Add cid default domain

[mariuszkrzaczkowski]

In reference to issue 3031, I have prepared a patch

[Synchro]

This is simple, but it opens the door for people setting it to an empty string, something too long, containing spaces, or other invalid value, which would result in invalid cids. I'd suggest either making it protected and using a setter method (that validates it), or validating the value before using it, and if it's invalid, reverting to a fixed (but valid) string. Also, this needs test coverage.

[Synchro]

Another thought: this issue only occurs inside msgHTML(), so it would seem sensible to add it as an optional param to that method. That way we don't need a new property (we already have too many), and can inline the validation for it, so don't need a new method either.

[mariuszkrzaczkowski]

I've added some corrections, check them out

[Synchro]

While that's much neater, the default of a for the domain is as identifiable as the original phpmailer.0 default so it's not solving much from a security perspective (though obviously it is if you populate the parameter). Also I recall that there was something that required a . within the domain part, so that it would parse as a domain, but didn't need to actually exist, hence the current .0.

[mariuszkrzaczkowski]

To make it work automatically, maybe let's set $cid_domain to the sender's domain from $this->From ?

[mariuszkrzaczkowski]

maybe something like that?

    public function msgHTML($message, $basedir = '', $advanced = false)
    {
        $cid_domain = '@phpmailer.0';
        if (filter_var($this->From, FILTER_VALIDATE_EMAIL)) {
            //prepend with a character to create valid RFC822 string in order to validate
            $cid_domain = substr( $this->From, strpos( $this->From, '@') + 1);
        }

        preg_match_all('/(?<!-)(src|background)=["\'](.*)["\']/Ui', $message, $images);

[mariuszkrzaczkowski]

@Synchro Any comment on this?