Release 3.6.15 (#1034)

* Translations for 3.6.15  (#1032)

* Translated using Weblate (English)

Currently translated at 91.4% (1950 of 2132 strings)

Translation: phpList/phpList3
Translate-URL: http://translate.phplist.org/projects/phplist/phplist3/en/

* Translated using Weblate (French)

Currently translated at 99.8% (2128 of 2132 strings)

Translation: phpList/phpList3
Translate-URL: http://translate.phplist.org/projects/phplist/phplist3/fr/

---------

Co-authored-by: Duncan Cameron <[email protected]>
Co-authored-by: Alain Rihs <[email protected]>

* Support for indicating and getting feedback for e-mail test messages (#1031)

* Update sendemaillib.php

1. Appended a test subject indicator to test messages
1. Added a reply-to address to test messages that have no manual reply-to: using the logged in admin's address or at least the general admin's

* Update sendemaillib.php

Rephrased variable name

* Update sendemaillib.php

Switched to using $admin_auth

* Allowing subscribers to be filtered by confirmed and/or blacklisted (#1030)

* Update users.php

Allowed to filter by confirmed and/or non blacklisted - and not just by unconfirmed and/or blacklisted

* Changed users to subscribers

* Bouncemgt - allowing processing only existing bounces + a related new rule action (#1028)

* Update bouncemgt.php

Added &justexisting=true

* Update processbounces.php

1. Added support for &justexisting=true
1. Added support for new bounce rule action

* Update lib.php

Added support for new bounce action

* Update bouncemgt.php

Added non default title (otherwise it takes the wrong one)

* Update processbounces.php

1. Replaced goto with if-else
1. Hardcoded "-1" instead of supplying it in a sprintf value

* Hardcoding defaults for older PHP versions

* Removed modern solution

* Update Common plugin and Segment plugin (#1024)

* Define timestamp columns explicitly (#1019)

* Define timestamp fields explicitly to avoid problem with the mysql setting explicit_defaults_for_timestamp

* Remove setting of timestamp fields that are automatically updated

* update CI to remove old PHP versions and add 8.3 (#1004)

* Escape single quote in error message (#1003)

* Allow ajax page links to have a title, defaulting to the link description (#1002)

Fixes #996

* Update CONTRIBUTING.md (#994)

Removed obsolete references

* update UUID class to the latest upstream (#990)

* update UUID class to the latest upstream

* clean up old files

* use the list order, even when grouping by category (#1025)

* restore ability to create other super users (#1014)

* restore ability to create other super users

* correctly initialise the privileges array

* Bounces' subscriber' status indicator + allowing to confirm right from bounces (#1029)

* Update listbounces.php

Added support for confirmed/blacklisted indicator

* Update bounces.php

Added confirmed/blacklisted indicator

* Update bounce.php

1. Added confirmed/blacklisted indicator
1. Added support for confirming user from a bounce

* Update bounce.php

1. Avoided ternary if because translation system doesn't support it
1. Used the newer s() function

* Update listbounces.php

Added curly brackets

* Used potential translation

* Php8fixes 202401 (#1026)

* remove deprecated ini_set call

* stop possible warning

* avoid warning

* avoid warning

* cast to int

* avoid warning on existing being null

* force template to be an integer

* suppress warnings

* check on valid var and cast to int

* give buttons an ID, so they can be targetted with testing

* avoid warning on empty array index

* add notification by email when an admin logs in from a new IP address. (#1027)

* add notification by email when an admin logs in from a new IP address.

