Version Description
- 2022-08-29 = FIX*
- Server side forgery
Download this release
Release Info
| Developer | wpexpertsio |
| Plugin |  Post SMTP Mailer/Email Log |
| Version | 2.1.6 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.5 to 2.1.6
- Postman/Postman-Configuration/PostmanConfigurationController.php +36 -0
- Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php +36 -0
- Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php +9 -0
- Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php +9 -0
- postman-smtp.php +5 -3
- readme.txt +6 -2
Postman/Postman-Configuration/PostmanConfigurationController.php
CHANGED
|
@@ -712,6 +712,15 @@ class PostmanGetHostnameByEmailAjaxController extends PostmanAbstractAjaxHandler
|
|
| 712 |
|
| 713 |
check_admin_referer('post-smtp', 'security');
|
| 714 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 715 |
$goDaddyHostDetected = $this->getBooleanRequestParameter( 'go_daddy' );
|
| 716 |
$email = $this->getRequestParameter( 'email' );
|
| 717 |
$d = new PostmanSmtpDiscovery( $email );
|
|
@@ -748,6 +757,15 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
|
|
| 748 |
function getManualConfigurationViaAjax() {
|
| 749 |
|
| 750 |
check_admin_referer('post-smtp', 'security');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 751 |
|
| 752 |
$queryTransportType = $this->getTransportTypeFromRequest();
|
| 753 |
$queryAuthType = $this->getAuthenticationTypeFromRequest();
|
|
@@ -782,6 +800,15 @@ class PostmanManageConfigurationAjaxHandler extends PostmanAbstractAjaxHandler {
|
|
| 782 |
|
| 783 |
check_admin_referer('post-smtp', 'security');
|
| 784 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 785 |
$this->logger->debug( 'in getWizardConfiguration' );
|
| 786 |
$originalSmtpServer = $this->getRequestParameter( 'original_smtp_server' );
|
| 787 |
$queryHostData = $this->getHostDataFromRequest();
|
|
@@ -998,6 +1025,15 @@ class PostmanImportConfigurationAjaxController extends PostmanAbstractAjaxHandle
|
|
| 998 |
|
| 999 |
check_admin_referer('post-smtp', 'security');
|
| 1000 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1001 |
$importableConfiguration = new PostmanImportableConfiguration();
|
| 1002 |
$plugin = $this->getRequestParameter( 'plugin' );
|
| 1003 |
$this->logger->debug( 'Looking for config=' . $plugin );
|
| 712 |
|
| 713 |
check_admin_referer('post-smtp', 'security');
|
| 714 |
|
| 715 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 716 |
+
wp_send_json_error(
|
| 717 |
+
array(
|
| 718 |
+
'Message' => 'Unauthorized.'
|
| 719 |
+
),
|
| 720 |
+
401
|
| 721 |
+
);
|
| 722 |
+
}
|
| 723 |
+
|
| 724 |
$goDaddyHostDetected = $this->getBooleanRequestParameter( 'go_daddy' );
|
| 725 |
$email = $this->getRequestParameter( 'email' );
|
| 726 |
$d = new PostmanSmtpDiscovery( $email );
|
| 757 |
function getManualConfigurationViaAjax() {
|
| 758 |
|
| 759 |
check_admin_referer('post-smtp', 'security');
|
| 760 |
+
|
| 761 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 762 |
+
wp_send_json_error(
|
| 763 |
+
array(
|
| 764 |
+
'Message' => 'Unauthorized.'
|
| 765 |
+
),
|
| 766 |
+
401
|
| 767 |
+
);
|
| 768 |
+
}
|
| 769 |
|
| 770 |
$queryTransportType = $this->getTransportTypeFromRequest();
|
| 771 |
$queryAuthType = $this->getAuthenticationTypeFromRequest();
|
| 800 |
|
| 801 |
check_admin_referer('post-smtp', 'security');
|
| 802 |
|
| 803 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 804 |
+
wp_send_json_error(
|
| 805 |
+
array(
|
| 806 |
+
'Message' => 'Unauthorized.'
