Merge branch 'master' into master-michiel

Author: michield

.github/workflows/build-release.yml

@@ -43,7 +43,7 @@ jobs:
         uses: actions/cache@v2
         with:
           path: /tmp/composer-cache
-          key: ${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          key: ${{ matrix.php-version }}-${{ env.RELEASE_VERSION }}-${{ hashFiles('**/composer.lock') }}
 
       - name: Install dependencies
         uses: php-actions/composer@v5

.github/workflows/main.yml

@@ -30,11 +30,11 @@ jobs:
           sudo apt update
           sudo apt install rsync
 
-      - name: Cache Composer dependencies
-        uses: actions/cache@v2
-        with:
-          path: /tmp/composer-cache
-          key: ${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+      # - name: Cache Composer dependencies
+      #   uses: actions/cache@v2
+      #   with:
+      #     path: /tmp/composer-cache
+      #     key: ${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
 
       - name: Install dependencies
         uses: php-actions/composer@v6
@@ -88,10 +88,21 @@ jobs:
           firefox -v
           vendor/bin/behat -V
 
-      - name: Run BDD Tests
+      - name: Run BDD Tests UI
         run: |
           cd $GITHUB_WORKSPACE/tests
-          ../vendor/bin/behat -p chrome --stop-on-failure --tags=@initialise
+          ../vendor/bin/behat -p chrome -f progress --stop-on-failure --tags=@initialise
+          ../vendor/bin/behat -p chrome -f progress --tags="~@initialise && ~@wip"
+
+      - name: Run BDD Tests CLI
+        run: |
+          cd $GITHUB_WORKSPACE
+          export [email protected]
+          export ADMIN_PASSWORD=Mypassword123+
+          export ORGANISATION_NAME="phpList"
+          export ADMIN_NAME="phpList Administrator"
+          php public_html/lists/admin/index.php -c $GITHUB_WORKSPACE/public_html/lists/config/config.php -p initialise -f
+          cd $GITHUB_WORKSPACE/tests
           ../vendor/bin/behat -p chrome --tags="~@initialise && ~@wip"
 
       - name: Upload the screenshots

VERSION

@@ -1,5 +1,4 @@
 # file that keeps track of the latest tag in cvs and the corresponding version
 # this automates publishing a new version, when it's tagged
 # if you don't understand this, don't worry. You don't need this file
-VERSION=3.6.4
-DEVVERSION=3.6.5-RC1
+VERSION=3.6.6-RC2

composer.lock

@@ -427,7 +427,7 @@ function processQueueOutput($message, $logit = 1, $target = 'summary')
 
         return;
     } else {
-        $infostring = '['.date('D j M Y H:i', time()).'] ['.$_SERVER['REMOTE_ADDR'].']';
+        $infostring = '['.date('D j M Y H:i', time()).'] ['.getClientIP().']';
         //print "$infostring $message<br/>\n";
         $lines = explode("\n", $message);
         foreach ($lines as $line) {
@@ -627,8 +627,10 @@ function sendEmailTest($messageid, $email)
         ." where status not in ('draft', 'sent', 'prepared', 'suspended')"
         .' and embargo > now()'
         .' order by embargo asc limit 1');
-    $counters['status'] = 'embargo';
-    $counters['delaysend'] = $future['waittime'];
+    if ($future) {
+        $counters['status'] = 'embargo';
+        $counters['delaysend'] = $future['waittime'];
+    }
 }
 
