This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2009 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * SMTP functions |
||
25 | * |
||
26 | * This module implements simple SMTP client. |
||
27 | * |
||
28 | * @package Engine |
||
29 | */ |
||
30 | |||
31 | /**#@+ |
||
32 | * Dependency. |
||
33 | */ |
||
34 | require_once('../engine/debug.php'); |
||
35 | /**#@-*/ |
||
36 | |||
37 | //------------------------------------------------------------------------------ |
||
38 | // Definitions. |
||
39 | //------------------------------------------------------------------------------ |
||
40 | |||
41 | /**#@+ |
||
42 | * Supported SMTP clients. |
||
43 | */ |
||
44 | define('SMTP_CLIENT_PHP', 1); // PHP MTA |
||
45 | define('SMTP_CLIENT_BUILDIN', 2); // build-in client |
||
46 | /**#@-*/ |
||
47 | |||
48 | //------------------------------------------------------------------------------ |
||
49 | // Functions. |
||
50 | //------------------------------------------------------------------------------ |
||
51 | |||
52 | /** |
||
53 | * Reads all response lines from opened SMTP session and returns SMTP response code. |
||
54 | * |
||
55 | * @param string $link Socket of active SMTP session. |
||
56 | * @return int TRUE if code of SMTP server response means SUCCESS (2xx/3xx), FALSE otherwise. |
||
57 | */ |
||
58 | function smtp_read_response ($link) |
||
59 | { |
||
60 | debug_write_log(DEBUG_TRACE, '[smtp_read_response]'); |
||
61 | |||
62 | stream_set_timeout($link, SMTP_SERVER_TIMEOUT); |
||
63 | |||
64 | while (($response = fgets($link)) !== FALSE) |
||
65 | { |
||
66 | debug_write_log(DEBUG_DUMP, '[smtp_read_response] ' . trim($response)); |
||
67 | |||
68 | if (substr($response, 3, 1) === ' ') |
||
69 | { |
||
70 | $code = intval(substr($response, 0, 3)); |
||
71 | |||
72 | return $code >= 200 && $code < 400; |
||
73 | } |
||
74 | } |
||
75 | |||
76 | return FALSE; |
||
77 | } |
||
78 | |||
79 | /** |
||
80 | * Sends specified email via SMTP. |
||
81 | * |
||
82 | * @param string $to Email addresses of recipients (comma-separated). |
||
83 | * @param string $subject Subject of the notification. |
||
84 | * @param string $message Body of the notification. |
||
85 | * @param string $headers Email headers. |
||
86 | * @return bool TRUE if the mail was successfully accepted for delivery, FALSE otherwise. |
||
87 | */ |
||
88 | function smtp_send_mail ($to, $subject, $message, $headers) |
||
89 | { |
||
90 | debug_write_log(DEBUG_TRACE, '[smtp_send_mail]'); |
||
91 | |||
92 | $link = fsockopen(SMTP_SERVER_NAME, SMTP_SERVER_PORT); |
||
93 | |||
94 | if ($link === FALSE) |
||
95 | { |
||
96 | debug_write_log(DEBUG_WARNING, '[smtp_send_mail] Connection to SMTP server cannot be established.'); |
||
97 | return FALSE; |
||
98 | } |
||
99 | |||
100 | View Code Duplication | if (!smtp_read_response($link)) |
|
0 ignored issues
–
show
|
|||
101 | { |
||
102 | debug_write_log(DEBUG_WARNING, '[smtp_send_mail] SMTP server replied a failure.'); |
||
103 | fclose($link); |
||
104 | return FALSE; |
||
105 | } |
||
106 | |||
107 | $requests = array('EHLO ' . php_uname('n')); |
||
108 | |||
109 | if (SMTP_USE_TLS) |
||
110 | { |
||
111 | array_push($requests, 'STARTTLS'); |
||
112 | } |
||
113 | |||