|
| 807 |
+
),
|
| 808 |
+
401
|
| 809 |
+
);
|
| 810 |
+
}
|
| 811 |
+
|
| 812 |
$this->logger->debug( 'in getWizardConfiguration' );
|
| 813 |
$originalSmtpServer = $this->getRequestParameter( 'original_smtp_server' );
|
| 814 |
$queryHostData = $this->getHostDataFromRequest();
|
| 1025 |
|
| 1026 |
check_admin_referer('post-smtp', 'security');
|
| 1027 |
|
| 1028 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 1029 |
+
wp_send_json_error(
|
| 1030 |
+
array(
|
| 1031 |
+
'Message' => 'Unauthorized.'
|
| 1032 |
+
),
|
| 1033 |
+
401
|
| 1034 |
+
);
|
| 1035 |
+
}
|
| 1036 |
+
|
| 1037 |
$importableConfiguration = new PostmanImportableConfiguration();
|
| 1038 |
$plugin = $this->getRequestParameter( 'plugin' );
|
| 1039 |
$this->logger->debug( 'Looking for config=' . $plugin );
|
Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php
CHANGED
|
@@ -224,6 +224,15 @@ class PostmanPortTestAjaxController {
|
|
| 224 |
|
| 225 |
check_admin_referer('post-smtp', 'security');
|
| 226 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 227 |
$queryHostname = PostmanUtils::getRequestParameter( 'hostname' );
|
| 228 |
// originalSmtpServer is what SmtpDiscovery thinks the SMTP server should be, given an email address
|
| 229 |
$originalSmtpServer = PostmanUtils::getRequestParameter( 'original_smtp_server' );
|
|
@@ -244,6 +253,15 @@ class PostmanPortTestAjaxController {
|
|
| 244 |
|
| 245 |
check_admin_referer('post-smtp', 'security');
|
| 246 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 247 |
$hostname = 'portquiz.net';
|
| 248 |
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
|
| 249 |
$this->logger->debug( 'testing TCP port: hostname ' . $hostname . ' port ' . $port );
|
|
@@ -260,6 +278,15 @@ class PostmanPortTestAjaxController {
|
|
| 260 |
|
| 261 |
check_admin_referer('post-smtp', 'security');
|
| 262 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 263 |
$hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) );
|
| 264 |
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
|
| 265 |
$transport = trim( PostmanUtils::getRequestParameter( 'transport' ) );
|
|
@@ -290,6 +317,15 @@ class PostmanPortTestAjaxController {
|
|
| 290 |
|
| 291 |
check_admin_referer('post-smtp', 'security');
|
| 292 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 293 |
$hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) );
|
| 294 |
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
|
| 295 |
$transport = trim( PostmanUtils::getRequestParameter( 'transport' ) );
|
| 224 |
|
| 225 |
check_admin_referer('post-smtp', 'security');
|
| 226 |
|
| 227 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 228 |
+
wp_send_json_error(
|
| 229 |
+
array(
|
| 230 |
+
'Message' => 'Unauthorized.'
|
| 231 |
+
),
|
| 232 |
+
401
|
| 233 |
+
);
|
| 234 |
+
}
|
| 235 |
+
|
| 236 |
$queryHostname = PostmanUtils::getRequestParameter( 'hostname' );
|
| 237 |
// originalSmtpServer is what SmtpDiscovery thinks the SMTP server should be, given an email address
|
| 238 |
$originalSmtpServer = PostmanUtils::getRequestParameter( 'original_smtp_server' );
|
| 253 |
|
| 254 |
check_admin_referer('post-smtp', 'security');
|
| 255 |
|
| 256 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 257 |
+
wp_send_json_error(
|
| 258 |
+
array(
|
| 259 |
+
'Message' => 'Unauthorized.'
|
| 260 |
+
),
|
| 261 |
+
401
|
| 262 |
+
);
|
| 263 |
+
}
|
| 264 |
+
|
| 265 |
$hostname = 'portquiz.net';
|
| 266 |
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
|
| 267 |
$this->logger->debug( 'testing TCP port: hostname ' . $hostname . ' port ' . $port );
|
| 278 |
|
| 279 |
check_admin_referer('post-smtp', 'security');
|
| 280 |
|
| 281 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 282 |
+
wp_send_json_error(
|
| 283 |
+
array(
|
| 284 |
+
'Message' => 'Unauthorized.'
|
| 285 |
+
),
|
| 286 |
+
401
|
| 287 |
+
);
|
| 288 |
+
}
|
| 289 |
+
|
| 290 |
$hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) );
|
| 291 |
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
|
| 292 |
$transport = trim( PostmanUtils::getRequestParameter( 'transport' ) );
|
| 317 |
|
| 318 |
check_admin_referer('post-smtp', 'security');
|
| 319 |
|
| 320 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 321 |
+
wp_send_json_error(
|
| 322 |
+
array(
|
| 323 |
+
'Message' => 'Unauthorized.'