* check IP per admin

* force columns to be not null

* prevent blocking login on an non-upgraded system and send login alert just to admin, or superuser

* keep newlines in translation as they are

* make shorter lines, so it renders a bit better

* Remove redundant upgrade steps (#1020)

* Remove steps that are unnecessary due to the 3.2.0 being the minimum upgrade version

* Keep silent when there are no subscriber UUIDs to generate

* Remove other unnecessary upgrade steps

---------

Co-authored-by: Michiel Dethmers <[email protected]>

* Use utf8mb4 for the connection etc (#1001)

* Use utf8mb4 for the connection etc

* Support utf8mb4 in campaign subject and content

---------

Co-authored-by: Michiel Dethmers <[email protected]>

* use PHP8.2 to build

* use latest phplint

* update docker build from bookworm

* set version

* avoid the admin being kicked out after upgrade (#1033)

* mark update translations as @wip

---------

Co-authored-by: Duncan Cameron <[email protected]>
Co-authored-by: Alain Rihs <[email protected]>
Co-authored-by: lwcorp <[email protected]>
Co-authored-by: Duncan Cameron <[email protected]>
Co-authored-by: Michiel Dethmers <[email protected]>

Author: 5 people

.github/workflows/build-release.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false     
       matrix:   
-        php-version: ['7.4']
+        php-version: ['8.2']
         experimental: [false]
 
     steps:
@@ -93,7 +93,7 @@ jobs:
           sudo php -S 0.0.0.0:80 -t public_html > /dev/null 2>&1 &
 
       - name: Check PHP syntax errors
-        uses: overtrue/phplint@2.4.1
+        uses: overtrue/phplint@9.1.2
         with:
           path: ./public_html
           options: --exclude=base/vendor

.github/workflows/main.yml

@@ -11,14 +11,10 @@ jobs:
     strategy:
       fail-fast: false     
       matrix:   
-        php-version: ['7.4', '8.0', '8.1']
+        php-version: ['7.4', '8.0', '8.1','8.2']
         experimental: [false]
         include:
-          - php-version: 7.2
-            experimental: true
-          - php-version: 7.3
-            experimental: true
-          - php-version: 8.2
+          - php-version: 8.3
             experimental: true
 
     steps:

CONTRIBUTING.md

@@ -25,7 +25,7 @@ Please follow the guidelines below when creating an issue so that your issue can
 
 **Avoid duplicated issues**
 
-Before you report an issue, please search through [existing issues on Mantis](https://mantis.phplist.com) and [GitHub](https://github.com/phpList/phplist3/issues) to see if your issue is already reported or fixed to make sure you are not reporting a duplicated issue. 
+Before you report an issue, please search through [existing issues](https://github.com/phpList/phplist3/issues) to see if your issue is already reported or fixed to make sure you are not reporting a duplicated issue. 
 Also, make sure you have the latest version of phpList and see if the issue still exists.
 
 

Dockerfile.release

@@ -1,5 +1,5 @@
 
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="[email protected]" 
 

VERSION

@@ -1,4 +1,4 @@
 # file that keeps track of the latest tag in cvs and the corresponding version
 # this automates publishing a new version, when it's tagged
 # if you don't understand this, don't worry. You don't need this file
-VERSION=3.6.13
+VERSION=3.6.15

composer.lock

@@ -16,7 +16,6 @@ class CsvReader
      */
     public function __construct($filename, $delimiter)
     {
-        ini_set('auto_detect_line_endings', true);
         $this->fh = fopen($filename, 'r');
         $this->delimiter = $delimiter;
         $this->totalRows = 0;

public_html/lists/admin/CsvReader.php

@@ -53,12 +53,13 @@
     if (!is_email($email) && $omit_invalid) {
         unset($email, $info);
         $count_invalid_emails++;
+    } else {
+      //# actually looks like the "info" bit will get lost, but
+      //# in a way, that doesn't matter
+      $user_list[$email] = array(
+          'info' => $info,
+      );
     }
-    //# actually looks like the "info" bit will get lost, but
-    //# in a way, that doesn't matter
-    $user_list[$email] = array(
-        'info' => $info,
-    );
 }
 
