From 6ec886b292265d876e0bcd7630be64fc7627422c Mon Sep 17 00:00:00 2001 From: Mariusz Krzaczkowski Date: Fri, 15 Mar 2024 17:27:41 +0100 Subject: [PATCH 1/8] Add cid default domain --- src/PHPMailer.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/PHPMailer.php b/src/PHPMailer.php index ba4bcd47..52da30de 100644 --- a/src/PHPMailer.php +++ b/src/PHPMailer.php @@ -587,6 +587,13 @@ class PHPMailer */ public static $validator = 'php'; + /** + * cid default domain + * + * @var string + */ + public $cid_default_domain = '@phpmailer.0'; + /** * An instance of the SMTP sender class. * @@ -4415,7 +4422,7 @@ class PHPMailer } //Hash the decoded data, not the URL, so that the same data-URI image used in multiple places //will only be embedded once, even if it used a different encoding - $cid = substr(hash('sha256', $data), 0, 32) . '@phpmailer.0'; //RFC2392 S 2 + $cid = substr(hash('sha256', $data), 0, 32) . $this->cid_default_domain; //RFC2392 S 2 if (!$this->cidExists($cid)) { $this->addStringEmbeddedImage( @@ -4449,7 +4456,7 @@ class PHPMailer $directory = ''; } //RFC2392 S 2 - $cid = substr(hash('sha256', $url), 0, 32) . '@phpmailer.0'; + $cid = substr(hash('sha256', $url), 0, 32) . $this->cid_default_domain; if (strlen($basedir) > 1 && '/' !== substr($basedir, -1)) { $basedir .= '/'; } From da0212d7d4e35f9891cf5b89ef749da94e018e7f Mon Sep 17 00:00:00 2001 From: Mariusz Krzaczkowski Date: Tue, 19 Mar 2024 12:16:12 +0100 Subject: [PATCH 2/8] Add cid default domain --- src/PHPMailer.php | 36 +++++++++++++++---------- test/PHPMailer/PHPMailerTest.php | 46 ++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 14 deletions(-) diff --git a/src/PHPMailer.php b/src/PHPMailer.php index 52da30de..15f7b6fe 100644 --- a/src/PHPMailer.php +++ b/src/PHPMailer.php @@ -587,13 +587,6 @@ class PHPMailer */ public static $validator = 'php'; - /** - * cid default domain - * - * @var string - */ - public $cid_default_domain = '@phpmailer.0'; - /** * An instance of the SMTP sender class. * @@ -4389,18 +4382,33 @@ class PHPMailer * Converts data-uri images into embedded attachments. * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly. * - * @param string $message HTML message string - * @param string $basedir Absolute path to a base directory to prepend to relative paths to images - * @param bool|callable $advanced Whether to use the internal HTML to text converter - * or your own custom converter + * @param string $message HTML message string + * @param string $basedir Absolute path to a base directory to prepend to relative paths to images + * @param bool|callable $advanced Whether to use the internal HTML to text converter + * or your own custom converter + * @param string $cid_domain Domain part used in generated Content-ID. + * If empty, a fallback value will be used. + * You can set your own, but it must be in the format "@host.domain", + * as defined in RFC2392 section 2, or it will be ignored. + * {@see https://datatracker.ietf.org/doc/html/rfc2392#section-2} * @return string The transformed message body * * @throws Exception * * @see PHPMailer::html2text() */ - public function msgHTML($message, $basedir = '', $advanced = false) + public function msgHTML($message, $basedir = '', $advanced = false, $cid_domain = '') { + $cid_domain_valid = false; + if ($cid_domain !== '' && strpos($cid_domain, '@') === 0) { + //prepend with a character to create valid RFC822 string in order to validate + $cid_domain_valid = filter_var('a'.$cid_domain, FILTER_VALIDATE_EMAIL); + } + + if (!$cid_domain_valid) { + $cid_domain = '@phpmailer.0'; + } + preg_match_all('/(? 1 && '/' !