summaryrefslogtreecommitdiffstats
path: root/system/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries')
-rw-r--r--system/libraries/Email.php30
-rw-r--r--system/libraries/Upload.php66
2 files changed, 93 insertions, 3 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index c8cb8549e..ef20e1978 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -36,6 +36,7 @@ class CI_Email {
var $smtp_pass = ""; // SMTP Password
var $smtp_port = "25"; // SMTP Port
var $smtp_timeout = 5; // SMTP Timeout in seconds
+ var $smtp_crypto = ""; // SMTP Encryption. Can be null, tls or ssl.
var $wordwrap = TRUE; // TRUE/FALSE Turns word-wrap on/off
var $wrapchars = "76"; // Number of characters to wrap at.
var $mailtype = "text"; // text/html Defines email formatting
@@ -1667,7 +1668,14 @@ class CI_Email {
*/
protected function _smtp_connect()
{
- $this->_smtp_connect = fsockopen($this->smtp_host,
+ $ssl = NULL;
+
+ if ($this->smtp_crypto == 'ssl')
+ {
+ $ssl = 'ssl://';
+ }
+
+ $this->_smtp_connect = fsockopen($ssl.$this->smtp_host,
$this->smtp_port,
$errno,
$errstr,
@@ -1680,6 +1688,20 @@ class CI_Email {
}
$this->_set_error_message($this->_get_smtp_data());
+
+ if ($this->smtp_crypto == 'tls')
+ {
+ $this->_send_command('hello');
+ $this->_send_command('starttls');
+ $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+ }
+
+ if ($crypto !== TRUE)
+ {
+ $this->_set_error_message('lang:email_smtp_error', $this->_get_smtp_data());
+ return FALSE;
+ }
+
return $this->_send_command('hello');
}
@@ -1706,6 +1728,12 @@ class CI_Email {
$resp = 250;
break;
+ case 'starttls' :
+
+ $this->_send_data('STARTTLS');
+
+ $resp = 220;
+ break;
case 'from' :
$this->_send_data('MAIL FROM:<'.$data.'>');
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8f324de79..045283f96 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -198,7 +198,8 @@ class CI_Upload {
// Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
$this->file_size = $_FILES[$field]['size'];
- $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
+ $this->_file_mime_type($_FILES[$field]);
+ $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type);
$this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
$this->file_name = $this->_prep_filename($_FILES[$field]['name']);
$this->file_ext = $this->get_extension($this->file_name);
@@ -1008,8 +1009,69 @@ class CI_Upload {
// --------------------------------------------------------------------
+ /**
+ * File MIME type
+ *
+ * Detects the (actual) MIME type of the uploaded file, if possible.
+ * The input array is expected to be $_FILES[$field]
+ *
+ * @param array
+ * @return void
+ */
+ protected function _file_mime_type($file)
+ {
+ // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag)
+ if (is_php('5.3') && function_exists('finfo_file'))
+ {
+ $finfo = new finfo(FILEINFO_MIME_TYPE);
+ if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system
+ {
+ $file_type = $finfo->file($file['tmp_name']);
+
+ /* According to the comments section of the PHP manual page,
+ * it is possible that this function returns an empty string
+ * for some files (e.g. if they don't exist in the magic MIME database)
+ */
+ if (strlen($file_type) > 1)
+ {
+ $this->file_type = $file_type;
+ return;
+ }
+ }
+ }
+
+ // Fall back to the deprecated mime_content_type(), if available
+ if (function_exists('mime_content_type'))
+ {
+ $this->file_type = @mime_content_type($file['tmp_name']);
+ return;
+ }
+
+ /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type,
+ * which is still more secure than depending on the value of $_FILES[$field]['type'].
+ *
+ * Notes:
+ * - a 'W' in the substr() expression bellow, would mean that we're using Windows
+ * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check
+ */
+ if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec'))
+ {
+ $output = array();
+ @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code);
+ if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution
+ {
+ $this->file_type = rtrim($output[0]);
+ return;
+ }
+ }
+
+ $this->file_type = $file['type'];
+ }
+
+ // --------------------------------------------------------------------
+
}
// END Upload Class
/* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */ \ No newline at end of file
+/* Location: ./system/libraries/Upload.php */