Release 3.6.15

.github/workflows/build-release.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false     
       matrix:   
-        php-version: ['7.4']
+        php-version: ['8.2']
         experimental: [false]
 
     steps:
@@ -93,7 +93,7 @@ jobs:
           sudo php -S 0.0.0.0:80 -t public_html > /dev/null 2>&1 &
 
       - name: Check PHP syntax errors
-        uses: overtrue/phplint@2.4.1
+        uses: overtrue/phplint@9.1.2
         with:
           path: ./public_html
           options: --exclude=base/vendor

.github/workflows/main.yml

@@ -11,14 +11,10 @@ jobs:
     strategy:
       fail-fast: false     
       matrix:   
-        php-version: ['7.4', '8.0', '8.1']
+        php-version: ['7.4', '8.0', '8.1','8.2']
         experimental: [false]
         include:
-          - php-version: 7.2
-            experimental: true
-          - php-version: 7.3
-            experimental: true
-          - php-version: 8.2
+          - php-version: 8.3
             experimental: true
 
     steps:

CONTRIBUTING.md

@@ -25,7 +25,7 @@ Please follow the guidelines below when creating an issue so that your issue can
 
 **Avoid duplicated issues**
 
-Before you report an issue, please search through [existing issues on Mantis](https://mantis.phplist.com) and [GitHub](https://github.com/phpList/phplist3/issues) to see if your issue is already reported or fixed to make sure you are not reporting a duplicated issue. 
+Before you report an issue, please search through [existing issues](https://github.com/phpList/phplist3/issues) to see if your issue is already reported or fixed to make sure you are not reporting a duplicated issue. 
 Also, make sure you have the latest version of phpList and see if the issue still exists.
 
 

Dockerfile.release

@@ -1,5 +1,5 @@
 
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="michiel@phplist.com" 
 

VERSION

@@ -1,4 +1,4 @@
 # file that keeps track of the latest tag in cvs and the corresponding version
 # this automates publishing a new version, when it's tagged
 # if you don't understand this, don't worry. You don't need this file
-VERSION=3.6.13
+VERSION=3.6.15

public_html/lists/admin/CsvReader.php

@@ -16,7 +16,6 @@ class CsvReader
      */
     public function __construct($filename, $delimiter)
     {
-        ini_set('auto_detect_line_endings', true);
         $this->fh = fopen($filename, 'r');
         $this->delimiter = $delimiter;
         $this->totalRows = 0;

public_html/lists/admin/actions/import1.php

@@ -53,12 +53,13 @@
     if (!is_email($email) && $omit_invalid) {
         unset($email, $info);
         $count_invalid_emails++;
+    } else {
+      //# actually looks like the "info" bit will get lost, but
+      //# in a way, that doesn't matter
+      $user_list[$email] = array(
+          'info' => $info,
+      );
     }
-    //# actually looks like the "info" bit will get lost, but
-    //# in a way, that doesn't matter
-    $user_list[$email] = array(
-        'info' => $info,
-    );
 }
 
 $count_email_add = 0;

public_html/lists/admin/actions/listmembercount.php

@@ -49,11 +49,11 @@ function listMemberCounts($listId)
         .'<span class="unconfirmedCount text-warning" title="%s">%s</span>, '.' '
         .'<span class="blacklistedCount text-danger" title="%s">%s</span>'.')',
         s('Confirmed and not blacklisted members'),
-        number_format($counts['confirmed']),
+        number_format(!empty($counts['confirmed']) ? $counts['confirmed'] : 0),
         s('Unconfirmed and not blacklisted members'),
-        number_format($counts['notconfirmed']),
+        number_format(!empty($counts['notconfirmed']) ? $counts['notconfirmed'] : 0),
         s('Blacklisted members'),
-        number_format($counts['blacklisted'])
+        number_format(!empty($counts['blacklisted']) ? $counts['blacklisted'] : 0)
     );
 
     return $membersDisplay;

public_html/lists/admin/admin.php

@@ -18,6 +18,7 @@
     echo Error(s('No Access'));
     return;
 }
+$accesslevel = 'all';
 
 if (!empty($_POST['change'])) {
     if (!verifyToken()) { //# csrf check, should be added in more places
@@ -102,7 +103,7 @@
             'statistics'  => !empty($_POST['statistics']),
             'settings'    => !empty($_POST['settings']),
         );
-        Sql_Query(sprintf('update %s set modified=now(), modifiedby = "%s", privileges = "%s" where id = %d',
+        Sql_Query(sprintf('update %s set modifiedby = "%s", privileges = "%s" where id = %d',
             $GLOBALS['tables']['admin'], adminName($_SESSION['logindetails']['id']), sql_escape(serialize($privs)),
             $id));
 
