Correctly handle utf-8 in email_user()

Changelog.md

@@ -7,6 +7,8 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
  - Fixed weighted word support on search query analysis debug page
  - Added missing apostrophes to stop words in search system. Regenerating your search index will now yield a slightly smaller index
  - Fixed link loop when logging in for crawlers
+ - [security] Bugfix: Don't leak the PHP version in emails when expose_php is turned off
+ - Fixed handling of Unicode characters when emailing users - added new `email_subject_utf8` and `email_body_utf8` settings to control the new behaviour
 
 ## Changed
  - Improved the search indexing system performance - again

core/02-environment.php

@@ -69,5 +69,5 @@ if(!is_dir($paths->cache_directory))
 
 // Set the user agent string
 $php_version = ini_get("expose_php") == "1" ? "PHP/".phpversion() : "PHP";
-ini_set("user_agent", "$php_version (".PHP_SAPI."; ".PHP_OS." ".php_uname("m")."; ".(PHP_INT_SIZE*8)." bits; rv:$version) Pepperminty-Wiki/$version-".substr($commit, 0, 7));
+ini_set("user_agent", "$php_version ($settings->sitename; ".PHP_SAPI."; ".PHP_OS." ".php_uname("m")."; ".(PHP_INT_SIZE*8)." bits; rv:$version) Pepperminty-Wiki/$version-".substr($commit, 0, 7));
 unset($php_version);

core/05-functions.php

@@ -696,18 +696,36 @@ function email_user($username, $subject, $body)
 {
 	global $version, $settings;
 	
+	static $literator = null;
+	if($literator == null) $literator = Transliterator::createFromRules(':: Any-Latin; :: Latin-ASCII; :: NFD; :: [:Nonspacing Mark:] Remove; :: NFC;', Transliterator::FORWARD);
+	
 	// If the user doesn't have an email address, then we can't email them :P
 	if(empty($settings->users->{$username}->emailAddress))
 		return false;
 	
+	
+	$headers = [
+		"x-mailer" => ini_get("user_agent"),
+		"reply-to" => "$settings->admindetails_name <$settings->admindetails_email>"
+	];
+	
+	// Correctly encode the subject
+	if($settings->email_subject_utf8)
+		$subject = "=?utf-8?B?" . base64_encode($username) . "?=";
+	else
+		$subject = $literator->transliterate($subject);
+	
+	// Correctly encode the message body
+	if($settings->email_body_utf8)
+		$headers["content-type"] = "text/plain; charset=utf-8";
+	else {
+		$headers["content-type"] = "text/plain";
+		$body = $literator->transliterate($body);
+	}
+	
 	$subject = str_replace("{username}", $username, $subject);
 	$body = str_replace("{username}", $username, $body);
 	
-	$headers = [
-		"content-type" => "text/plain",
-		"x-mailer" => "$settings->sitename Pepperminty-Wiki/$version PHP/" . phpversion(),
-		"reply-to" => "$settings->admindetails_name <$settings->admindetails_email>"
-	];
 	$compiled_headers = "";
 	foreach($headers as $header => $value)
 		$compiled_headers .= "$header: $value\r\n";

modules/page-edit.php

@@ -1,7 +1,7 @@
 <?php
 register_module([
 	"name" => "Page editor",
-	"version" => "0.17.6",
+	"version" => "0.17.7",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Allows you to edit pages by adding the edit and save actions. You should probably include this one.",
 	"id" => "page-edit",
@@ -38,17 +38,11 @@ register_module([
 			$filename = "$env->storage_prefix$env->page.md";
 			$creatingpage = !isset($pageindex->{$env->page});
 			if((isset($_GET["newpage"]) and $_GET["newpage"] == "true") or $creatingpage)
-			{
 				$title = "Creating $env->page";
-			}
 			else if(isset($_POST['preview-edit']) && isset($_POST['content']))
-			{
 				$title = "Preview Edits for $env->page";
-			}
 			else
-			{
 				$title = "Editing $env->page";
-			}
 			
 			$pagetext = "";
 			if(isset($pageindex->{$env->page}))
@@ -495,9 +489,7 @@ DIFFSCRIPT;
 				
 				// Execute all the preprocessors
 				foreach($save_preprocessors as $func)
-				{
 					$func($pageindex->{$env->page}, $pagedata, $oldpagedata);
-				}
 				
 				if($pagedata !== $pagedata_orig)
 					file_put_contents("$env->storage_prefix$env->page.md", $pagedata);

peppermint.guiconfig.json

@@ -228,6 +228,8 @@
 	"search_tags_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's tags.", "default": 3},
 	"dynamic_page_suggestion_count": { "type": "number", "description": "The number of dynamic page name suggestions to fetch from the server when typing in the page search box. Note that lowering this number doesn't <em>really</em> improve performance. Set to 0 to disable.", "default": 7 },
 	"defaultaction": { "type": "text", "description": "The default action. This action will be performed if no other action is specified. It is recommended you set this to \"view\" - that way the user automatically views the default page (see above).", "default": "view" },
+	"email_subject_utf8": { "type": "checkbox", "description": "Whether to encode the subject of emails sent to allow them to contain unicode characters. Without this, email subjects will be transliterated to ASCII. If utf-8 email subjects are disabled, page names may not be represented properly.", "default": true },
+	"email_body_utf8": { "type": "checkbox", "description": "Whether to send emails with utf-8 bodies. If set to false, email bodies will be transliterated to ASCII. If utf-8 email bodies are disabled, page names may not be represented properly.", "default": true },
 	"updateurl": { "type": "url", "description": "The url from which to fetch updates. Defaults to the master (development) branch. MAKE SURE THAT THIS POINTS TO A *HTTPS* URL, OTHERWISE SOMEONE COULD INJECT A VIRUS INTO YOUR WIKI!", "default": "https://raw.githubusercontent.com/sbrl/pepperminty-wiki/master/index.php" },
 	"optimize_pages": { "type": "checkbox", "description": "Whether to optimise all webpages generated.", "default": true },
 	"minify_pageindex": { "type": "checkbox", "description": "Whether to minify the page index when saving it. Improves performance slightly (especially on larger wikis), but can make debugging and quick ninja-edits more awkward. Note that this only takes effect when the page index is next saved.", "default": true },