Issues (16)

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Email.php (1 issue)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/**
3
 * Jaeger
4
 *
5
 * @copyright	Copyright (c) 2015-2016, mithra62
6
 * @link		http://jaeger-app.com
7
 * @version		1.0
8
 * @filesource 	./Email.php
9
 */
10
namespace JaegerApp;
11
12
use JaegerApp\Exceptions\EmailException;
13
14
/**
15
 * Jaeger - Email Object
16
 *
17
 * Wrapper to send email
18
 *
19
 * @package Email
20
 * @author Eric Lamb <[email protected]>
21
 */
22
class Email
23
{
24
25
    /**
26
     * The email addresses we're sending to
27
     * 
28
     * @var array
29
     */
30
    protected $to = array();
31
32
    /**
33
     * The email subect language key
34
     * 
35
     * @var string
36
     */
37
    protected $subject = false;
38
39
    /**
40
     * The email message language key
41
     * 
42
     * @var string
43
     */
44
    protected $message = false;
45
46
    /**
47
     * What type of email to send (html or text)
48
     * 
49
     * @var string
50
     */
51
    protected $mailtype = 'html';
52
53
    /**
54
     * The mailtype values we allow
55
     * 
56
     * @var array
57
     */
58
    protected $allowed_mailtypes = array(
59
        'html',
60
        'txt'
61
    );
62
63
    /**
64
     * The View object
65
     * 
66
     * @var \JaegerApp\View
67
     */
68
    protected $view = null;
69
70
    /**
71
     * The Language object
72
     * 
73
     * @var \JaegerApp\Language
74
     */
75
    protected $lang = null;
76
77
    /**
78
     * The mailer object
79
     * 
80
     * @var Swift_mailer
81
     */
82
    protected $mailer = null;
83
84
    /**
85
     * The mailer logging object
86
     * 
87
     * @var Swift_Plugins_Loggers_ArrayLogger
88
     */
89
    protected $mailer_logger = null;
90
91
    /**
92
     * The email configuration
93
     * 
94
     * @var array
95
     */
96
    protected $config = array();
97
98
    /**
99
     * The view options
100
     * 
101
     * @var array
102
     */
103
    protected $view_options = array();
104
105
    /**
106
     * The tmeplate to use for view output
107
     * 
108
     * @var string
109
     */
110
    protected $view_template = '';
111
112
    /**
113
     * An array of files to add as attachments to emails
114
     * 
115
     * @var array A key => value pair of file path => new name
116
     */
117
    protected $attachemnts = array();
118
119
    /**
120
     * The format the configuration is expected in
121
     * 
122
     * @var array
123
     */
124
    private $config_prototype = array(
125
        'type' => 'smtp', // choose between `php` and `smtp`
126
        'smtp_options' => array( // if `smtp` chosen above, this must be completed and accurate
127
            'host' => '',
128
            'connection_config' => array(
129
                'username' => '',
130
                'password' => ''
131
            ),
132
            'port' => ''
133
        )
134
    );
135
136
    /**
137
     * Sets the Language object
138
     * 
139
     * @param \JaegerApp\Language $lang            
140
     * @return \JaegerApp\Email
141
     */
142
    public function setLang(\JaegerApp\Language $lang)
143
    {
144
        $this->lang = $lang;
145
        return $this;
146
    }
147
148
    /**
149
     * Returns an instance of the Language object
150
     * 
151
     * @return \JaegerApp\Language
152
     */
153
    public function getLang()
154
    {
155
        return $this->lang;
156
    }
157
158
    /**
159
     * Sets the View object
160
     * 
161
     * @param \JaegerApp\View $view            
162
     * @return \JaegerApp\Email
163
     */
164
    public function setView(\JaegerApp\View $view)
165
    {
166
        $this->view = $view;
167
        return $this;
168
    }
169
170
    /**
171
     * Returns an instance of the View object
172
     * 
173
     * @return \JaegerApp\View
174
     */
175
    public function getView()
176
    {
177
        return $this->view;
178
    }
179
180
    /**
181
     * Sets the email config
182
     * 
183
     * @param array $config            
184
     * @return \JaegerApp\Email
185
     */
186
    public function setConfig(array $config)
187
    {
188
        $this->config = $config;
189
        return $this;
190
    }
191
192
    /**
193
     * Compiles the options to use for the view
194
     * 
195
     * @param string $template            
196
     * @param array $view_data            
197
     * @return \JaegerApp\Email
198
     */
199
    public function setViewOptions($template, array $view_data = array())
200
    {
201
        $this->view_options = $view_data;
202
        $this->view_template = $template;
203
        return $this;
204
    }
205
206
    /**
207
     * Sets the TO email address
208
     *
209
     * Note that this method resets any previously added email addresses
210
     * 
211
     * @param string $to            
212
     * @return \JaegerApp\Email
213
     */
214
    public function setTo($to)
215
    {
216
        $this->to = (is_array($to) ? $to : array(
217
            $to
218
        ));
219
        return $this;
220
    }
221
222
    /**
223
     * Sets the email addresses to send to
224
     * 
225
     * @param string $to
226
     *            The Email address to send to
227
     * @return \JaegerApp\Email
228
     */
229
    public function addTo($to)
230
    {
231
        $this->to[] = $to;
232
        return $this;
233
    }
234
235
    /**
236
     * Adds an attachment to an email
237
     * 
238
     * @param string $file
239
     *            The full path to the attachment
240
     * @param string $name
241
     *            An alternative name to use for the attachment file
242
     */
243
    public function addAttachment($file, $name = false)
244
    {
245
        if (file_exists($file)) {
246
            $this->attachemnts[] = array(
247
                $file => $name
248
            );
249
        }
250
        
