summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Email.php21
-rw-r--r--system/libraries/Form_validation.php5
-rw-r--r--user_guide_src/source/changelog.rst8
3 files changed, 30 insertions, 4 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index f9a4ae733..1847cc96f 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1012,9 +1012,12 @@ class CI_Email {
*/
public function valid_email($email)
{
- if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@'))
+ if (function_exists('idn_to_ascii') && preg_match('#\A([^@]+)@(.+)\z#', $email, $matches))
{
- $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos), 0, INTL_IDNA_VARIANT_UTS46);
+ $domain = defined('INTL_IDNA_VARIANT_UTS46')
+ ? idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46)
+ : idn_to_ascii($matches[2]);
+ $email = $matches[1].'@'.$domain;
}
return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
@@ -2027,7 +2030,19 @@ class CI_Email {
$this->_send_command('hello');
$this->_send_command('starttls');
- $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+ /**
+ * STREAM_CRYPTO_METHOD_TLS_CLIENT is quite the mess ...
+ *
+ * - On PHP <5.6 it doesn't even mean TLS, but SSL 2.0, and there's no option to use actual TLS
+ * - On PHP 5.6.0-5.6.6, >=7.2 it means negotiation with any of TLS 1.0, 1.1, 1.2
+ * - On PHP 5.6.7-7.1.* it means only TLS 1.0
+ *
+ * We want the negotiation, so we'll force it below ...
+ */
+ $method = is_php('5.6')
+ ? STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
+ : STREAM_CRYPTO_METHOD_TLS_CLIENT;
+ $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, $method);
if ($crypto !== TRUE)
{
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index f402459a9..9e4c81c61 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1237,7 +1237,10 @@ class CI_Form_validation {
{
if (function_exists('idn_to_ascii') && preg_match('#\A([^@]+)@(.+)\z#', $str, $matches))
{
- $str = $matches[1].'@'.idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46);
+ $domain = defined('INTL_IDNA_VARIANT_UTS46')
+ ? idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46)
+ : idn_to_ascii($matches[2]);
+ $str = $matches[1].'@'.$domain;
}
return (bool) filter_var($str, FILTER_VALIDATE_EMAIL);
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 6a26a165b..37c276f19 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -124,6 +124,14 @@ Version 3.1.8
Release Date: Not Released
+- General Changes
+
+ - Updated :doc:`Email Library <libraries/email>` to always negotiate between TLS 1.0, 1.1, 1.2 when possible (PHP 5.6+) for SMTP connections.
+
+Bug fixes for 3.1.8
+-------------------
+
+- Fixed a bug where :doc:`Form Validation Library <libraries/form_validation>`, :doc:`Email Library <libraries/email>` tried to use ``INTL_IDNA_VARIANT_UTS46`` when it was undeclared.
Version 3.1.7
=============