Fix attachment cid (#4314)

* Add attachment cid when sending emails (#4308)

Also check if an encryption key is set before decrypting the SMTP
password.

* Upgrade to CI 4.6.3 (#4308)

* Fix for changing invoice id in email (#4308)

SECURITY.md

@@ -18,6 +18,7 @@ We release patches for security vulnerabilities. Which versions are eligible to
 | --------- | -------------------------------------------------- |
 | 7.3       | 3.3.5                                              |
 | 9.8       | 3.3.6                                              |
+| 6.8       | 3.4.2                                              |
 
 ## Reporting a Vulnerability
 

app/Libraries/Email_lib.php

@@ -5,6 +5,7 @@ namespace app\Libraries;
 use CodeIgniter\Email\Email;
 use CodeIgniter\Encryption\Encryption;
 use CodeIgniter\Encryption\EncrypterInterface;
+use CodeIgniter\Encryption\Exceptions\EncryptionException;
 use Config\OSPOS;
 use Config\Services;
 
@@ -28,8 +29,15 @@ class Email_lib
         $encrypter = Services::encrypter();
 
         $smtp_pass = $this->config['smtp_pass'];
-        if (!empty($smtp_pass)) {
-            $smtp_pass = $encrypter->decrypt($smtp_pass);
+        if (!empty($smtp_pass) && check_encryption()) {
+            try {
+                $smtp_pass = $encrypter->decrypt($smtp_pass);
+            } catch (\EncryptionException $e) {
+                // Decryption failed, use the original value
+                log_message('error', 'SMTP password decryption failed: ' . $e->getMessage());
+                $smtp_pass = '';
+            }
+
         }
 
         $email_config = [
@@ -63,6 +71,7 @@ class Email_lib
 
         if (!empty($attachment)) {
             $email->attach($attachment);
+            $email->setAttachmentCID($attachment);
         }
 
         $result = $email->send();

app/Models/Tokens/Token_invoice_sequence.php

@@ -35,6 +35,10 @@ class Token_invoice_sequence extends Token
      */
     public function get_value(bool $save = true): string
     {
-        return $this->appconfig->acquire_next_invoice_sequence($save);
-    }
+        if (empty($this->value)) {
+            return $this->appconfig->acquire_next_invoice_sequence($save);
+        } else {
+            return $this->value;
+        }
+     }
 }

composer.json

@@ -33,7 +33,7 @@
     "require": {
         "ext-intl": "*",
         "php": "^8.1",
-        "codeigniter4/framework": "4.6.2",
+        "codeigniter4/framework": "^4.6.3",
         "dompdf/dompdf": "^2.0.3",
         "ezyang/htmlpurifier": "^4.17",
         "laminas/laminas-escaper": "2.17.0",