 $count_email_add = 0;

public_html/lists/admin/actions/import1.php

@@ -49,11 +49,11 @@ function listMemberCounts($listId)
         .'<span class="unconfirmedCount text-warning" title="%s">%s</span>, '.' '
         .'<span class="blacklistedCount text-danger" title="%s">%s</span>'.')',
         s('Confirmed and not blacklisted members'),
-        number_format($counts['confirmed']),
+        number_format(!empty($counts['confirmed']) ? $counts['confirmed'] : 0),
         s('Unconfirmed and not blacklisted members'),
-        number_format($counts['notconfirmed']),
+        number_format(!empty($counts['notconfirmed']) ? $counts['notconfirmed'] : 0),
         s('Blacklisted members'),
-        number_format($counts['blacklisted'])
+        number_format(!empty($counts['blacklisted']) ? $counts['blacklisted'] : 0)
     );
 
     return $membersDisplay;

public_html/lists/admin/actions/listmembercount.php

@@ -18,6 +18,7 @@
     echo Error(s('No Access'));
     return;
 }
+$accesslevel = 'all';
 
 if (!empty($_POST['change'])) {
     if (!verifyToken()) { //# csrf check, should be added in more places
@@ -102,7 +103,7 @@
             'statistics'  => !empty($_POST['statistics']),
             'settings'    => !empty($_POST['settings']),
         );
-        Sql_Query(sprintf('update %s set modified=now(), modifiedby = "%s", privileges = "%s" where id = %d',
+        Sql_Query(sprintf('update %s set modifiedby = "%s", privileges = "%s" where id = %d',
             $GLOBALS['tables']['admin'], adminName($_SESSION['logindetails']['id']), sql_escape(serialize($privs)),
             $id));
 
@@ -157,7 +158,7 @@
 if (isset($data['privileges'])) {
     $privileges = unserialize($data['privileges']);
 } else {
-    $privileges = array();
+    $privileges = array('subscribers' => 0, 'campaigns' => 0, 'statistics' => 0, 'settings' => 0);
 }
 
 reset($struct);

public_html/lists/admin/admin.php

@@ -18,6 +18,7 @@
 $deletebounce = isset($_GET['deletebounce']); //BUGFIX #15286 - nickyoung
 $amount = isset($_GET['amount']) ? sprintf('%d', $_GET['amount']) : ''; //BUGFIX #15286 - CS2
 $unconfirm = isset($_GET['unconfirm']); //BUGFIX #15286 - CS2
+$confirm = isset($_GET['confirm']);
 $maketext = isset($_GET['maketext']); //BUGFIX #15286 - CS2
 $deleteuser = isset($_GET['deleteuser']);  //BUGFIX #15286 - CS2
 
@@ -76,10 +77,14 @@
         }
     }
 
-    if (!empty($userid) && $unconfirm) {
-        Sql_Query(sprintf('update %s set confirmed = 0 where id = %d',
+    if (!empty($userid) && ($unconfirm || $confirm)) {
+        Sql_Query(sprintf('update %s set confirmed = ' . ($confirm ? '1' : '0')  . ' where id = %d',
             $tables['user'], $userid));
-        $actionresult .= sprintf($GLOBALS['I18N']->get('Made subscriber %s unconfirmed').'<br />', $userid);
+        if ($confirm) {
+            $actionresult .= sprintf(s('Made subscriber %s confirmed').'<br />', $userid);
+        } else {
+            $actionresult .= sprintf(s('Made subscriber %s unconfirmed').'<br />', $userid);
+        }          
     }
 