|
| 324 |
+
),
|
| 325 |
+
401
|
| 326 |
+
);
|
| 327 |
+
}
|
| 328 |
+
|
| 329 |
$hostname = trim( PostmanUtils::getRequestParameter( 'hostname' ) );
|
| 330 |
$port = intval( PostmanUtils::getRequestParameter( 'port' ) );
|
| 331 |
$transport = trim( PostmanUtils::getRequestParameter( 'transport' ) );
|
Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php
CHANGED
|
@@ -223,6 +223,15 @@ class PostmanGetDiagnosticsViaAjax {
|
|
| 223 |
|
| 224 |
check_admin_referer('post-smtp', 'security');
|
| 225 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 226 |
$curl = curl_version();
|
| 227 |
$transportRegistry = PostmanTransportRegistry::getInstance();
|
| 228 |
$this->addToDiagnostics( 'Mailer', PostmanOptions::getInstance()->getSmtpMailer() );
|
| 223 |
|
| 224 |
check_admin_referer('post-smtp', 'security');
|
| 225 |
|
| 226 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 227 |
+
wp_send_json_error(
|
| 228 |
+
array(
|
| 229 |
+
'Message' => 'Unauthorized.'
|
| 230 |
+
),
|
| 231 |
+
401
|
| 232 |
+
);
|
| 233 |
+
}
|
| 234 |
+
|
| 235 |
$curl = curl_version();
|
| 236 |
$transportRegistry = PostmanTransportRegistry::getInstance();
|
| 237 |
$this->addToDiagnostics( 'Mailer', PostmanOptions::getInstance()->getSmtpMailer() );
|
Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php
CHANGED
|
@@ -240,6 +240,15 @@ class PostmanSendTestEmailAjaxController extends PostmanAbstractAjaxHandler {
|
|
| 240 |
|
| 241 |
check_admin_referer('post-smtp', 'security');
|
| 242 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 243 |
// get the email address of the recipient from the HTTP Request
|
| 244 |
$email = $this->getRequestParameter( 'email' );
|
| 245 |
|
| 240 |
|
| 241 |
check_admin_referer('post-smtp', 'security');
|
| 242 |
|
| 243 |
+
if( !current_user_can( Postman::MANAGE_POSTMAN_CAPABILITY_NAME ) ) {
|
| 244 |
+
wp_send_json_error(
|
| 245 |
+
array(
|
| 246 |
+
'Message' => 'Unauthorized.'
|
| 247 |
+
),
|
| 248 |
+
401
|
| 249 |
+
);
|
| 250 |
+
}
|
| 251 |
+
|
| 252 |
// get the email address of the recipient from the HTTP Request
|
| 253 |
$email = $this->getRequestParameter( 'email' );
|
| 254 |
|
postman-smtp.php
CHANGED
|
@@ -6,7 +6,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
| 6 |
* Plugin Name: Post SMTP
|
| 7 |
* Plugin URI: https://wordpress.org/plugins/post-smtp/
|
| 8 |
* Description: Email not reliable? Post SMTP is the first and only WordPress SMTP plugin to implement OAuth 2.0 for Gmail, Hotmail and Yahoo Mail. Setup is a breeze with the Configuration Wizard and integrated Port Tester. Enjoy worry-free delivery even if your password changes!
|
| 9 |
-
* Version: 2.1.
|
| 10 |
* Author: Post SMTP
|
| 11 |
* Text Domain: post-smtp
|
| 12 |
* Author URI: https://postmansmtp.com
|
|
@@ -49,7 +49,9 @@ if ( ! function_exists( 'ps_fs' ) ) {
|
|
| 49 |
'public_key' => 'pk_28fcefa3d0ae86f8cdf6b7f71c0cc',
|
| 50 |
'is_premium' => false,
|
| 51 |
'has_addons' => true,
|
| 52 |
-
|
|
|
|
|
|
|
| 53 |
'menu' => array(
|
| 54 |
'slug' => 'postman',
|
| 55 |
'first-path' => 'admin.php?page=postman/configuration_wizard',
|
|
@@ -74,7 +76,7 @@ if ( ! function_exists( 'ps_fs' ) ) {
|
|
| 74 |
define( 'POST_SMTP_BASE', __FILE__ );
|
| 75 |
define( 'POST_SMTP_PATH', __DIR__ );
|
| 76 |
define( 'POST_SMTP_URL', plugins_url('', POST_SMTP_BASE ) );
|
| 77 |
-
define( 'POST_SMTP_VER', '2.1.
