From 658214ba8190a7498c37e8a14a45c0fc7b08e6c0 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Tue, 19 Sep 2023 10:14:28 +0000
Subject: [PATCH] always set Return-Path and drop default Reply-To, fixes #3023
Closes #3023
Merge request studip/studip!2029
---
lib/classes/ForumBulkMail.php | 3 +--
lib/classes/StudipMail.class.php | 17 +++++++++++++----
lib/messaging.inc.php | 4 +---
lib/phplib/Seminar_Register_Auth.class.php | 2 +-
4 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/lib/classes/ForumBulkMail.php b/lib/classes/ForumBulkMail.php
index bffb9155e0f..3f761941d32 100644
--- a/lib/classes/ForumBulkMail.php
+++ b/lib/classes/ForumBulkMail.php
@@ -94,8 +94,7 @@ class ForumBulkMail extends messaging
$mail->addRecipient($to, get_fullname($user_id), 'Bcc');
}
- $mail->setReplyToEmail('')
- ->setBodyText($data['text']);
+ $mail->setBodyText($data['text']);
if (mb_strlen($data['reply_to'])) {
$mail->setSenderEmail($data['reply_to']);
diff --git a/lib/classes/StudipMail.class.php b/lib/classes/StudipMail.class.php
index 1ee0db77b77..db68a110378 100644
--- a/lib/classes/StudipMail.class.php
+++ b/lib/classes/StudipMail.class.php
@@ -69,6 +69,16 @@ class StudipMail
return self::$transporter;
}
+ /**
+ * Gets the configured abuse mail contact
+ *
+ * @return string
+ */
+ public static function getAbuseEmail()
+ {
+ return $GLOBALS['MAIL_ABUSE'] ?: "abuse@{$mail_localhost}";
+ }
+
/**
* convenience method for sending a qick, text based email message
*
@@ -99,9 +109,8 @@ class StudipMail
public static function sendAbuseMessage($subject, $text)
{
$mail = new StudipMail();
- $abuse = $mail->getReplyToEmail();
+ $abuse = self::getAbuseEmail();
return $mail->setSubject($subject)
- ->setReplyToEmail('')
->addRecipient($abuse)
->setBodyText($text)
->send();
@@ -109,7 +118,7 @@ class StudipMail
/**
* sets some default values for sender and reply to from
- * configuration settings. The return path is always set to MAIL_ABUSE
+ * configuration settings.
*
*/
public function __construct($data = null)
@@ -117,7 +126,6 @@ class StudipMail
$mail_localhost = $GLOBALS['MAIL_LOCALHOST'] ?: $_SERVER['SERVER_NAME'];
$this->setSenderEmail($GLOBALS['MAIL_ENV_FROM'] ?: "wwwrun@{$mail_localhost}");
$this->setSenderName($GLOBALS['MAIL_FROM'] ?: 'Stud.IP - ' . Config::get()->UNI_NAME_CLEAN);
- $this->setReplyToEmail($GLOBALS['MAIL_ABUSE'] ?: "abuse@{$mail_localhost}");
if ($data) {
$this->setData($data);
@@ -391,6 +399,7 @@ class StudipMail
throw new Exception('no mail transport defined');
}
$transporter->ResetMessage();
+ $transporter->SetHeader('Return-Path', $this->getSenderEmail());
$transporter->SetEncodedEmailHeader('From', $this->getSenderEmail(), self::quoteString($this->getSenderName()));
if($this->getReplyToEmail()){
$transporter->SetEncodedEmailHeader('Reply-To', $this->getReplyToEmail(), self::quoteString($this->getReplyToName()));
diff --git a/lib/messaging.inc.php b/lib/messaging.inc.php
index 035e78d37bd..2330bc64785 100644
--- a/lib/messaging.inc.php
+++ b/lib/messaging.inc.php
@@ -226,7 +226,6 @@ class messaging
// Now, let us send the message
$mail = new StudipMail();
$mail->setSubject($title)
- ->setReplyToEmail('')
->addRecipient($to, $rec_fullname)
->setBodyText($mailmessage);
if (mb_strlen($reply_to)) {
@@ -236,8 +235,7 @@ class messaging
->setSenderName(sprintf(_('Stud.IP für %s'), $snd_fullname));
} else {
$mail->setSenderEmail($reply_to)
- ->setSenderName($snd_fullname)
- ->setReplyToEmail('');
+ ->setSenderName($snd_fullname);
}
}
$user_cfg = UserConfig::get($rec_user_id);
diff --git a/lib/phplib/Seminar_Register_Auth.class.php b/lib/phplib/Seminar_Register_Auth.class.php
index f4b0fd9b43e..f2a272e16ae 100644
--- a/lib/phplib/Seminar_Register_Auth.class.php
+++ b/lib/phplib/Seminar_Register_Auth.class.php
@@ -214,7 +214,7 @@ class Seminar_Register_Auth extends Seminar_Auth
$token = Token::create(7 * 24 * 60 * 60, $user->id); // Link is valid for 1 week
$url = $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'email_validation.php?secret=' . $token;
$mail = new StudipMail();
- $abuse = $mail->getReplyToEmail();
+ $abuse = StudipMail::getAbuseEmail();
$lang_path = getUserLanguagePath($user->id);
--
GitLab