251
        return $this;
252
    }
253
254
    /**
255
     * Returns an array of attachments
256
     * 
257
     * @return string
258
     */
259
    public function getAttachments()
260
    {
261
        return $this->attachemnts;
262
    }
263
264
    /**
265
     * Returns the email addresses to send to
266
     */
267
    public function getTo()
268
    {
269
        return $this->to;
270
    }
271
272
    /**
273
     * Sets the email subject language key
274
     * 
275
     * @param string $subject
276
     *            The language key for the email subject
277
     */
278
    public function setSubject($subject)
279
    {
280
        $this->subject = $subject;
281
        return $this;
282
    }
283
284
    /**
285
     * Returns the email addresses to send to
286
     */
287
    public function getSubject()
288
    {
289
        return $this->subject;
290
    }
291
292
    /**
293
     * Returns the message language key
294
     * 
295
     * @return string
296
     */
297
    public function getMessage()
298
    {
299
        return $this->message;
300
    }
301
302
    /**
303
     * Set the email message language key
304
     * 
305
     * @param string $message
306
     *            Should be a language file key
307
     * @return \JaegerApp\Email
308
     */
309
    public function setMessage($message)
310
    {
311
        $this->message = $message;
312
        return $this;
313
    }
314
315
    /**
316
     * Returns the mailtype
317
     * 
318
     * @return string
319
     */
320
    public function getMailtype()
321
    {
322
        return $this->mailtype;
323
    }
324
325
    /**
326
     * Sets the mailtype
327
     * 
328
     * @param string $mailtype            
329
     * @return \JaegerApp\Email
330
     */
331
    public function setMailtype($mailtype)
332
    {
333
        $this->mailtype = $mailtype;
334
        return $this;
335
    }
336
337
    /**
338
     * Returns an instance of the mail object
339
     * 
340
     * @return Email\SwiftAbstract
341
     */
342
    public function getMailer()
343
    {
344
        if (is_null($this->mailer)) {
345
            if(class_exists('\Swift'))
346
            {
347
                if(version_compare(\Swift::VERSION, 4, '<=') && version_compare(\Swift::VERSION, 3, '>='))
348
                {
349
                    $mailer = new Email\Swift3($this->config);
350
                }
351
                else {
352
                    $mailer = new Email\Swift5($this->config);
353
                }
354
            }
355
            else {
356
                $mailer = new Email\Swift5($this->config); 
357
            }
358
            
359
            $this->mailer = $mailer;
360
        }
361
        
362
        return $this->mailer;
363
    }
364
365
    /**
366
     * Resets the email object
367
     * 
368
     * @return \JaegerApp\Email
369
     */
370
    public function clear()
371
    {
372
        $this->mailer = null;
373
        $this->to = $this->attachemnts = array();
374
        $this->subject = $this->message = false;
375
        return $this;
376
    }
377
378
    /**
379
     * Sends the email
380
     * 
381
     * @param array $vars            
382
     * @throws \InvalidArgumentException
383
     * @throws \InvalidArgumentException
384
     * @throws EmailException
385
     */
386
    public function send(array $vars = array())
387
    {
388
        if (count($this->getTo()) == 0) {
389
            throw new \InvalidArgumentException('A "To" email address is requried');
390
        }
391
        
392
        if ($this->getSubject() == '') {
393
            throw new \InvalidArgumentException('A subject for the email must be set');
394
        }
395
        
396
        if ($this->getMessage() == '') {
397
            throw new \InvalidArgumentException('There isn\'t a message set');
398
        }
399
        
400
        $valid_emails = array();
401
        foreach ($this->getTo() as $to) {
402
            if (filter_var(trim($to), FILTER_VALIDATE_EMAIL)) {
403
                $valid_emails[] = trim($to);
404
            }
405
        }
406
        
407
        if (! $valid_emails) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $valid_emails of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
408
            return;
409
        }
410
        
411
        $mailer = $this->getMailer();
412
        $subject = $this->getView()->render($this->getSubject(), $vars);
413
        $body_message = $this->getView()->render($this->getMessage(), $vars);
414
        $message = $mailer->getMessage($valid_emails, $this->config['from_email'], $this->config['sender_name'], $subject, $body_message, $this->getAttachments(), $this->getMailtype());
415
        
416
        if (! $mailer->send($message)) {
417
            throw new EmailException($this->getMailer()->ErrorInfo);
418
        }
419
        
420
        $this->clear();
421
    }
422
}