|
| 78 |
define( 'POST_SMTP_ASSETS', plugin_dir_url( __FILE__ ) . 'assets/' );
|
| 79 |
|
| 80 |
$postman_smtp_exist = in_array( 'postman-smtp/postman-smtp.php', (array) get_option( 'active_plugins', array() ) );
|
| 6 |
* Plugin Name: Post SMTP
|
| 7 |
* Plugin URI: https://wordpress.org/plugins/post-smtp/
|
| 8 |
* Description: Email not reliable? Post SMTP is the first and only WordPress SMTP plugin to implement OAuth 2.0 for Gmail, Hotmail and Yahoo Mail. Setup is a breeze with the Configuration Wizard and integrated Port Tester. Enjoy worry-free delivery even if your password changes!
|
| 9 |
+
* Version: 2.1.6
|
| 10 |
* Author: Post SMTP
|
| 11 |
* Text Domain: post-smtp
|
| 12 |
* Author URI: https://postmansmtp.com
|
| 49 |
'public_key' => 'pk_28fcefa3d0ae86f8cdf6b7f71c0cc',
|
| 50 |
'is_premium' => false,
|
| 51 |
'has_addons' => true,
|
| 52 |
+
'bundle_id' => '10910',
|
| 53 |
+
'bundle_public_key' => 'pk_c5110ef04ba30cd57dd970a269a1a',
|
| 54 |
+
'has_paid_plans' => true,
|
| 55 |
'menu' => array(
|
| 56 |
'slug' => 'postman',
|
| 57 |
'first-path' => 'admin.php?page=postman/configuration_wizard',
|
| 76 |
define( 'POST_SMTP_BASE', __FILE__ );
|
| 77 |
define( 'POST_SMTP_PATH', __DIR__ );
|
| 78 |
define( 'POST_SMTP_URL', plugins_url('', POST_SMTP_BASE ) );
|
| 79 |
+
define( 'POST_SMTP_VER', '2.1.6' );
|
| 80 |
define( 'POST_SMTP_ASSETS', plugin_dir_url( __FILE__ ) . 'assets/' );
|
| 81 |
|
| 82 |
$postman_smtp_exist = in_array( 'postman-smtp/postman-smtp.php', (array) get_option( 'active_plugins', array() ) );
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Plugin URI: https://wpexperts.io/
|
|
| 3 |
Contributors: wpexpertsio
|
| 4 |
Tags: email, mail, smtp, wordpress smtp, email log, postman smtp, postman, gmail, google apps, hotmail, yahoo, mandrill api, sendgrid api, elastic email, office365, mailgun
|
| 5 |
Requires at least: 3.9
|
| 6 |
-
Tested up to: 6.0
|
| 7 |
-
Stable tag: 2.1.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -285,6 +285,10 @@ To avoid being flagged as spam, you need to prove your email isn't forged. On a
|
|
| 285 |
|
| 286 |
== Changelog ==
|
| 287 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 288 |
= 2.1.5 - 2022-08-25 =
|
| 289 |
* **FIX**
|
| 290 |
* Updated email header to prevent email from being SPAM
|
| 3 |
Contributors: wpexpertsio
|
| 4 |
Tags: email, mail, smtp, wordpress smtp, email log, postman smtp, postman, gmail, google apps, hotmail, yahoo, mandrill api, sendgrid api, elastic email, office365, mailgun
|
| 5 |
Requires at least: 3.9
|
| 6 |
+
Tested up to: 6.0.1
|
| 7 |
+
Stable tag: 2.1.6
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 285 |
|
| 286 |
== Changelog ==
|
| 287 |
|
| 288 |
+
= 2.1.6 - 2022-08-29 =
|
| 289 |
+
*FIX**
|
| 290 |
+
* Server side forgery
|
| 291 |
+
|
| 292 |
= 2.1.5 - 2022-08-25 =
|
| 293 |
* **FIX**
|
| 294 |
* Updated email header to prevent email from being SPAM
|