 $script_stage = 2; // we know the messages to process

public_html/lists/admin/actions/processqueue.php

@@ -86,6 +86,13 @@ public function __construct($messageid, $email, $inBlast = true, $exceptions = f
 #            logEvent('Sending email via PHPMAILERSUBSCRIBEHOST '.PHPMAILERSUBSCRIBEHOST);
             $this->Host = PHPMAILERSUBSCRIBEHOST;
             $this->Port = PHPMAILERSUBSCRIBEPORT;
+            if (isset($GLOBALS['phpmailer_smtpuser']) && $GLOBALS['phpmailer_smtpuser'] != ''
+                && isset($GLOBALS['phpmailer_smtppassword']) && $GLOBALS['phpmailer_smtppassword']
+            ) {
+                $this->Username = $GLOBALS['phpmailer_smtpuser'];
+                $this->Password = $GLOBALS['phpmailer_smtppassword'];
+                $this->SMTPAuth = true;
+            }
             $this->Mailer = 'smtp';
         } elseif ($this->inBlast && defined('PHPMAILERBLASTHOST') && defined('PHPMAILERBLASTPORT') && PHPMAILERBLASTHOST != '') {
             $this->Host = PHPMAILERBLASTHOST;
@@ -178,7 +185,7 @@ public function __construct($messageid, $email, $inBlast = true, $exceptions = f
 //        $this->addCustomHeader("Return-Receipt-To: ".$GLOBALS["message_envelope"]);
         }
         //# when the email is generated from a webpage (quite possible :-) add a "received line" to identify the origin
-        if (!empty($_SERVER['REMOTE_ADDR'])) {
+        if (!empty(getClientIP())) {
             $this->add_timestamp();
         }
         $this->messageid = $messageid;
@@ -200,7 +207,7 @@ public function add_timestamp()
         //0013076:
         // Add a line like Received: from [10.1.2.3] by website.example.com with HTTP; 01 Jan 2003 12:34:56 -0000
         // more info: http://www.spamcop.net/fom-serve/cache/369.html
-        $ip_address = $_SERVER['REMOTE_ADDR'];
+        $ip_address = getClientIP();
         if (!empty($_SERVER['REMOTE_HOST'])) {
             $ip_domain = $_SERVER['REMOTE_HOST'];
         } else {

public_html/lists/admin/class.phplistmailer.php

@@ -55,6 +55,7 @@
 
 // identify pages that can be run on commandline
 $commandline_pages = array(
+    'initialise',
     'dbcheck',
     'send',
     'processqueue',
@@ -1793,6 +1794,9 @@ function monthName($month, $short = 0)
  */
 function formatDate($date, $short = 0)
 {
+    if ($date == '') {
+        return '';
+    }
     $format = getConfig('date_format');
     $year = substr($date, 0, 4);
     $month = substr($date, 5, 2);

public_html/lists/admin/connect.php

@@ -135,7 +135,9 @@
 ?>
 
 <?php echo formStart(' class="editlistSave" ') ?>
-<input type="hidden" name="id" value="<?php echo $id ?>"/>
+<?php if ($id): ?>
+    <div class="label"><label><?php echo s('List ID'); ?>:</label><?php echo $id ?></div>
+<?php endif;?>
 <div class="label"><label for="listname"><?php echo s('List name'); ?>:</label></div>
 <div class="field"><input type="text" name="listname"
                           value="<?php echo htmlspecialchars(stripslashes($list['name'])) ?>"/></div>
@@ -191,7 +193,6 @@
 }
 
 ?>
-<form>
     <label for="description"><?php echo s('List Description'); ?></label>
     <div class="field"><textarea name="description" cols="35" rows="5">
 <?php echo htmlspecialchars(stripslashes($list['description'])) ?></textarea></div>

public_html/lists/admin/editlist.php

@@ -129,7 +129,7 @@ function deleteUserBlacklistRecords($id)
 function deleteUserRecordsLeaveBlacklistRecords($id)
 {
     global $tables;
-    
+
     Sql_Query('delete from '.$tables['linktrack_uml_click'].' where userid = '.$id);
     Sql_Query('delete from '.$tables['listuser'].' where userid = '.$id);
     Sql_Query('delete from '.$tables['usermessage'].' where userid = '.$id);
@@ -156,7 +156,7 @@ function deleteUserLeaveBlacklist($id)
  */
 function deleteUserIncludeBlacklist($id)
 {
-    // Note: deleteUserBlacklistRecords() must be executed first, else the ID 
+    // Note: deleteUserBlacklistRecords() must be executed first, else the ID
     // to email lookup fails due to the missing record
     deleteUserBlacklistRecords($id);
     deleteUserRecordsLeaveBlacklistRecords($id);
@@ -206,7 +206,7 @@ function addNewUser($email, $password = '')
     entered = now(),modified = now(),password = "%s",
     passwordchanged = now(),disabled = 0,
     uniqid = "%s",htmlemail = 1, uuid = "%s"
-    ', $GLOBALS['tables']['user'], $email, $blacklist, $passwordEnc, getUniqid(), (string) uuid::generate(4)));
+    ', $GLOBALS['tables']['user'], sql_escape($email), $blacklist, $passwordEnc, getUniqid(), (string) uuid::generate(4)));
 