114 | if (strlen(SMTP_USERNAME) != 0) |
||
115 | { |
||
116 | array_push($requests, 'AUTH LOGIN'); |
||
117 | array_push($requests, base64_encode(SMTP_USERNAME)); |
||
118 | array_push($requests, base64_encode(SMTP_PASSWORD)); |
||
119 | } |
||
120 | |||
121 | array_push($requests, 'MAIL FROM:<' . SMTP_MAILFROM . '>'); |
||
122 | |||
123 | $recipients = explode(', ', $to); |
||
124 | |||
125 | foreach ($recipients as $recipient) |
||
126 | { |
||
127 | array_push($requests, 'RCPT TO:<' . $recipient . '>'); |
||
128 | } |
||
129 | |||
130 | foreach ($requests as $request) |
||
131 | { |
||
132 | debug_write_log(DEBUG_DUMP, '[smtp_send_mail] ' . $request); |
||
133 | fwrite($link, $request . "\n"); |
||
134 | |||
135 | View Code Duplication | if (!smtp_read_response($link)) |
|
0 ignored issues
–
show
$link is of type resource , but the function expects a string .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
136 | { |
||
137 | debug_write_log(DEBUG_WARNING, '[smtp_send_mail] SMTP server replied a failure.'); |
||
138 | fclose($link); |
||
139 | return FALSE; |
||
140 | } |
||
141 | |||
142 | if ($request == 'STARTTLS') |
||
143 | { |
||
144 | if (stream_socket_enable_crypto($link, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT)) |
||
145 | { |
||
146 | debug_write_log(DEBUG_NOTICE, '[smtp_send_mail] TLS encryption successfully initiated.'); |
||
147 | } |
||
148 | else |
||
149 | { |
||
150 | debug_write_log(DEBUG_WARNING, '[smtp_send_mail] TLS encryption failed.'); |
||
151 | fclose($link); |
||
152 | return FALSE; |
||
153 | } |
||
154 | } |
||
155 | } |
||
156 | |||
157 | debug_write_log(DEBUG_DUMP, '[smtp_send_mail] DATA'); |
||
158 | fwrite($link, "DATA\n"); |
||
159 | |||
160 | View Code Duplication | if (!smtp_read_response($link)) |
|
0 ignored issues
–
show
$link is of type resource , but the function expects a string .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
161 | { |
||
162 | debug_write_log(DEBUG_WARNING, '[smtp_send_mail] SMTP server replied a failure.'); |
||
163 | fclose($link); |
||
164 | return FALSE; |
||
165 | } |
||
166 | |||
167 | debug_write_log(DEBUG_DUMP, '[smtp_send_mail] ' . $headers); |
||
168 | debug_write_log(DEBUG_DUMP, '[smtp_send_mail] Subject: ' . $subject); |
||
169 | debug_write_log(DEBUG_DUMP, '[smtp_send_mail] ' . $message); |
||
170 | debug_write_log(DEBUG_DUMP, '[smtp_send_mail] .'); |
||
171 | |||
172 | fwrite($link, "{$headers}\r\n"); |
||
173 | fwrite($link, "Subject: {$subject}\r\n\r\n"); |
||
174 | fwrite($link, "{$message}\r\n"); |
||
175 | fwrite($link, ".\r\n"); |
||
176 | |||
177 | View Code Duplication | if (!smtp_read_response($link)) |
|
0 ignored issues
–
show
$link is of type resource , but the function expects a string .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
178 | { |
||
179 | debug_write_log(DEBUG_WARNING, '[smtp_send_mail] SMTP server replied a failure.'); |
||
180 | fclose($link); |
||
181 | return FALSE; |
||
182 | } |
||
183 | |||
184 | debug_write_log(DEBUG_DUMP, '[smtp_send_mail] QUIT'); |
||
185 | fwrite($link, "QUIT\n"); |
||
186 | |||
187 | fclose($link); |
||
188 | return TRUE; |
||
189 | } |
||
190 | |||
191 | ?> |
||
192 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: