Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3439734

Timestamp:

01/14/2026 05:25:55 PM (2 months ago)

Author:

PierreLannoy

Message:

MailArchiver 4.4.0 released from GitHub

Location:

mailarchiver

Files:

: 16 edited
: 1 copied

tags/4.4.0 (copied) (copied from mailarchiver/trunk)
tags/4.4.0/CHANGELOG.md (modified) (1 diff)
tags/4.4.0/includes/features/class-capture.php (modified) (2 diffs)
tags/4.4.0/includes/listeners/class-abstractlistener.php (modified) (1 diff)
tags/4.4.0/includes/listeners/class-corelistener.php (modified) (1 diff)
tags/4.4.0/includes/listeners/class-wpmslistener.php (modified) (1 diff)
tags/4.4.0/init.php (modified) (1 diff)
tags/4.4.0/mailarchiver.php (modified) (1 diff)
tags/4.4.0/readme.txt (modified) (1 diff)
trunk/CHANGELOG.md (modified) (1 diff)
trunk/includes/features/class-capture.php (modified) (2 diffs)
trunk/includes/listeners/class-abstractlistener.php (modified) (1 diff)
trunk/includes/listeners/class-corelistener.php (modified) (1 diff)
trunk/includes/listeners/class-wpmslistener.php (modified) (1 diff)
trunk/init.php (modified) (1 diff)
trunk/mailarchiver.php (modified) (1 diff)
trunk/readme.txt (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

mailarchiver/tags/4.4.0/CHANGELOG.md

-                      r3400895
+                      r3439734
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and **MailArchiver** adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [4.4.0] - 2026-01-14
+### Added
+- Compatibility with `name <email@example.com>` email addresses (thanks to [Willy Bahuaud](https://github.com/willybahuaud)).
+### Fixed
+- [SEC005] XSS vulnerability in the "to" field (thanks to [Willy Bahuaud](https://github.com/willybahuaud)).
 ## [4.3.0] - 2025-11-22

mailarchiver/tags/4.4.0/includes/features/class-capture.php

-                      r2606924
+                      r3439734
      */
     public function __construct() {
+    }
+    /**
+     * Normalizes "to" fields.
+     *
+     * @param   array  $tos    The tos.
+     * @return  array  The normalized tos.
+     * @since    4.4.0
+     */
+    private static function to( $tos ) {
+        $result = [];
+        if ( 0 < count( $tos ) ) {
+            foreach ( $tos as $to ) {
+                if ( str_contains( $to, '@' ) ) {
+                    $result[] = $to;
+                } else {
+                    $result[] = '[malformed email address]';
+                }
+            }
+        } else {
+            $result[] = '[malformed email address]';
+        }
+        return $result;
+    }
 …
                 $mail['from'] = self::from( $mail['headers'] );
+            }
+            if ( array_key_exists( 'to', $mail ) ) {
+                $mail['to'] = self::to( $mail['to'] );
+            }
             $mail['attachments'] = self::attachments( $mail['attachments'] );
             $mail['headers']     = self::headers( $mail['headers'] );

mailarchiver/tags/4.4.0/includes/listeners/class-abstractlistener.php

-                      r2552008
+                      r3439734
     /**
+     * Recursively get all "to" email adresses.
+     *
+     * @since    4.3.1
+     */
+    protected function get_all_emails( $a, &$result ) {
+        if ( is_array( $a ) ) {
+            foreach ( $a as $item ) {
+                $this->get_all_emails( $item, $result );
+            }
+        }
+        if ( is_object( $a ) ) {
+            foreach ( (array) $a as $item ) {
+                $this->get_all_emails( $item, $result );
+            }
+        }
+        if ( is_string( $a ) && str_contains( $a, '@' ) ) {
+            if ( preg_match( "/[a-z0-9!#$%&'+\/=?^_{|}~-]+[a-z0-9!#$%&'*+\/.=?^_{|}~-]+@[\p{L}.-]+[\p{L}0-9]+/iu", $a, $matches ) ) {
+                if ( 1 === count( $matches ) ) {
+                    $result[] = $matches[0] ;
+                }
+            }
+        }
+    }
+    /**
      * Sets the listener properties.
+     *

mailarchiver/tags/4.4.0/includes/listeners/class-corelistener.php

-                      r3195019
+                      r3439734
     /**
-     * Recursively get all "to" email adresses.
+     *
-     * @since    1.0.0
-     */
-    private function get_all_emails( $a, &$result ) {
-        if ( is_array( $a ) ) {
-            foreach ( $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_object( $a ) ) {
-            foreach ( (array) $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_string( $a ) && false !== strpos( $a, '@' ) ) {
-            $result[] = trim( $a) ;
+        }
+    }
-    /**
      * "wp_mail" event.
+     *

mailarchiver/tags/4.4.0/includes/listeners/class-wpmslistener.php

-                      r2552008
+                      r3439734
     /**
-     * Recursively get all "to" email adresses.
+     *
-     * @since    1.0.0
-     */
-    private function get_all_emails( $a, &$result ) {
-        if ( is_array( $a ) ) {
-            foreach ( $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_object( $a ) ) {
-            foreach ( (array) $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_string( $a ) && false !== strpos( $a, '@' ) ) {
-            $result[] = trim( $a) ;
+        }
+    }
-    /**
      * "phpmailer_init" action.
+     *

mailarchiver/tags/4.4.0/init.php

r3400895	r3439734
13	13	define( 'MAILARCHIVER_PRODUCT_ABBREVIATION', 'mailarchiver' );
14	14	define( 'MAILARCHIVER_SLUG', 'mailarchiver' );
15		define( 'MAILARCHIVER_VERSION', '4.3.0' );
	15	define( 'MAILARCHIVER_VERSION', '4.4.0' );
16	16	define( 'MAILARCHIVER_MONOLOG_VERSION', '2.9.3' );
17	17	define( 'MAILARCHIVER_CODENAME', '"-"' );

mailarchiver/tags/4.4.0/mailarchiver.php

r3400895	r3439734
11	11	* Plugin URI: https://perfops.one/mailarchiver
12	12	* Description: Automatically archive and store all emails sent from your site.
13		* Version: 4.3.0
	13	* Version: 4.4.0
14	14	* Requires at least: 6.2
15	15	* Requires PHP: 8.1

mailarchiver/tags/4.4.0/readme.txt

r3400895	r3439734
5	5	Requires PHP: 8.1
6	6	Tested up to: 6.9
7		Stable tag: 4.3.0
	7	Stable tag: 4.4.0
8	8	License: GPLv3
9	9	License URI: https://www.gnu.org/licenses/gpl-3.0.html

mailarchiver/trunk/CHANGELOG.md

-                      r3400895
+                      r3439734
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and **MailArchiver** adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [4.4.0] - 2026-01-14
+### Added
+- Compatibility with `name <email@example.com>` email addresses (thanks to [Willy Bahuaud](https://github.com/willybahuaud)).
+### Fixed
+- [SEC005] XSS vulnerability in the "to" field (thanks to [Willy Bahuaud](https://github.com/willybahuaud)).
 ## [4.3.0] - 2025-11-22

mailarchiver/trunk/includes/features/class-capture.php

-                      r2606924
+                      r3439734
      */
     public function __construct() {
+    }
+    /**
+     * Normalizes "to" fields.
+     *
+     * @param   array  $tos    The tos.
+     * @return  array  The normalized tos.
+     * @since    4.4.0
+     */
+    private static function to( $tos ) {
+        $result = [];
+        if ( 0 < count( $tos ) ) {
+            foreach ( $tos as $to ) {
+                if ( str_contains( $to, '@' ) ) {
+                    $result[] = $to;
+                } else {
+                    $result[] = '[malformed email address]';
+                }
+            }
+        } else {
+            $result[] = '[malformed email address]';
+        }
+        return $result;
+    }
 …
                 $mail['from'] = self::from( $mail['headers'] );
+            }
+            if ( array_key_exists( 'to', $mail ) ) {
+                $mail['to'] = self::to( $mail['to'] );
+            }
             $mail['attachments'] = self::attachments( $mail['attachments'] );
             $mail['headers']     = self::headers( $mail['headers'] );