== substr($basedir, -1)) { @@ -4422,7 +4430,7 @@ class PHPMailer } //Hash the decoded data, not the URL, so that the same data-URI image used in multiple places //will only be embedded once, even if it used a different encoding - $cid = substr(hash('sha256', $data), 0, 32) . $this->cid_default_domain; //RFC2392 S 2 + $cid = substr(hash('sha256', $data), 0, 32) . $cid_domain; //RFC2392 S 2 if (!$this->cidExists($cid)) { $this->addStringEmbeddedImage( @@ -4456,7 +4464,7 @@ class PHPMailer $directory = ''; } //RFC2392 S 2 - $cid = substr(hash('sha256', $url), 0, 32) . $this->cid_default_domain; + $cid = substr(hash('sha256', $url), 0, 32) . $cid_domain; if (strlen($basedir) > 1 && '/' !== substr($basedir, -1)) { $basedir .= '/'; } diff --git a/test/PHPMailer/PHPMailerTest.php b/test/PHPMailer/PHPMailerTest.php index bef452c1..77ee3ec4 100644 --- a/test/PHPMailer/PHPMailerTest.php +++ b/test/PHPMailer/PHPMailerTest.php @@ -613,6 +613,52 @@ EOT; ); } + /** + * An embedded attachment test with custom cid domain. + */ + public function testEmbeddedImageCustomCidDomain() + { + $this->Mail->msgHTML(' + + + + E-Mail Inline Image Test + + +

+ +', '', false, '@example.com'); + $this->Mail->preSend(); + self::assertStringContainsString( + 'Content-ID: ', + $this->Mail->getSentMIMEMessage(), + 'Embedded image header encoding incorrect.' + ); + } + + /** + * An embedded attachment test with custom cid domain invalid. + */ + public function testEmbeddedImageCustomCidDomainInvalid() + { + $this->Mail->msgHTML(' + + + + E-Mail Inline Image Test + + +

+ +', '', false, '@no a valid domain'); + $this->Mail->preSend(); + self::assertStringContainsString( + 'Content-ID: ', + $this->Mail->getSentMIMEMessage(), + 'Embedded image header encoding incorrect.' + ); + } + /** * An embedded attachment test. */ From b135f4f2844397644d2f5f11666033a10796a142 Mon Sep 17 00:00:00 2001 From: Mariusz Krzaczkowski Date: Thu, 2 Oct 2025 10:19:16 +0200 Subject: [PATCH 3/8] Update PHPMailer.php --- src/PHPMailer.php | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/src/PHPMailer.php b/src/PHPMailer.php index 15f7b6fe..bebbbb43 100644 --- a/src/PHPMailer.php +++ b/src/PHPMailer.php @@ -4386,27 +4386,18 @@ class PHPMailer * @param string $basedir Absolute path to a base directory to prepend to relative paths to images * @param bool|callable $advanced Whether to use the internal HTML to text converter * or your own custom converter - * @param string $cid_domain Domain part used in generated Content-ID. - * If empty, a fallback value will be used. - * You can set your own, but it must be in the format "@host.domain", - * as defined in RFC2392 section 2, or it will be ignored. - * {@see https://datatracker.ietf.org/doc/html/rfc2392#section-2} * @return string The transformed message body * * @throws Exception * * @see PHPMailer::html2text() */ - public function msgHTML($message, $basedir = '', $advanced = false, $cid_domain = '') + public function msgHTML($message, $basedir = '', $advanced = false) { - $cid_domain_valid = false; - if ($cid_domain !== '' && strpos($cid_domain, '@') === 0) { + $cid_domain = '@phpmailer.0'; + if (filter_var($this->From, FILTER_VALIDATE_EMAIL)) { //prepend with a character to create valid RFC822 string in order to validate - $cid_domain_valid = filter_var('a'.$cid_domain, FILTER_VALIDATE_EMAIL); - } - - if (!$cid_domain_valid) { - $cid_domain = '@phpmailer.0'; + $cid_domain = substr( $this->From, strpos( $this->From, '@') + 1); } preg_match_all('/(? Date: Thu, 2 Oct 2025 10:27:01 +0200 Subject: [PATCH 4/8] Update PHPMailerTest.php --- test/PHPMailer/PHPMailerTest.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/PHPMailer/PHPMailerTest.php b/test/PHPMailer/PHPMailerTest.php index 77ee3ec4..6cd3ffa3 100644 --- a/test/PHPMailer/PHPMailerTest.php +++ b/test/PHPMailer/PHPMailerTest.php @@ -618,6 +618,9 @@ EOT; */ public function testEmbeddedImageCustomCidDomain() { + $result = $this->Mail->setFrom('overruled@example.com'); + self::assertTrue($result, 'setFrom failed'); + $this->Mail->msgHTML(' @@ -627,7 +630,7 @@ EOT;

