File "mail.lib.php"
Full Path: /home/rrterraplen/public_html/wp-content-20241221212636/plugins/sucuri-scanner/src/mail.lib.php
File size: 9.77 KB
MIME-type: text/x-php
Charset: utf-8
<?php
/**
* Code related to the mail.lib.php interface.
*
* PHP version 5
*
* @category Library
* @package Sucuri
* @subpackage SucuriScanner
* @author Daniel Cid <[email protected]>
* @copyright 2010-2018 Sucuri Inc.
* @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2
* @link https://wordpress.org/plugins/sucuri-scanner
*/
if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) {
if (!headers_sent()) {
/* Report invalid access if possible. */
header('HTTP/1.1 403 Forbidden');
}
exit(1);
}
/**
* Process and send emails.
*
* One of the core features of the plugin is the event alerts, a list of rules
* will check if the site is being compromised, in which case a notification
* will be sent to the site email address (an address that can be configured in
* the settings page).
*
* @category Library
* @package Sucuri
* @subpackage SucuriScanner
* @author Daniel Cid <[email protected]>
* @copyright 2010-2018 Sucuri Inc.
* @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2
* @link https://wordpress.org/plugins/sucuri-scanner
*/
class SucuriScanMail extends SucuriScanOption
{
/**
* Check whether the email alerts will be sent in HTML or Plain/Text.
*
* @return bool Whether the emails will be in HTML or Plain/Text.
*/
public static function prettifyMails()
{
return self::isEnabled(':prettify_mails');
}
/**
* Send a message to a specific email address.
*
* @param string $email The email address of the recipient that will receive the message.
* @param string $subject The reason of the message that will be sent.
* @param string $message Body of the message that will be sent.
* @param array $data_set Optional parameter to add more information to the notification.
* @return bool Whether the email contents were sent successfully.
*/
public static function sendMail($email = '', $subject = '', $message = '', $data_set = array())
{
$headers = array();
$subject = ucwords(strtolower($subject));
$force = (bool) (isset($data_set['Force']) && $data_set['Force']);
unset($data_set['Force']); /* remove to prevent inheritance */
/* check whether the email alerts will be sent in HTML or plain/text */
if (self::prettifyMails() || (isset($data_set['ForceHTML']) && $data_set['ForceHTML'])) {
$headers = array('Content-Type: text/html');
$data_set['PrettifyType'] = 'pretty';
unset($data_set['ForceHTML']);
} else {
$headers = array('Content-Type: text/plain');
$message = strip_tags($message);
}
if (self::emailsPerHourReached() && !$force) {
return self::throwException(__('Maximum number of emails per hour reached', 'sucuri-scanner'));
}
/* check if we need to load a template file to wrap the message */
if (!array_key_exists('UseRawHTML', $data_set) || !$data_set['UseRawHTML']) {
$message = self::prettifyMail($subject, $message, $data_set);
}
$subject = self::getEmailSubject($subject);
try {
/**
* WordPress uses a library named PHPMailer to send emails through the
* provided method wp_mail, unfortunately the debug information is
* completely removed and this makes it difficult to troubleshoots
* issues reported by users when the SMTP server in their sites is
* misconfigured. To reduce the number of tickets related with this
* issue we will provide an option to allow the users to choose which
* technique will be used to send the alerts.
*
* @see https://github.com/PHPMailer/PHPMailer
* @see https://developer.wordpress.org/reference/functions/wp_mail/
*/
if (SucuriScanOption::isEnabled(':use_wpmail')) {
wp_mail($email, $subject, $message, $headers);
} else {
@mail($email, $subject, $message, implode("\r\n", $headers));
}
$mails_sent = (int) self::getOption(':emails_sent');
self::updateOption(':emails_sent', $mails_sent + 1);
self::updateOption(':last_email_at', time());
return true; /* assume mail delivery */
} catch ( Throwable $e ) {
SucuriScanEvent::reportErrorEvent('An error occurred sending email - please check your server mail configuration.');
return false;
}
}
/**
* Generate a subject for the email alerts.
*
* @param string $event The reason of the message that will be sent.
* @return string A text with the subject for the email alert.
