Changeset 42 for trunk/lib/Email.inc.php
- Timestamp:
- Dec 18, 2005 12:16:03 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Email.inc.php
r41 r42 40 40 'regex' => null 41 41 ); 42 42 43 43 // String that contains the email body. 44 44 var $_template; 45 45 46 46 // String that contains the email body after replacements. 47 47 var $_template_replaced; … … 58 58 { 59 59 // The regex used in validEmail(). Set here instead of in the default _params above so we can use the concatination . dot. 60 // This matches an email address as complex as: 60 // This matches an email address as complex as: 61 61 // Bob Smith <bob&smith's/dep=sales!@smith-wick.ca.us> (Sales department) 62 62 // ...and something as simple as: 63 63 // x@x.com 64 64 $this->setParam(array('regex' => '/^(?:[^,@]*\s+|[^,@]*(<)|)' // Display name 65 . '((?:[^.<>\s@\",\[\]]+[^<>\s@\",\[\]])*[^.<>\s@\",\[\]]+)' // Local-part 65 . '((?:[^.<>\s@\",\[\]]+[^<>\s@\",\[\]])*[^.<>\s@\",\[\]]+)' // Local-part 66 66 . '@' // @ 67 67 . '((?:(\[)|[A-Z0-9]?)' // Domain, first char … … 165 165 } 166 166 } 167 167 168 168 /** 169 169 * Replace variables in template with argument data. … … 179 179 if (!isset($this->_template)) { 180 180 App::logMsg(sprintf('Cannot replace variables, no template defined.', null), LOG_ERR, __FILE__, __LINE__); 181 182 } 183 181 return false; 182 } 183 184 184 // Ensure replacements argument is an array. 185 185 if (!is_array($replacements)) { 186 186 App::logMsg(sprintf('Cannot replace variables, invalid replacements.', null), LOG_ERR, __FILE__, __LINE__); 187 188 } 189 187 return false; 188 } 189 190 190 // Apply regex pattern to search elements. 191 191 $search = array_keys($replacements); … … 194 194 // Replacement values. 195 195 $replace = array_values($replacements); 196 196 197 197 // Search and replace all values at once. 198 198 $this->_template_replaced = preg_replace($search, $replace, $this->_template); … … 213 213 // Use arguments if provided. 214 214 if (isset($to)) { 215 215 $this->setParam(array('to' => $to)); 216 216 } 217 217 if (isset($from)) { 218 218 $this->setParam(array('from' => $from)); 219 219 } 220 220 if (isset($subject)) { 221 221 $this->setParam(array('subject' => $subject)); 222 222 } 223 223 if (isset($headers)) { 224 224 $this->setParam(array('headers' => $headers)); 225 225 } 226 226 227 227 // Ensure required values exist. 228 228 if (!isset($this->_template)) { 229 229 App::logMsg(sprintf('Cannot send email. Template not set.', null), LOG_ERR, __FILE__, __LINE__); 230 230 return false; 231 231 } else if (!isset($this->_params['to'])) { 232 232 App::logMsg(sprintf('Cannot send email. TO not defined.', null), LOG_ERR, __FILE__, __LINE__); 233 233 return false; 234 234 } else if (!isset($this->_params['from'])) { 235 235 App::logMsg(sprintf('Cannot send email. FROM not defined.', null), LOG_ERR, __FILE__, __LINE__); 236 236 return false; 237 237 } else if (!isset($this->_params['subject'])) { 238 238 App::logMsg(sprintf('Cannot send email. SUBJECT not defined.', null), LOG_ERR, __FILE__, __LINE__); 239 239 return false; 240 240 } … … 245 245 // Ensure all placeholders have been replaced. Find anything with {...} characters. 246 246 if (preg_match('/({[^}]+})/', $final_body, $unreplaced_match)) { 247 248 return false; 249 } 250 247 App::logMsg(sprintf('Cannot send email. Variables left unreplaced in template: %s', (isset($unreplaced_match[1]) ? $unreplaced_match[1] : '')), LOG_ERR, __FILE__, __LINE__); 248 return false; 249 } 250 251 251 // Final "to" header can have multiple addresses if in an array. 252 252 $final_to = is_array($this->_params['to']) ? join(', ', $this->_params['to']) : $this->_params['to']; 253 253 254 254 // From headers are custom headers. 255 255 $headers = array('From' => $this->_params['from']); … … 259 259 $headers = array_merge($this->_params['headers'], $headers); 260 260 } 261 261 262 262 // Process headers. 263 263 $final_headers = array(); … … 266 266 } 267 267 $final_headers = join("\r\n", $final_headers); 268 268 269 269 // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part. 270 270 $envelope_sender_header = sprintf('-f %s', preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from'])); 271 271 272 272 // Check for mail header injection attacks. 273 273 $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header)); 274 274 if (preg_match("/(Content-Type:|MIME-Version:|Content-Transfer-Encoding:|[\n\r]Bcc:|[\n\r]Cc:)/i", $full_mail_content)) { 275 276 275 App::logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); 276 sleep(3); 277 277 return false; 278 278 } … … 283 283 return false; 284 284 } 285 285 286 286 return true; 287 287 } 288 288 289 289 /** 290 290 * Validates an email address based on the recommendations in RFC 3696. 291 * Is more loose than restrictive, to allow the many valid variants of 291 * Is more loose than restrictive, to allow the many valid variants of 292 292 * email addresses while catching the most common mistakes. Checks an array too. 293 293 * http://www.faqs.org/rfcs/rfc822.html
Note: See TracChangeset
for help on using the changeset viewer.