + + // The CAPTCHA kicks in here. We can't help that the information gets lost on language change. if ($config['enable_confirm']) { @@ -366,10 +366,7 @@ class ucp_register $messenger->to($data['email'], $data['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 39e9be24a1..c1f9effb01 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -94,10 +94,7 @@ class ucp_resend $messenger->template(($coppa) ? 'coppa_resend_inactive' : 'user_resend_inactive', $user_row['user_lang']); $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), @@ -133,10 +130,7 @@ class ucp_resend $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username']), diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index ccdcf211f1..4a988bb80a 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1945,10 +1945,7 @@ class install_install extends module $messenger->to($data['board_email1'], $data['admin_name']); - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($data['admin_name']), diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 8169ee7a3e..f3af8fd44c 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -899,10 +899,7 @@ switch ($mode) $notify_type = NOTIFY_EMAIL; } - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); + $messenger->anti_abuse_headers(); $messenger->assign_vars(array( 'BOARD_CONTACT' => $config['board_contact'], From c68973a9e04c51e4a2eeec9c3276c9a89baa09e5 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 20 Nov 2011 04:17:42 -0500 Subject: [PATCH 2/4] [ticket/10446] RFC2047 encode user/server names in X-AntiAbuse headers. PHPBB3-10446 --- phpBB/includes/functions_messenger.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 04b2502210..a2ad51a42e 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -168,9 +168,9 @@ class messenger function anti_abuse_headers($headers) { global $config, $user; - $this->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); + $this->headers('X-AntiAbuse: Board servername - ' . mail_encode($config['server_name'])); $this->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $this->headers('X-AntiAbuse: Username - ' . $user->data['username']); + $this->headers('X-AntiAbuse: Username - ' . mail_encode($user->data['username'])); $this->headers('X-AntiAbuse: User IP - ' . $user->ip); } From a7077c91495521a8015a2e1dbbe587b2d97a8edc Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 20 Nov 2011 14:02:22 +0100 Subject: [PATCH 3/4] [ticket/10446] Remove leftover $headers parameter from anti_abuse_headers(). PHPBB3-10446 --- phpBB/includes/functions_messenger.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index a2ad51a42e..9087b1c8aa 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -165,9 +165,10 @@ class messenger /** * Adds X-AntiAbuse headers */ - function anti_abuse_headers($headers) + function anti_abuse_headers() { global $config, $user; + $this->headers('X-AntiAbuse: Board servername - ' . mail_encode($config['server_name'])); $this->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $this->headers('X-AntiAbuse: Username - ' . mail_encode($user->data['username'])); From 37c766819346b830cf184fdfae9407006a621b17 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 20 Nov 2011 16:35:31 +0100 Subject: [PATCH 4/4] [ticket/10446] Pass $config and $user via parameter to anti_abuse_headers(). PHPBB3-10446 --- phpBB/includes/acp/acp_email.php | 2 +- phpBB/includes/acp/acp_inactive.php | 4 ++-- phpBB/includes/acp/acp_users.php | 4 ++-- phpBB/includes/functions_messenger.php | 9 ++++++--- phpBB/includes/ucp/ucp_activate.php | 2 +- phpBB/includes/ucp/ucp_profile.php | 2 +- phpBB/includes/ucp/ucp_register.php | 2 +- phpBB/includes/ucp/ucp_resend.php | 4 ++-- phpBB/install/install_install.php | 2 +- phpBB/memberlist.php | 2 +- 10 files changed, 18 insertions(+), 15 deletions(-) diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 29d6903691..df0d44c0c5 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -195,7 +195,7 @@ class acp_email $messenger->template('admin_send_email', $used_lang); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->subject(htmlspecialchars_decode($subject)); $messenger->set_mail_priority($priority); diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index a4b2a3ca2f..f3f332d707 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -118,7 +118,7 @@ class acp_inactive $messenger->to($row['user_email'], $row['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($row['username'])) @@ -206,7 +206,7 @@ class acp_inactive $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($row['username']), diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 590103d519..4f58434a43 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -348,7 +348,7 @@ class acp_users $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), @@ -403,7 +403,7 @@ class acp_users $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username'])) diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 9087b1c8aa..91b361183c 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -164,11 +164,14 @@ class messenger /** * Adds X-AntiAbuse headers + * + * @param array $config Configuration array + * @param user $user A user object + * + * @return null */ - function anti_abuse_headers() + function anti_abuse_headers($config, $user) { - global $config, $user; - $this->headers('X-AntiAbuse: Board servername - ' . mail_encode($config['server_name'])); $this->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $this->headers('X-AntiAbuse: Username - ' . mail_encode($user->data['username'])); diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index a1468895a9..82c1937919 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -117,7 +117,7 @@ class ucp_activate $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username'])) diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 03a0e3d746..d35d13b6c1 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -150,7 +150,7 @@ class ucp_profile $messenger->to($data['email'], $data['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($data['username']), diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index e3e719d63c..4e8729db56 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -366,7 +366,7 @@ class ucp_register $messenger->to($data['email'], $data['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index c1f9effb01..4d181dba49 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -94,7 +94,7 @@ class ucp_resend $messenger->template(($coppa) ? 'coppa_resend_inactive' : 'user_resend_inactive', $user_row['user_lang']); $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), @@ -130,7 +130,7 @@ class ucp_resend $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username']), diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 4a988bb80a..8b073df44c 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1945,7 +1945,7 @@ class install_install extends module $messenger->to($data['board_email1'], $data['admin_name']); - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($data['admin_name']), diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index f3af8fd44c..b3c0bae16a 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -899,7 +899,7 @@ switch ($mode) $notify_type = NOTIFY_EMAIL; } - $messenger->anti_abuse_headers(); + $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'BOARD_CONTACT' => $config['board_contact'],