@@ -157,7 +158,7 @@
 if (isset($data['privileges'])) {
     $privileges = unserialize($data['privileges']);
 } else {
-    $privileges = array();
+    $privileges = array('subscribers' => 0, 'campaigns' => 0, 'statistics' => 0, 'settings' => 0);
 }
 
 reset($struct);

public_html/lists/admin/bounce.php

@@ -18,6 +18,7 @@
 $deletebounce = isset($_GET['deletebounce']); //BUGFIX #15286 - nickyoung
 $amount = isset($_GET['amount']) ? sprintf('%d', $_GET['amount']) : ''; //BUGFIX #15286 - CS2
 $unconfirm = isset($_GET['unconfirm']); //BUGFIX #15286 - CS2
+$confirm = isset($_GET['confirm']);
 $maketext = isset($_GET['maketext']); //BUGFIX #15286 - CS2
 $deleteuser = isset($_GET['deleteuser']);  //BUGFIX #15286 - CS2
 
@@ -76,10 +77,14 @@
         }
     }
 
-    if (!empty($userid) && $unconfirm) {
-        Sql_Query(sprintf('update %s set confirmed = 0 where id = %d',
+    if (!empty($userid) && ($unconfirm || $confirm)) {
+        Sql_Query(sprintf('update %s set confirmed = ' . ($confirm ? '1' : '0')  . ' where id = %d',
             $tables['user'], $userid));
-        $actionresult .= sprintf($GLOBALS['I18N']->get('Made subscriber %s unconfirmed').'<br />', $userid);
+        if ($confirm) {
+            $actionresult .= sprintf(s('Made subscriber %s confirmed').'<br />', $userid);
+        } else {
+            $actionresult .= sprintf(s('Made subscriber %s unconfirmed').'<br />', $userid);
+        }          
     }
 
     if (!empty($userid) && $maketext) {
@@ -164,16 +169,28 @@
         $GLOBALS['I18N']->get('Memo for this rule'));
     $newruleform .= '<tr><td colspan="2"><p class="submit"><input type="submit" name="add" value="'.$GLOBALS['I18N']->get('Add new Rule').'" /></p></td></tr>';
     $newruleform .= '</table></form>';
-
     $actionpanel = '';
     $actionpanel .= '<form method="get" action="">';
     $actionpanel .= '<input type="hidden" name="page" value="'.$page.'" />';
     $actionpanel .= '<input type="hidden" name="id" value="'.$id.'" />';
     $actionpanel .= '<input type="hidden" name="type" value="'.$type.'" />';
     $actionpanel .= '<table class="bounceActions">';
-    $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('For subscriber with email').'</td><td><input type="text" name="useremail" value="'.$guessedemail.'" size="35" /></td></tr>';
+    list($msgDetails, $userDetails, $furtherDetails) = array('', '', '');
+    if (preg_match("#bounced list message ([\d]+)#", $bounce['status'], $regs))
+        $msgDetails = s('Campaign') . '&nbsp;' . PageLink2('message&id='.$regs[1], shortenTextDisplay(campaignTitle($regs[1]), 30));
+    if (isset($guessedid)) {
+        $userDetails = Sql_Fetch_Assoc_Query(sprintf('select confirmed from %s where id = %d', $tables['user'], $guessedid));
+        if ($userDetails['confirmed'] && !isBlackListed(htmlspecialchars($guessedemail)))
+            $ls_confirmed = $GLOBALS['img_tick'];
+        else
+            $ls_confirmed = $GLOBALS['img_cross'];
+        $userDetails = s('User') . '&nbsp' . PageLink2('user&id='.$guessedid, $guessedid) . '&nbsp' . $ls_confirmed . '<br />(' . s('Subscribers with a red icon are either unconfirmed or blacklisted or both') . ')';
+    }
+    if (!empty($msgDetails) || !empty($userDetails))
+        $furtherDetails = '<br />' . $msgDetails . (empty($msgDetails) ? '' : '&nbsp') . $userDetails;
+    $actionpanel .= '<tr><td>'.s('For subscriber with email').$furtherDetails.'</td><td><input type="text" name="useremail" value="'.$guessedemail.'" size="35" /></td></tr>';
     $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Increase bouncecount with').'<br />'.$GLOBALS['I18N']->get('(use negative numbers to decrease)').'</td><td><input type="text" name="amount" value="0" size="5" /></td></tr>';
-    $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Mark subscriber as unconfirmed').'<br />'.$GLOBALS['I18N']->get('(so you can resend the request for confirmation)').' </td><td><input type="checkbox" name="unconfirm" value="1" /></td></tr>';
+    $actionpanel .= '<tr><td>'.s('Mark subscriber as unconfirmed').'<br />'.s('(so you can resend the request for confirmation)').'<br />'.s('or confirmed').'<br />'.s('(so you can revert possible auto unconfirmation)'). ' </td><td>'.s('unconfirmed').'<input onclick="if (this.checked && form.confirm.checked) form.confirm.checked=false" type="checkbox" name="unconfirm" value="1" />'.s('confirmed').'<input onclick="if (this.checked && form.unconfirm.checked) form.unconfirm.checked=false" type="checkbox" name="confirm" value="1" /></td></tr>';
     $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Set subscriber to receive text instead of HTML').' </td><td><input type="checkbox" name="maketext" value="1" /></td></tr>';
     $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Delete subscriber').' </td><td><input type="checkbox" name="deleteuser" value="1" /></td></tr>';
     if (ALLOW_DELETEBOUNCE) {

public_html/lists/admin/bouncemgt.php

@@ -14,6 +14,7 @@
 echo $spb.PageLink2('checkbouncerules', s('Check Current Bounce Rules')).$spe;
 
 echo $spb.PageLink2('processbounces', s('Process Bounces')).$spe;
+echo $spb.PageLink2('processbounces&justexisting=true', s('Reprocess Only Existing Bounces'), '', false, s('Reprocess Only Existing Bounces')).$spe;
 
 echo '</ul><br />';
 