     $id = Sql_Insert_Id();
 
@@ -312,8 +312,8 @@ function AttributeValue($table, $value)
 function getUserEmail($id)
 {
     global $tables;
-    
-    $userid = Sql_Fetch_Row_Query("select email from {$tables['user']} where id = \"$id\"");    
+
+    $userid = Sql_Fetch_Row_Query("select email from {$tables['user']} where id = \"$id\"");
     return $userid[0];
 }
 
@@ -416,7 +416,7 @@ function UserAttributeValue($user = 0, $attribute = 0)
         case 'checkboxgroup':
             //     print "select value from $user_att_table where userid = $user and attributeid = $attribute";
             $val_ids = Sql_Fetch_Row_Query("select value from $user_att_table where userid = $user and attributeid = $attribute");
-            if ($val_ids[0]) {
+            if ($val_ids && $val_ids[0]) {
                 //       print '<br/>1 <b>'.$val_ids[0].'</b>';
                 if (function_exists('cleancommalist')) {
                     $val_ids[0] = cleanCommaList($val_ids[0]);
@@ -457,13 +457,13 @@ function UserAttributeValue($user = 0, $attribute = 0)
         $table_prefix".'listattr_'.$att['tablename'].".id = $user_att_table".".value and
         $user_att_table".'.attributeid = '.$attribute);
             $row = Sql_Fetch_row($res);
-            $value = $row[0];
+            $value = $row ? $row[0] : '';
             break;
         default:
             $res = Sql_Query(sprintf('select value from %s where
         userid = %d and attributeid = %d', $user_att_table, $user, $attribute));
             $row = Sql_Fetch_row($res);
-            $value = $row[0];
+            $value = $row ? $row[0] : '';
     }
 
     return stripslashes($value);
@@ -588,7 +588,7 @@ function addEmailToBlackList($email, $reason = '', $date = '')
     Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")',
         $GLOBALS['tables']['user_blacklist_data'], sql_escape($email),
         'reason', addslashes($reason)));
-    foreach (array('REMOTE_ADDR') as $item) { // @@@do we want to know more?
+    foreach (array('REMOTE_ADDR','HTTP_X_FORWARDED_FOR') as $item) { // @@@do we want to know more?
         if (isset($_SERVER[$item])) {
             Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")',
                 $GLOBALS['tables']['user_blacklist_data'], addslashes($email),
@@ -829,7 +829,7 @@ function addUserHistory($email, $msg, $detail)
             }
         }
     } else {
-        $default = array('HTTP_USER_AGENT', 'HTTP_REFERER', 'REMOTE_ADDR', 'REQUEST_URI');
+        $default = array('HTTP_USER_AGENT', 'HTTP_REFERER', 'REMOTE_ADDR', 'REQUEST_URI','HTTP_X_FORWARDED_FOR');
         foreach ($sysarrays as $key => $val) {
             if (in_array($key, $default)) {
                 $sysinfo .= "\n".strip_tags($key).' = '.htmlspecialchars($val);
@@ -839,13 +839,8 @@ function addUserHistory($email, $msg, $detail)
 
     $userid = Sql_Fetch_Row_Query("select id from $user_table where email = \"$email\"");
     if ($userid[0]) {
-        if (isset($_SERVER['REMOTE_ADDR'])) {
-            $ip = $_SERVER['REMOTE_ADDR'];
-        } else {
-            $ip = '';
-        }
         Sql_Query(sprintf('insert into %s (ip,userid,date,summary,detail,systeminfo)
-            values("%s",%d,now(),"%s","%s","%s")', $user_his_table, $ip, $userid[0], sql_escape($msg),
+            values("%s",%d,now(),"%s","%s","%s")', $user_his_table, getClientIP(), $userid[0], sql_escape($msg),
             sql_escape(htmlspecialchars($detail)), sql_escape($sysinfo)));
     }
 }