diff --git a/classes/rex-media-service.html b/classes/rex-media-service.html
index 4181861c6..00ad0c7c3 100644
--- a/classes/rex-media-service.html
+++ b/classes/rex-media-service.html
@@ -158,9 +158,9 @@ Holt ein upgeloadetes File und legt es in den Medienpool
@@ -314,9 +314,9 @@
Holt ein upgeloadetes File und legt es in den Medienpool
diff --git a/classes/rex-response.html b/classes/rex-response.html
index f77394ec5..c81e1af92 100644
--- a/classes/rex-response.html
+++ b/classes/rex-response.html
@@ -789,9 +789,9 @@
Cleans all output buffers.
@@ -822,9 +822,9 @@ Clear the given cookie by name.
@@ -898,9 +898,9 @@
@@ -930,9 +930,9 @@
Returns a request save NONCE für CSP Headers and Implemntations.
@@ -967,9 +967,9 @@ Returns the HTTP Status code.
@@ -1004,9 +1004,9 @@ Set a file to be preload via http link header.
@@ -1061,9 +1061,9 @@ Sends the cache control header.
@@ -1104,9 +1104,9 @@ Sends content to the client.
@@ -1176,9 +1176,9 @@ Sends the content type header.
@@ -1219,9 +1219,9 @@
@@ -1303,9 +1303,9 @@
Checks if content has changed by the etag cachekey.
@@ -1354,9 +1354,9 @@ Sends a file to client.
@@ -1430,9 +1430,9 @@
@@ -1492,9 +1492,9 @@
Checks if content has changed by the last modified timestamp.
@@ -1543,9 +1543,9 @@ Sends a page to client.
@@ -1599,9 +1599,9 @@ Redirects to a URL.
@@ -1672,9 +1672,9 @@ Sends a resource to the client.
@@ -1762,9 +1762,9 @@ Set a http response header. A existing header with the same name will be overridden.
@@ -1812,9 +1812,9 @@ Sets the HTTP Status code.
@@ -1870,9 +1870,9 @@ Encodes the content with GZIP/X-GZIP if the browser supports one of them.
diff --git a/files/redaxo-main/redaxo/src/addons/mediapool/lib/service_media.php.txt b/files/redaxo-main/redaxo/src/addons/mediapool/lib/service_media.php.txt
index c94926b5d..c72308812 100644
--- a/files/redaxo-main/redaxo/src/addons/mediapool/lib/service_media.php.txt
+++ b/files/redaxo-main/redaxo/src/addons/mediapool/lib/service_media.php.txt
@@ -1,5 +1,7 @@
setTable(rex::getTablePrefix() . 'media');
$saveObject->setValue('filetype', $data['file']['type']);
@@ -203,6 +207,8 @@ final class rex_media_service
@chmod($dstFile, rex::getFilePerm());
+ self::sanitizeMedia($dstFile, $filetype);
+
$saveObject->setValue('filetype', $filetype);
$saveObject->setValue('filesize', filesize($dstFile));
$saveObject->setValue('originalname', $file['name']);
@@ -370,4 +376,22 @@ final class rex_media_service
return $items;
}
+
+ private static function sanitizeMedia(string $path, ?string $type): void
+ {
+ if ('image/svg+xml' !== $type && 'svg' !== strtolower(rex_file::extension($path))) {
+ return;
+ }
+
+ $content = rex_type::notNull(rex_file::get($path));
+
+ $antiXss = new AntiXSS();
+ $antiXss->removeEvilAttributes(['style']);
+ $antiXss->removeEvilHtmlTags(['style', 'svg', 'title']);
+
+ $content = $antiXss->xss_clean($content);
+ $content = preg_replace('/^\s*<\?xml(.*?)\?>/', '', $content);
+
+ rex_file::put($path, $content);
+ }
}
diff --git a/files/redaxo-main/redaxo/src/addons/phpmailer/lib/mailer.php.txt b/files/redaxo-main/redaxo/src/addons/phpmailer/lib/mailer.php.txt
index fd507c5df..3a186dac4 100644
--- a/files/redaxo-main/redaxo/src/addons/phpmailer/lib/mailer.php.txt
+++ b/files/redaxo-main/redaxo/src/addons/phpmailer/lib/mailer.php.txt
@@ -249,20 +249,19 @@ class rex_mailer extends PHPMailer
{
$addon = rex_addon::get('phpmailer');
$logFile = rex_path::log('system.log');
- $sendTime = $addon->getConfig('last_log_file_send_time', 0);
- $lasterrors = $addon->getConfig('last_errors', '');
- $currenterrors = '';
- $timediff = time() - $sendTime;
+ $lastSendTime = (int) $addon->getConfig('last_log_file_send_time', 0);
+ $lastErrors = (string) $addon->getConfig('last_errors', '');
+ $currentErrors = '';
- if ($timediff <= $addon->getConfig('errormail') || !filesize($logFile)) {
+ // Check if the log file has content
+ if (!filesize($logFile)) {
return;
}
$file = rex_log_file::factory($logFile);
-
$logevent = false;
- // Start - generate mailbody
+ // Start - generate mail body
$mailBody = 'Error protocol for: ' . rex::getServerName() . '
';
$mailBody .= ' ';
$mailBody .= '';
@@ -278,8 +277,11 @@ class rex_mailer extends PHPMailer
$mailBody .= ' ';
$mailBody .= ' ';