-', '', false, '@example.com'); +', '', false); $this->Mail->preSend(); self::assertStringContainsString( 'Content-ID: ', From 07755f0f696a552ea27c9cd024aea2a5b348a4f8 Mon Sep 17 00:00:00 2001 From: Mariusz Krzaczkowski Date: Thu, 2 Oct 2025 10:30:50 +0200 Subject: [PATCH 5/8] Update PHPMailerTest.php --- test/PHPMailer/PHPMailerTest.php | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/test/PHPMailer/PHPMailerTest.php b/test/PHPMailer/PHPMailerTest.php index 6cd3ffa3..bd2e76f5 100644 --- a/test/PHPMailer/PHPMailerTest.php +++ b/test/PHPMailer/PHPMailerTest.php @@ -639,29 +639,6 @@ EOT; ); } - /** - * An embedded attachment test with custom cid domain invalid. - */ - public function testEmbeddedImageCustomCidDomainInvalid() - { - $this->Mail->msgHTML(' - - - - E-Mail Inline Image Test - - -

- -', '', false, '@no a valid domain'); - $this->Mail->preSend(); - self::assertStringContainsString( - 'Content-ID: ', - $this->Mail->getSentMIMEMessage(), - 'Embedded image header encoding incorrect.' - ); - } - /** * An embedded attachment test. */ From dc2ecee7882f89b977f1fee385785fa4d8bf2b17 Mon Sep 17 00:00:00 2001 From: Mariusz Krzaczkowski Date: Thu, 2 Oct 2025 10:31:27 +0200 Subject: [PATCH 6/8] Update PHPMailerTest.php --- test/PHPMailer/PHPMailerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/PHPMailer/PHPMailerTest.php b/test/PHPMailer/PHPMailerTest.php index bd2e76f5..819afd6e 100644 --- a/test/PHPMailer/PHPMailerTest.php +++ b/test/PHPMailer/PHPMailerTest.php @@ -618,7 +618,7 @@ EOT; */ public function testEmbeddedImageCustomCidDomain() { - $result = $this->Mail->setFrom('overruled@example.com'); + $result = $this->Mail->setFrom('test@example.com'); self::assertTrue($result, 'setFrom failed'); $this->Mail->msgHTML(' From e8f4d86c66a8d5355a1fc81547c3be4e67885452 Mon Sep 17 00:00:00 2001 From: Mariusz Krzaczkowski Date: Thu, 2 Oct 2025 11:18:08 +0200 Subject: [PATCH 7/8] Update PHPMailer.php --- src/PHPMailer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PHPMailer.php b/src/PHPMailer.php index bebbbb43..8df707fd 100644 --- a/src/PHPMailer.php +++ b/src/PHPMailer.php @@ -4397,7 +4397,7 @@ class PHPMailer $cid_domain = '@phpmailer.0'; if (filter_var($this->From, FILTER_VALIDATE_EMAIL)) { //prepend with a character to create valid RFC822 string in order to validate - $cid_domain = substr( $this->From, strpos( $this->From, '@') + 1); + $cid_domain = substr( $this->From, strrpos( $this->From, '@') + 1); } preg_match_all('/(? Date: Mon, 6 Oct 2025 09:07:54 +0200 Subject: [PATCH 8/8] CS --- src/PHPMailer.php | 2 +- test/PHPMailer/PHPMailerTest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/PHPMailer.php b/src/PHPMailer.php index 8df707fd..101feef6 100644 --- a/src/PHPMailer.php +++ b/src/PHPMailer.php @@ -4397,7 +4397,7 @@ class PHPMailer $cid_domain = '@phpmailer.0'; if (filter_var($this->From, FILTER_VALIDATE_EMAIL)) { //prepend with a character to create valid RFC822 string in order to validate - $cid_domain = substr( $this->From, strrpos( $this->From, '@') + 1); + $cid_domain = substr($this->From, strrpos($this->From, '@') + 1); } preg_match_all('/(?Mail->setFrom('test@example.com'); self::assertTrue($result, 'setFrom failed'); - + $this->Mail->msgHTML('