Skip to content

Commit

Permalink
Hide SMTP credentials in all but lowest level debug output, fixes PHP…
Browse files Browse the repository at this point in the history
  • Loading branch information
Synchro committed Nov 17, 2017
1 parent f88dc86 commit 57f5d8e
Showing 1 changed file with 13 additions and 4 deletions.
17 changes: 13 additions & 4 deletions src/SMTP.php
Original file line number Diff line number Diff line change
Expand Up @@ -702,7 +702,7 @@ public function data($msg_data)
if (!empty($line_out) and $line_out[0] == '.') {
$line_out = '.' . $line_out;
}
$this->client_send($line_out . static::LE);
$this->client_send($line_out . static::LE, 'DATA');
}
}

Expand Down Expand Up @@ -898,7 +898,7 @@ protected function sendCommand($command, $commandstring, $expect)

return false;
}
$this->client_send($commandstring . static::LE);
$this->client_send($commandstring . static::LE, $command);

$this->last_reply = $this->get_lines();
// Fetch SMTP code and possible error code explanation
Expand Down Expand Up @@ -1005,12 +1005,21 @@ public function turn()
* Send raw data to the server.
*
* @param string $data The data to send
* @param string $command Optionally, the command this is part of, used only for controlling debug output
*
* @return int|bool The number of bytes sent to the server or false on error
*/
public function client_send($data)
public function client_send($data, $command = '')
{
$this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
//If SMTP transcripts are left enabled, or debug output is posted online
//it can leak credentials, so hide credentials in all but lowest level
if (self::DEBUG_LOWLEVEL > $this->do_debug and
in_array($command, ['User & Password', 'Username', 'Password'], true))
{
$this->edebug('CLIENT -> SERVER: <credentials hidden>', self::DEBUG_CLIENT);
} else {
$this->edebug('CLIENT -> SERVER: ' . $data, self::DEBUG_CLIENT);
}
set_error_handler([$this, 'errorHandler']);
$result = fwrite($this->smtp_conn, $data);
restore_error_handler();
Expand Down

0 comments on commit 57f5d8e

Please sign in to comment.