@@ -24,3 +25,4 @@
     echo '<p class="information text-warning"><big>'.s('You have already defined bounce rules in your system.      Be careful with generating new ones, because these may interfere with the ones that exist.').'</big></p>';
 }
 echo '<br /><p class="button">'.PageLink2('generatebouncerules', s('Generate Bounce Rules')).'</p>';
+

public_html/lists/admin/bounces.php

@@ -162,7 +162,8 @@
             break;
 
     }
-}
+} elseif ($status == 'processed')
+    echo s('Subscribers with a red icon are either unconfirmed or blacklisted or both');
 
 $ls = new WebblerListing(s($status).' '.s('bounces'));
 $ls->setElementHeading('Bounce ID');
@@ -195,7 +196,13 @@
         preg_match("#([\d]+) bouncecount increased#", $bounce['comment'], $regs)
         OR preg_match("#([\d]+) marked unconfirmed#", $bounce['comment'], $regs)
     ) {
-        $userIdLink = PageLink2('user&id='.$regs[1], getUserEmail($regs[1]));
+        $userIdLink = PageLink2('user&id='.$regs[1], ($regs[1]));
+        $userDetails = Sql_Fetch_Assoc_Query(sprintf('select email, confirmed from %s where id = %d', $tables['user'], $regs[1]));
+        if ($userDetails['confirmed'] && !isBlackListed(htmlspecialchars($userDetails['email'])))
+            $ls_confirmed = $GLOBALS['img_tick'];
+        else
+            $ls_confirmed = $GLOBALS['img_cross'];
+        $userIdLink .= ' ' . $ls_confirmed;
     } elseif ($bounce['comment'] == 'not processed') {
         $userIdLink = $GLOBALS['I18N']->get('Unknown');
     } else {

public_html/lists/admin/connect.php

@@ -1262,10 +1262,10 @@ function PageLinkDialogOnly($name, $desc = '', $url = '', $extraclass = '')
     return $link;
 }
 
-function PageLinkAjax($name, $desc = '', $url = '', $extraclass = '')
+function PageLinkAjax($name, $desc = '', $url = '', $extraclass = '', $title = '')
 {
     //# as PageLink2, but add the option to ajax it in a popover window
-    $link = PageLink2($name, $desc, $url);
+    $link = PageLink2($name, $desc, $url, false, $title ?: $desc);
     if ($link) {
         $link = str_replace('<a ', '<a class="ajaxable '.$extraclass.'" ', $link);
         $link .= '';

public_html/lists/admin/defaultconfig.php

@@ -125,7 +125,13 @@
         'type'        => 'text',
         'category'    => 'security',
     ),
-
+    'notify_admin_login' => array(
+        'value'       => 1,
+        'description' => s('Notify admin on login from new location'),
+        'type'        => 'boolean',
+        'category'    => 'security',
+        'allowempty'  => true,
+    ),
     // admin addresses are other people who receive copies of subscriptions
     'admin_addresses' => array(
         'value'       => '',

public_html/lists/admin/import1.php

@@ -134,8 +134,8 @@
     if (count($email_list) > 300 && !$test_import) {
         // this is a possibly a time consuming process, so lets show a progress bar
         flush();
-        // increase the memory to make sure we are not running out
-        ini_set('memory_limit', '16M');
+        // try to increase the memory to make sure we are not running out
+        @ini_set('memory_limit', '16M');
     }
 
     // View test output of emails

public_html/lists/admin/import2.php

@@ -309,16 +309,21 @@
                 //@@ Why is $attributes not used
                 $query = sprintf('select id from %s where name = "%s"', $tables['attribute'], sql_escape($column));
                 $existing = Sql_Fetch_Row_Query($query);
-                $_SESSION['import_attribute'][$column] = array(
-                    'index'  => $i,
-                    'record' => $existing[0],
-                    'column' => $column,
-                );
-                array_push($used_attributes, $existing[0]);
-                if ($existing[0]) {
+                if (!empty($existing[0])) {
                     //        $dbg .= " =known attribute id=" . $existing[0];
-                } else {
+                  $_SESSION['import_attribute'][$column] = array(
+                      'index'  => $i,
+                      'record' => $existing[0],
+                      'column' => $column,
+                  );
+                  array_push($used_attributes, $existing[0]);
+               } else {
                     //          $dbg .= " =request mapping";
+                  $_SESSION['import_attribute'][$column] = array(
+                      'index'  => $i,
+                      'record' => "",
+                      'column' => $column,
+                  );
                 }
             }
         }