mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-70130 core: Simplify attachment handling in email_to_suer

Browse Source
This commit is contained in:
Andrew Nicols 2020-11-06 10:50:56 +08:00
parent e30716a16e
commit 4f22fad9ac
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/moodlelib.php
View File

@ -6314,10 +6314,8 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '',
require_once($CFG->libdir.'/filelib.php');
$mimetype = mimeinfo('type', $attachname);
$attachmentpath = $attachment;
// Before doing the comparison, make sure that the paths are correct (Windows uses slashes in the other direction).
$attachpath = str_replace('\\', '/', $attachmentpath);
$attachpath = str_replace('\\', '/', $attachment);
// Add allowed paths to an array (also check if it's not empty).
$allowedpaths = array_filter([
@ -6331,11 +6329,11 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '',
// Set addpath to true.
$addpath = true;
// Check if attachment includes one of the allowed paths.
foreach ($allowedpaths as $tmpvar) {
foreach ($allowedpaths as $allowedpath) {
// Make sure both variables are normalised before comparing.
$temppath = str_replace('\\', '/', realpath($tmpvar));
$allowedpath = str_replace('\\', '/', realpath($allowedpath));
// Set addpath to false if the attachment includes one of the allowed paths.
if (strpos($attachpath, $temppath) === 0) {
if (strpos($attachpath, $allowedpath) === 0) {
$addpath = false;
break;
}
@ -6344,10 +6342,10 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '',
// If the attachment is a full path to a file in the multiple allowed paths, use it as is,
// otherwise assume it is a relative path from the dataroot (for backwards compatibility reasons).
if ($addpath == true) {
$attachmentpath = $CFG->dataroot . '/' . $attachmentpath;
$attachment = $CFG->dataroot . '/' . $attachment;
}
$mail->addAttachment($attachmentpath, $attachname, 'base64', $mimetype);
$mail->addAttachment($attachment, $attachname, 'base64', $mimetype);
}
}