     if (!empty($userid) && $maketext) {
@@ -164,16 +169,28 @@
         $GLOBALS['I18N']->get('Memo for this rule'));
     $newruleform .= '<tr><td colspan="2"><p class="submit"><input type="submit" name="add" value="'.$GLOBALS['I18N']->get('Add new Rule').'" /></p></td></tr>';
     $newruleform .= '</table></form>';
-
     $actionpanel = '';
     $actionpanel .= '<form method="get" action="">';
     $actionpanel .= '<input type="hidden" name="page" value="'.$page.'" />';
     $actionpanel .= '<input type="hidden" name="id" value="'.$id.'" />';
     $actionpanel .= '<input type="hidden" name="type" value="'.$type.'" />';
     $actionpanel .= '<table class="bounceActions">';
-    $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('For subscriber with email').'</td><td><input type="text" name="useremail" value="'.$guessedemail.'" size="35" /></td></tr>';
+    list($msgDetails, $userDetails, $furtherDetails) = array('', '', '');
+    if (preg_match("#bounced list message ([\d]+)#", $bounce['status'], $regs))
+        $msgDetails = s('Campaign') . '&nbsp;' . PageLink2('message&id='.$regs[1], shortenTextDisplay(campaignTitle($regs[1]), 30));
+    if (isset($guessedid)) {
+        $userDetails = Sql_Fetch_Assoc_Query(sprintf('select confirmed from %s where id = %d', $tables['user'], $guessedid));
+        if ($userDetails['confirmed'] && !isBlackListed(htmlspecialchars($guessedemail)))
+            $ls_confirmed = $GLOBALS['img_tick'];
+        else
+            $ls_confirmed = $GLOBALS['img_cross'];
+        $userDetails = s('User') . '&nbsp' . PageLink2('user&id='.$guessedid, $guessedid) . '&nbsp' . $ls_confirmed . '<br />(' . s('Subscribers with a red icon are either unconfirmed or blacklisted or both') . ')';
+    }
+    if (!empty($msgDetails) || !empty($userDetails))
+        $furtherDetails = '<br />' . $msgDetails . (empty($msgDetails) ? '' : '&nbsp') . $userDetails;
+    $actionpanel .= '<tr><td>'.s('For subscriber with email').$furtherDetails.'</td><td><input type="text" name="useremail" value="'.$guessedemail.'" size="35" /></td></tr>';
     $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Increase bouncecount with').'<br />'.$GLOBALS['I18N']->get('(use negative numbers to decrease)').'</td><td><input type="text" name="amount" value="0" size="5" /></td></tr>';
-    $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Mark subscriber as unconfirmed').'<br />'.$GLOBALS['I18N']->get('(so you can resend the request for confirmation)').' </td><td><input type="checkbox" name="unconfirm" value="1" /></td></tr>';
+    $actionpanel .= '<tr><td>'.s('Mark subscriber as unconfirmed').'<br />'.s('(so you can resend the request for confirmation)').'<br />'.s('or confirmed').'<br />'.s('(so you can revert possible auto unconfirmation)'). ' </td><td>'.s('unconfirmed').'<input onclick="if (this.checked && form.confirm.checked) form.confirm.checked=false" type="checkbox" name="unconfirm" value="1" />'.s('confirmed').'<input onclick="if (this.checked && form.unconfirm.checked) form.unconfirm.checked=false" type="checkbox" name="confirm" value="1" /></td></tr>';
     $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Set subscriber to receive text instead of HTML').' </td><td><input type="checkbox" name="maketext" value="1" /></td></tr>';
     $actionpanel .= '<tr><td>'.$GLOBALS['I18N']->get('Delete subscriber').' </td><td><input type="checkbox" name="deleteuser" value="1" /></td></tr>';
     if (ALLOW_DELETEBOUNCE) {

public_html/lists/admin/bounce.php

@@ -14,6 +14,7 @@
 echo $spb.PageLink2('checkbouncerules', s('Check Current Bounce Rules')).$spe;
 
 echo $spb.PageLink2('processbounces', s('Process Bounces')).$spe;
+echo $spb.PageLink2('processbounces&justexisting=true', s('Reprocess Only Existing Bounces'), '', false, s('Reprocess Only Existing Bounces')).$spe;
 
 echo '</ul><br />';
 
@@ -24,3 +25,4 @@
     echo '<p class="information text-warning"><big>'.s('You have already defined bounce rules in your system.      Be careful with generating new ones, because these may interfere with the ones that exist.').'</big></p>';
 }
 echo '<br /><p class="button">'.PageLink2('generatebouncerules', s('Generate Bounce Rules')).'</p>';
+

public_html/lists/admin/bouncemgt.php

@@ -162,7 +162,8 @@
             break;
 
     }
-}
+} elseif ($status == 'processed')
+    echo s('Subscribers with a red icon are either unconfirmed or blacklisted or both');
 
