diff --git a/Changelog.md b/Changelog.md index e694f7f..bf44e96 100644 --- a/Changelog.md +++ b/Changelog.md @@ -7,6 +7,8 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t - Fixed weighted word support on search query analysis debug page - Added missing apostrophes to stop words in search system. Regenerating your search index will now yield a slightly smaller index - Fixed link loop when logging in for crawlers + - [security] Bugfix: Don't leak the PHP version in emails when expose_php is turned off + - Fixed handling of Unicode characters when emailing users - added new `email_subject_utf8` and `email_body_utf8` settings to control the new behaviour ## Changed - Improved the search indexing system performance - again diff --git a/core/02-environment.php b/core/02-environment.php index b3a17f2..ef145b2 100644 --- a/core/02-environment.php +++ b/core/02-environment.php @@ -69,5 +69,5 @@ if(!is_dir($paths->cache_directory)) // Set the user agent string $php_version = ini_get("expose_php") == "1" ? "PHP/".phpversion() : "PHP"; -ini_set("user_agent", "$php_version (".PHP_SAPI."; ".PHP_OS." ".php_uname("m")."; ".(PHP_INT_SIZE*8)." bits; rv:$version) Pepperminty-Wiki/$version-".substr($commit, 0, 7)); +ini_set("user_agent", "$php_version ($settings->sitename; ".PHP_SAPI."; ".PHP_OS." ".php_uname("m")."; ".(PHP_INT_SIZE*8)." bits; rv:$version) Pepperminty-Wiki/$version-".substr($commit, 0, 7)); unset($php_version); diff --git a/core/05-functions.php b/core/05-functions.php index 3359374..cce95d2 100644 --- a/core/05-functions.php +++ b/core/05-functions.php @@ -696,18 +696,36 @@ function email_user($username, $subject, $body) { global $version, $settings; + static $literator = null; + if($literator == null) $literator = Transliterator::createFromRules(':: Any-Latin; :: Latin-ASCII; :: NFD; :: [:Nonspacing Mark:] Remove; :: NFC;', Transliterator::FORWARD); + // If the user doesn't have an email address, then we can't email them :P if(empty($settings->users->{$username}->emailAddress)) return false; + + $headers = [ + "x-mailer" => ini_get("user_agent"), + "reply-to" => "$settings->admindetails_name <$settings->admindetails_email>" + ]; + + // Correctly encode the subject + if($settings->email_subject_utf8) + $subject = "=?utf-8?B?" . base64_encode($username) . "?="; + else + $subject = $literator->transliterate($subject); + + // Correctly encode the message body + if($settings->email_body_utf8) + $headers["content-type"] = "text/plain; charset=utf-8"; + else { + $headers["content-type"] = "text/plain"; + $body = $literator->transliterate($body); + } + $subject = str_replace("{username}", $username, $subject); $body = str_replace("{username}", $username, $body); - $headers = [ - "content-type" => "text/plain", - "x-mailer" => "$settings->sitename Pepperminty-Wiki/$version PHP/" . phpversion(), - "reply-to" => "$settings->admindetails_name <$settings->admindetails_email>" - ]; $compiled_headers = ""; foreach($headers as $header => $value) $compiled_headers .= "$header: $value\r\n"; diff --git a/modules/page-edit.php b/modules/page-edit.php index a06b9c8..bb8f022 100644 --- a/modules/page-edit.php +++ b/modules/page-edit.php @@ -1,7 +1,7 @@ "Page editor", - "version" => "0.17.6", + "version" => "0.17.7", "author" => "Starbeamrainbowlabs", "description" => "Allows you to edit pages by adding the edit and save actions. You should probably include this one.", "id" => "page-edit", @@ -38,17 +38,11 @@ register_module([ $filename = "$env->storage_prefix$env->page.md"; $creatingpage = !isset($pageindex->{$env->page}); if((isset($_GET["newpage"]) and $_GET["newpage"] == "true") or $creatingpage) - { $title = "Creating $env->page"; - } else if(isset($_POST['preview-edit']) && isset($_POST['content'])) - { $title = "Preview Edits for $env->page"; - } else - { $title = "Editing $env->page"; - } $pagetext = ""; if(isset($pageindex->{$env->page})) @@ -495,9 +489,7 @@ DIFFSCRIPT; // Execute all the preprocessors foreach($save_preprocessors as $func) - { $func($pageindex->{$env->page}, $pagedata, $oldpagedata); - } if($pagedata !== $pagedata_orig) file_put_contents("$env->storage_prefix$env->page.md", $pagedata); diff --git a/peppermint.guiconfig.json b/peppermint.guiconfig.json index 59ee42c..f2a7cac 100644 --- a/peppermint.guiconfig.json +++ b/peppermint.guiconfig.json @@ -228,6 +228,8 @@ "search_tags_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's tags.", "default": 3}, "dynamic_page_suggestion_count": { "type": "number", "description": "The number of dynamic page name suggestions to fetch from the server when typing in the page search box. Note that lowering this number doesn't really improve performance. Set to 0 to disable.", "default": 7 }, "defaultaction": { "type": "text", "description": "The default action. This action will be performed if no other action is specified. It is recommended you set this to \"view\" - that way the user automatically views the default page (see above).", "default": "view" }, + "email_subject_utf8": { "type": "checkbox", "description": "Whether to encode the subject of emails sent to allow them to contain unicode characters. Without this, email subjects will be transliterated to ASCII. If utf-8 email subjects are disabled, page names may not be represented properly.", "default": true }, + "email_body_utf8": { "type": "checkbox", "description": "Whether to send emails with utf-8 bodies. If set to false, email bodies will be transliterated to ASCII. If utf-8 email bodies are disabled, page names may not be represented properly.", "default": true }, "updateurl": { "type": "url", "description": "The url from which to fetch updates. Defaults to the master (development) branch. MAKE SURE THAT THIS POINTS TO A *HTTPS* URL, OTHERWISE SOMEONE COULD INJECT A VIRUS INTO YOUR WIKI!", "default": "https://raw.githubusercontent.com/sbrl/pepperminty-wiki/master/index.php" }, "optimize_pages": { "type": "checkbox", "description": "Whether to optimise all webpages generated.", "default": true }, "minify_pageindex": { "type": "checkbox", "description": "Whether to minify the page index when saving it. Improves performance slightly (especially on larger wikis), but can make debugging and quick ninja-edits more awkward. Note that this only takes effect when the page index is next saved.", "default": true },