mailarchiver/trunk/includes/listeners/class-abstractlistener.php

-                      r2552008
+                      r3439734
     /**
+     * Recursively get all "to" email adresses.
+     *
+     * @since    4.3.1
+     */
+    protected function get_all_emails( $a, &$result ) {
+        if ( is_array( $a ) ) {
+            foreach ( $a as $item ) {
+                $this->get_all_emails( $item, $result );
+            }
+        }
+        if ( is_object( $a ) ) {
+            foreach ( (array) $a as $item ) {
+                $this->get_all_emails( $item, $result );
+            }
+        }
+        if ( is_string( $a ) && str_contains( $a, '@' ) ) {
+            if ( preg_match( "/[a-z0-9!#$%&'+\/=?^_{|}~-]+[a-z0-9!#$%&'*+\/.=?^_{|}~-]+@[\p{L}.-]+[\p{L}0-9]+/iu", $a, $matches ) ) {
+                if ( 1 === count( $matches ) ) {
+                    $result[] = $matches[0] ;
+                }
+            }
+        }
+    }
+    /**
      * Sets the listener properties.
+     *

mailarchiver/trunk/includes/listeners/class-corelistener.php

-                      r3195019
+                      r3439734
     /**
-     * Recursively get all "to" email adresses.
+     *
-     * @since    1.0.0
-     */
-    private function get_all_emails( $a, &$result ) {
-        if ( is_array( $a ) ) {
-            foreach ( $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_object( $a ) ) {
-            foreach ( (array) $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_string( $a ) && false !== strpos( $a, '@' ) ) {
-            $result[] = trim( $a) ;
+        }
+    }
-    /**
      * "wp_mail" event.
+     *

mailarchiver/trunk/includes/listeners/class-wpmslistener.php

-                      r2552008
+                      r3439734
     /**
-     * Recursively get all "to" email adresses.
+     *
-     * @since    1.0.0
-     */
-    private function get_all_emails( $a, &$result ) {
-        if ( is_array( $a ) ) {
-            foreach ( $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_object( $a ) ) {
-            foreach ( (array) $a as $item ) {
-                $this->get_all_emails( $item, $result );
+            }
+        }
-        if ( is_string( $a ) && false !== strpos( $a, '@' ) ) {
-            $result[] = trim( $a) ;
+        }
+    }
-    /**
      * "phpmailer_init" action.
+     *

mailarchiver/trunk/init.php

r3400895	r3439734
13	13	define( 'MAILARCHIVER_PRODUCT_ABBREVIATION', 'mailarchiver' );
14	14	define( 'MAILARCHIVER_SLUG', 'mailarchiver' );
15		define( 'MAILARCHIVER_VERSION', '4.3.0' );
	15	define( 'MAILARCHIVER_VERSION', '4.4.0' );
16	16	define( 'MAILARCHIVER_MONOLOG_VERSION', '2.9.3' );
17	17	define( 'MAILARCHIVER_CODENAME', '"-"' );

mailarchiver/trunk/mailarchiver.php

r3400895	r3439734
11	11	* Plugin URI: https://perfops.one/mailarchiver
12	12	* Description: Automatically archive and store all emails sent from your site.
13		* Version: 4.3.0
	13	* Version: 4.4.0
14	14	* Requires at least: 6.2
15	15	* Requires PHP: 8.1

mailarchiver/trunk/readme.txt

r3400895	r3439734
5	5	Requires PHP: 8.1
6	6	Tested up to: 6.9
7		Stable tag: 4.3.0
	7	Stable tag: 4.4.0
8	8	License: GPLv3
9	9	License URI: https://www.gnu.org/licenses/gpl-3.0.html

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory