From 221c09588be796ba352683cd7814af33501d4fa6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 22 Jan 2018 10:29:19 +0200 Subject: Fix a bug where INTL_IDNA_VARIANT_UTS46 was used while undeclared The constant was introduced in PHP 5.4, and is documented that way, but it actually depends on PHP being linked to ICU 4.6+, while the minimum requirement for compilation is 4.0 ... When this happens on PHP 7.2, an E_DEPRECATED notice will be emitted; there's currently a discussion on php-internals to resolve that issue. --- system/libraries/Email.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Email.php') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 6a8bda70e..967a0019a 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1035,7 +1035,7 @@ class CI_Email { if (function_exists('idn_to_ascii') && strpos($email, '@')) { list($account, $domain) = explode('@', $email, 2); - $domain = is_php('5.4') + $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($domain); $email = $account.'@'.$domain; -- cgit v1.2.3-24-g4f1b From 329dd039a211ed7634b45e2c908f7dc375b806a2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 22 Jan 2018 10:54:10 +0200 Subject: [ci skip] If possible, always negotiate for TLS 1.0, TLS 1.1, TLS 1.2 for SMTP connections in CI_Email --- system/libraries/Email.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'system/libraries/Email.php') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 967a0019a..71740ee5e 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -2074,7 +2074,19 @@ class CI_Email { $this->_send_command('hello'); $this->_send_command('starttls'); - $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + /** + * STREAM_CRYPTO_METHOD_TLS_CLIENT is quite the mess ... + * + * - On PHP <5.6 it doesn't even mean TLS, but SSL 2.0, and there's no option to use actual TLS + * - On PHP 5.6.0-5.6.6, >=7.2 it means negotiation with any of TLS 1.0, 1.1, 1.2 + * - On PHP 5.6.7-7.1.* it means only TLS 1.0 + * + * We want the negotiation, so we'll force it below ... + */ + $method = is_php('5.6') + ? STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT + : STREAM_CRYPTO_METHOD_TLS_CLIENT; + $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, $method); if ($crypto !== TRUE) { -- cgit v1.2.3-24-g4f1b From 7c71b8f571585655d24ce325fb0ec3deb6caa8e4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 27 Jan 2018 06:09:02 +0200 Subject: [ci skip] Apply the INTL_IDNA_VARIANT_UTS46 fix to CI_Email::_validate_email_for_shell() --- system/libraries/Email.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Email.php') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 71740ee5e..a53e7e72a 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1856,7 +1856,7 @@ class CI_Email { if (function_exists('idn_to_ascii') && strpos($email, '@')) { list($account, $domain) = explode('@', $email, 2); - $domain = is_php('5.4') + $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($domain); $email = $account.'@'.$domain; -- cgit v1.2.3-24-g4f1b