diff --git a/Tests/spfcheckTest.php b/Tests/spfcheckTest.php index 9e85d80..a055ad8 100644 --- a/Tests/spfcheckTest.php +++ b/Tests/spfcheckTest.php @@ -217,7 +217,7 @@ class spfcheckTest extends PHPUnit_Framework_TestCase "+a" => array (), "+mx" => array (), "+ip4:178.33.236.5" => array ("178.33.236.5"), - "+ip4:137.74.69.64" => array ("137.74.69.64"), + "-ip4:137.74.69.64" => array ("137.74.69.64"), "+ip4:51.254.45.81" => array ("51.254.45.81"), "-all" => array (), ))); @@ -232,4 +232,32 @@ class spfcheckTest extends PHPUnit_Framework_TestCase "unknown" => array (), "-all" => array ()))); } + + public function test_ipCheckToSPF_OK_inA () + { + $spfcheck = new spfcheck (); + $res = $spfcheck->ipCheckToSPF ("plus.spf.tester.fournier38.fr", "178.33.236.5"); + $this->assertSame ($res, "PASS"); + } + + public function test_ipCheckToSPF_FAIL_inALL () + { + $spfcheck = new spfcheck (); + $res = $spfcheck->ipCheckToSPF ("plus.spf.tester.fournier38.fr", "1.3.6.5"); + $this->assertSame ($res, "FAIL"); + } + + public function test_ipCheckToSPF_OK_inALL () + { + $spfcheck = new spfcheck (); + $res = $spfcheck->ipCheckToSPF ("plus.spf.tester.fournier38.fr", "1.3.6.5"); + $this->assertSame ($res, "FAIL"); + } + + public function test_ipCheckToSPF_FAIL_inIP4 () + { + $spfcheck = new spfcheck (); + $res = $spfcheck->ipCheckToSPF ("plus.spf.tester.fournier38.fr", "137.74.69.64"); + $this->assertSame ($res, "FAIL"); + } } diff --git a/spfcheck.php b/spfcheck.php index eb5d615..89e7bb2 100644 --- a/spfcheck.php +++ b/spfcheck.php @@ -113,6 +113,12 @@ class spfcheck if ($ipaddresses->ipInNetwork ($ip, $ipToTest, $mask)) { $this->matchRule = "$key/$part"; + if ($part{0} === "-") + return "FAIL"; + if ($part{0} === "~") + return "SOFTFAIL"; + if ($part{0} === "?") + return "NEUTRAL"; return "PASS"; } } @@ -133,6 +139,9 @@ class spfcheck $this->matchRule = "$this->catchAllDomain/$this->catchAll"; return "NEUTRAL"; } + throw new \Exception (sprintf (dgettext ("domframework", + "SFPCheck : Can not determine the SPF result with params '%s' and '%s'"), + $domain, $ip), 403 ); } // }}} @@ -258,6 +267,14 @@ class spfcheck if (stripos ($part, "redirect=") === 0) // {{{ { + if ($sign !== "") + { + $this->errors[$domain][$sign.$part] = + sprintf (dgettext ("domframework", + "Invalid redirect set for domain '%s' : can not be signed"), + $domain); + continue; + } $ext = substr ($part, 9); if (! is_string ($ext) || trim ($ext) === "") { @@ -273,6 +290,14 @@ class spfcheck elseif (stripos ($part, "include:") === 0) // {{{ { + if ($sign !== "") + { + $this->errors[$domain][$sign.$part] = + sprintf (dgettext ("domframework", + "Invalid include set for domain '%s' : can not be signed"), + $domain); + continue; + } $ext = substr ($part, 8); if (! is_string ($ext) || trim ($ext) === "") { @@ -450,7 +475,7 @@ class spfcheck $domain); } $localAll = $part; - $this->catchAll = $part; + $this->catchAll = $sign.$part; $this->catchAllDomain = $domain; } // }}}