+ $errorCount = 0;
+ $maxErrors = 30; // Maximum number of errors to process
+
/** @var rex_log_entry $entry */
- foreach (new LimitIterator($file, 0, 30) as $entry) {
+ foreach (new LimitIterator($file, 0, $maxErrors) as $entry) {
$data = $entry->getData();
$time = rex_formatter::intlDateTime($entry->getTimestamp(), [IntlDateFormatter::SHORT, IntlDateFormatter::MEDIUM]);
$type = $data[0];
@@ -289,24 +291,11 @@ class rex_mailer extends PHPMailer
$url = $data[4] ?? '';
$style = '';
- $logtypes = [
- 'error',
- 'exception',
- ];
-
- foreach ($logtypes as $logtype) {
- if (false !== stripos($type, $logtype)) {
- $logevent = true;
- $style = ' class="errorbg"';
- $currenterrors .= $entry->getTimestamp() . ' ';
- break;
- }
- }
-
- if ('logevent' == $type) {
- $style = ' class="eventbg"';
+ if (false !== stripos($type, 'error') || false !== stripos($type, 'exception') || 'logevent' === $type) {
+ $style = ' class="' . (('logevent' === $type) ? 'eventbg' : 'errorbg') . '"';
$logevent = true;
- $currenterrors .= $entry->getTimestamp() . ' ';
+ $currentErrors .= $entry->getTimestamp() . $type . $message;
+ ++$errorCount;
}
$mailBody .= ' ';
@@ -317,29 +306,46 @@ class rex_mailer extends PHPMailer
$mailBody .= ' | ' . $line . ' | ';
$mailBody .= ' ' . $url . ' | ';
$mailBody .= ' ';
+
+ if ($errorCount >= $maxErrors) {
+ break;
+ }
}
- // check if logevent occured then send mail
+ $mailBody .= ' ';
+ $mailBody .= '
';
+
+ // If no errors were found, terminate
if (!$logevent) {
return;
}
- if ($lasterrors === $currenterrors || '' == $currenterrors) {
+ // Create hash of current errors
+ $currentErrorsHash = md5($currentErrors);
+
+ // Combine time-based and content-based checks
+ $timeSinceLastSend = time() - $lastSendTime;
+ $errorMailInterval = (int) $addon->getConfig('errormail');
+
+ if ($timeSinceLastSend < $errorMailInterval && $currentErrorsHash === $lastErrors) {
return;
}
- $mailBody .= ' ';
- $mailBody .= '';
- // End - generate mailbody
-
+ // Send email
$mail = new self();
- $mail->Subject = rex::getServerName() . ' - error report ';
+ $mail->Subject = rex::getServerName() . ' - Error Report';
$mail->Body = $mailBody;
$mail->AltBody = strip_tags($mailBody);
- $mail->FromName = 'REDAXO error report';
+ $mail->FromName = 'REDAXO Error Report';
$mail->addAddress(rex::getErrorEmail());
- $addon->setConfig('last_errors', $currenterrors);
- $addon->setConfig('last_log_file_send_time', time());
- $mail->Send();
+
+ // Set X-Mailer header for ErrorMails
+ $mail->XMailer = 'REDAXO/' . rex::getVersion() . ' ErrorMailer';
+
+ if ($mail->Send()) {
+ // Update configuration only if email was sent successfully
+ $addon->setConfig('last_errors', $currentErrorsHash);
+ $addon->setConfig('last_log_file_send_time', time());
+ }
}
}
diff --git a/files/redaxo-main/redaxo/src/core/lib/response.php.txt b/files/redaxo-main/redaxo/src/core/lib/response.php.txt
index 90770bd61..4a86a53c2 100644
--- a/files/redaxo-main/redaxo/src/core/lib/response.php.txt
+++ b/files/redaxo-main/redaxo/src/core/lib/response.php.txt
@@ -28,6 +28,7 @@ class rex_response
private static bool $sentEtag = false;
private static bool $sentContentType = false;
private static bool $sentCacheControl = false;
+ private static bool $closeConnection = false;
private static array $additionalHeaders = [];
private static array $preloadFiles = [];
private static string $nonce = '';
@@ -275,7 +276,7 @@ class rex_response
$hasShutdownExtension = rex_extension::isRegistered('RESPONSE_SHUTDOWN');
if ($hasShutdownExtension) {
- header('Connection: close');
+ self::$closeConnection = true;
}
self::sendContent($content, null, $lastModified);
@@ -340,10 +341,21 @@ class rex_response
self::sendAdditionalHeaders();
self::sendPreloadHeaders();
+ $finish = null;
+ if (function_exists('fastcgi_finish_request')) {
+ $finish = fastcgi_finish_request(...);
+ } elseif (function_exists('litespeed_finish_request')) {
+ $finish = litespeed_finish_request(...);
+ } elseif (self::$closeConnection) {
+ header('Connection: close');
+ }
+
echo $content;
- if (function_exists('fastcgi_finish_request')) {
- fastcgi_finish_request();
+ if ($finish) {
+ $finish();
+ } elseif (!in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true)) {
+ flush();
}
}