 $ls = new WebblerListing(s($status).' '.s('bounces'));
 $ls->setElementHeading('Bounce ID');
@@ -195,7 +196,13 @@
         preg_match("#([\d]+) bouncecount increased#", $bounce['comment'], $regs)
         OR preg_match("#([\d]+) marked unconfirmed#", $bounce['comment'], $regs)
     ) {
-        $userIdLink = PageLink2('user&id='.$regs[1], getUserEmail($regs[1]));
+        $userIdLink = PageLink2('user&id='.$regs[1], ($regs[1]));
+        $userDetails = Sql_Fetch_Assoc_Query(sprintf('select email, confirmed from %s where id = %d', $tables['user'], $regs[1]));
+        if ($userDetails['confirmed'] && !isBlackListed(htmlspecialchars($userDetails['email'])))
+            $ls_confirmed = $GLOBALS['img_tick'];
+        else
+            $ls_confirmed = $GLOBALS['img_cross'];
+        $userIdLink .= ' ' . $ls_confirmed;
     } elseif ($bounce['comment'] == 'not processed') {
         $userIdLink = $GLOBALS['I18N']->get('Unknown');
     } else {

public_html/lists/admin/bounces.php

@@ -1262,10 +1262,10 @@ function PageLinkDialogOnly($name, $desc = '', $url = '', $extraclass = '')
     return $link;
 }
 
-function PageLinkAjax($name, $desc = '', $url = '', $extraclass = '')
+function PageLinkAjax($name, $desc = '', $url = '', $extraclass = '', $title = '')
 {
     //# as PageLink2, but add the option to ajax it in a popover window
-    $link = PageLink2($name, $desc, $url);
+    $link = PageLink2($name, $desc, $url, false, $title ?: $desc);
     if ($link) {
         $link = str_replace('<a ', '<a class="ajaxable '.$extraclass.'" ', $link);
         $link .= '';

public_html/lists/admin/connect.php

@@ -125,7 +125,13 @@
         'type'        => 'text',
         'category'    => 'security',
     ),
-
+    'notify_admin_login' => array(
+        'value'       => 1,
+        'description' => s('Notify admin on login from new location'),
+        'type'        => 'boolean',
+        'category'    => 'security',
+        'allowempty'  => true,
+    ),
     // admin addresses are other people who receive copies of subscriptions
     'admin_addresses' => array(
         'value'       => '',

public_html/lists/admin/defaultconfig.php

@@ -134,8 +134,8 @@
     if (count($email_list) > 300 && !$test_import) {
         // this is a possibly a time consuming process, so lets show a progress bar
         flush();
-        // increase the memory to make sure we are not running out
-        ini_set('memory_limit', '16M');
+        // try to increase the memory to make sure we are not running out
+        @ini_set('memory_limit', '16M');
     }
 
     // View test output of emails

public_html/lists/admin/import1.php

@@ -309,16 +309,21 @@
                 //@@ Why is $attributes not used
                 $query = sprintf('select id from %s where name = "%s"', $tables['attribute'], sql_escape($column));
                 $existing = Sql_Fetch_Row_Query($query);
-                $_SESSION['import_attribute'][$column] = array(
-                    'index'  => $i,
-                    'record' => $existing[0],
-                    'column' => $column,
-                );
-                array_push($used_attributes, $existing[0]);
-                if ($existing[0]) {
+                if (!empty($existing[0])) {
                     //        $dbg .= " =known attribute id=" . $existing[0];
-                } else {
+                  $_SESSION['import_attribute'][$column] = array(
+                      'index'  => $i,
+                      'record' => $existing[0],
+                      'column' => $column,
+                  );
+                  array_push($used_attributes, $existing[0]);
+               } else {
                     //          $dbg .= " =request mapping";
+                  $_SESSION['import_attribute'][$column] = array(
+                      'index'  => $i,
+                      'record' => "",
+                      'column' => $column,
+                  );
                 }
             }
         }