From f1c4e3d2ba635dc29e83ff41d6ba500accc44fb5 Mon Sep 17 00:00:00 2001 From: "pau.ferrer-ocana" Date: Tue, 16 Dec 2014 10:04:34 +0100 Subject: [PATCH 1/2] MDL-48080 email: Remove some old error_log calls --- lib/moodlelib.php | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 25e51ea9f94..c328598b498 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -5800,20 +5800,12 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '', if (!validate_email($user->email)) { // We can not send emails to invalid addresses - it might create security issue or confuse the mailer. - $invalidemail = "User $user->id (".fullname($user).") email ($user->email) is invalid! Not sending."; - error_log($invalidemail); - if (CLI_SCRIPT) { - mtrace('Error: lib/moodlelib.php email_to_user(): '.$invalidemail); - } + debugging("email_to_user: User $user->id (".fullname($user).") email ($user->email) is invalid! Not sending."); return false; } if (over_bounce_threshold($user)) { - $bouncemsg = "User $user->id (".fullname($user).") is over bounce threshold! Not sending."; - error_log($bouncemsg); - if (CLI_SCRIPT) { - mtrace('Error: lib/moodlelib.php email_to_user(): '.$bouncemsg); - } + debugging("email_to_user: User $user->id (".fullname($user).") is over bounce threshold! Not sending."); return false; } From 90e30644d59ad24cddad3d023421aa501230eae4 Mon Sep 17 00:00:00 2001 From: "pau.ferrer-ocana" Date: Tue, 16 Dec 2014 10:17:52 +0100 Subject: [PATCH 2/2] MDL-48080 email: Do not send to .invalid addresses. It is an invalid TLD --- lib/moodlelib.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index c328598b498..6326937b1d3 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -5809,6 +5809,13 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '', return false; } + // TLD .invalid is specifically reserved for invalid domain names. + // For More information, see {@link http://tools.ietf.org/html/rfc2606#section-2}. + if (substr($user->email, -8) == '.invalid') { + debugging("email_to_user: User $user->id (".fullname($user).") email domain ($user->email) is invalid! Not sending."); + return true; // This is not an error. + } + // If the user is a remote mnet user, parse the email text for URL to the // wwwroot and modify the url to direct the user's browser to login at their // home site (identity provider - idp) before hitting the link itself.