*/
private static function getEmailSubject($event = '')
{
$subject = self::getOption(':email_subject');
$subject = strip_tags((string) $subject);
$ip = self::getRemoteAddr();
$subject = str_replace(':event', $event, $subject);
$subject = str_replace(':domain', self::getDomain(), $subject);
$subject = str_replace(':remoteaddr', $ip, $subject);
if (strpos($subject, ':hostname') !== false) {
/* expensive operation; reverse user ip address if requested */
$subject = str_replace(':hostname', gethostbyaddr($ip), $subject);
}
/* include data from the user in session, if necessary */
if (strpos($subject, ':username') !== false
|| strpos($subject, ':email') !== false
) {
$user = wp_get_current_user();
$username = 'unknown';
$eaddress = 'unknown';
if ($user instanceof WP_User
&& isset($user->user_login)
&& isset($user->user_email)
) {
$username = $user->user_login;
$eaddress = $user->user_email;
}
$subject = str_replace(':username', $user->user_login, $subject);
$subject = str_replace(':email', $user->user_email, $subject);
}
return $subject;
}
/**
* Generate a HTML version of the message that will be sent through an email.
*
* @param string $subject The reason of the message that will be sent.
* @param string $message Body of the message that will be sent.
* @param array $data_set Optional parameter to add more information to the notification.
* @return string The message formatted in a HTML template.
*/
private static function prettifyMail($subject = '', $message = '', $data_set = array())
{
$params = array();
$display_name = '';
$prettify_type = 'simple';
$user = wp_get_current_user();
$website = self::getDomain();
if (isset($data_set['PrettifyType'])) {
$prettify_type = $data_set['PrettifyType'];
}
if ($user instanceof WP_User
&& isset($user->user_login)
&& !empty($user->user_login)
) {
$display_name = sprintf(
__('User: %s (%s)', 'sucuri-scanner'),
$user->display_name,
$user->user_login
);
}
// Format list of items when the event has multiple entries.
if (strpos($message, 'multiple') !== false) {
$message_parts = SucuriScanAPI::parseMultipleEntries($message);
if (is_array($message_parts)) {
$message = ( $prettify_type == 'pretty' ) ? $message_parts[0] . '<ul>' : $message_parts[0];
unset($message_parts[0]);
foreach ($message_parts as $msg_part) {
if ($prettify_type == 'pretty') {
$message .= sprintf("<li>%s</li>\n", $msg_part);
} else {
$message .= sprintf("\n- %s", $msg_part);
}
}
$message .= ( $prettify_type == 'pretty' ) ? '</ul>' : '';
}
}
$params['TemplateTitle'] = __('Sucuri Alert', 'sucuri-scanner');
$params['Subject'] = $subject;
$params['Website'] = $website;
$params['RemoteAddress'] = self::getRemoteAddr();
$params['ReverseAddress'] = gethostbyaddr($params['RemoteAddress']);
$params['Message'] = $message;
$params['User'] = $display_name;
$params['Time'] = SucuriScan::datetime();
foreach ($data_set as $var_key => $var_value) {
$params[ $var_key ] = $var_value;
}
/* SucuriScanTemplate::notification-pretty */
/* SucuriScanTemplate::notification-simple */
return SucuriScanTemplate::getSection('notification-' . $prettify_type, $params);
}
/**
* Check whether the maximum quantity of emails per hour was reached.
*
* @return bool Whether the quota emails per hour was reached.
*/
private static function emailsPerHourReached()
{
$max_per_hour = self::getOption(':emails_per_hour');
if ($max_per_hour != 'unlimited') {
// Check if we are still in that sixty minutes.
$current_time = time();
$last_email_at = self::getOption(':last_email_at');
$diff_time = abs($current_time - $last_email_at);
if ($diff_time <= 3600) {
// Check if the quantity of emails sent is bigger than the configured.
$emails_sent = (int) self::getOption(':emails_sent');
$max_per_hour = intval($max_per_hour);
if ($emails_sent >= $max_per_hour) {
return true;
}
} else {
// Reset the counter of emails sent.
self::updateOption(':emails_sent', 0);
}
}
return false;
}
}