Changeset 212 for trunk


Ignore:
Timestamp:
Dec 6, 2006 11:08:07 PM (17 years ago)
Author:
scdev
Message:

Q - added config for line endings and line length.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/Email.inc.php

    r201 r212  
    4040        'subject' => null,
    4141        'headers' => null,
    42         'regex' => null
     42        'regex' => null,
     43       
     44        // A single carriage return (\n) should terminate lines for locally injected mail.
     45        // A carriage return + line-feed (\r\n) should be used if sending mail directly with SMTP.
     46        'crlf' => "\n",
     47       
     48        // RFC 2822 says line length MUST be no more than 998 characters, and SHOULD be no more than 78 characters, excluding the CRLF.
     49        // http://mailformat.dan.info/body/linelength.html
     50        'wrap' => true,
     51        'line_length' => 75,
    4352    );
    4453
     
    255264
    256265        // Wrap email text body, using _template_replaced if replacements have been used, or just a fresh _template if not.
    257         $final_body = wordwrap(isset($this->_template_replaced) ? $this->_template_replaced : $this->_template);
     266        $final_body = isset($this->_template_replaced) ? $this->_template_replaced : $this->_template;
     267        if (false !== $this->getParam('wrap')) {
     268            $final_body = wordwrap($final_body, $this->getParam('line_length'), $this->getParam('crlf'));           
     269        }
    258270
    259271        // Ensure all placeholders have been replaced. Find anything with {...} characters.
     
    279291            $final_headers[] = sprintf('%s: %s', $key, $val);
    280292        }
    281         $final_headers = join("\r\n", $final_headers);
     293        $final_headers = join($this->getParam('crlf'), $final_headers);
    282294
    283295        // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part.
    284         $envelope_sender_header = sprintf('-f %s', preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']));
     296        $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']);
     297        if ('' != $envelope_sender_address && $this->validEmail($envelope_sender_address)) {
     298            $envelope_sender_header = sprintf('-f %s', $envelope_sender_address);
     299        } else {
     300            $envelope_sender_header = '';           
     301        }
    285302
    286303        // Check for mail header injection attacks.
    287         $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header));
    288         if (preg_match("/(Content-Type:|MIME-Version:|Content-Transfer-Encoding:|[\n\r]Bcc:|[\n\r]Cc:)/i", $full_mail_content)) {
     304        $full_mail_content = join($this->getParam('crlf'), array($final_to, $this->_params['subject'], $final_body));
     305        if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc):/i", $full_mail_content)) {
    289306            $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__);
    290307            sleep(3);
Note: See TracChangeset for help on using the changeset viewer.