Changeset 490 for trunk/lib/Email.inc.php
- Timestamp:
- Sep 1, 2014 4:50:11 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Email.inc.php
r484 r490 61 61 'subject' => null, 62 62 'headers' => null, 63 'envelope_sender_address' => null, // AKA the bounce-to address. Will default to 'from' if left null. 63 64 'regex' => null, 64 65 … … 103 104 . '[.-]?(?:[A-Z0-9]+[-.])*(?:[A-Z0-9]+\.)+[A-Z]{2,6}))' // FALSE, matches domain name 104 105 . '(?(1)' // Comment conditional for if initial < exists 105 . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)' 106 . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)' // TRUE, ensure ending > 106 107 . '|' 107 108 . '(?:|\s*|\s+\([^,@]+\)\s*))$/i')); // FALSE ensure there is no ending > … … 129 130 if (isset($params['from']) && !$this->validEmail($params['from'])) { 130 131 $params['from'] = null; 132 } 133 if (isset($params['envelope_sender_address']) && !$this->validEmail($params['envelope_sender_address'])) { 134 $params['envelope_sender_address'] = null; 131 135 } 132 136 … … 256 260 // Use arguments if provided. 257 261 if (isset($to)) { 258 262 $this->setParam(array('to' => $to)); 259 263 } 260 264 if (isset($from)) { 261 265 $this->setParam(array('from' => $from)); 262 266 } 263 267 if (isset($subject)) { 264 268 $this->setParam(array('subject' => $subject)); 265 269 } 266 270 if (isset($headers)) { 267 271 $this->setParam(array('headers' => $headers)); 268 272 } 269 273 … … 309 313 $final_headers = array(); 310 314 foreach ($headers as $key => $val) { 311 if (empty($key) || empty($val) || !is_string($key) || !is_string($val)) { 315 // Validate key and values. 316 if (empty($key) || empty($val) || !is_string($key) || !is_string($val) || preg_match("/[\n\r]/", $key . $val) || preg_match('/[^\w-]/', $key)) { 312 317 $app->logMsg(sprintf('Broken headers provided: %s=%s', $key, $val), LOG_WARNING, __FILE__, __LINE__); 318 continue; 319 } 320 // If the envelope_sender_address was given as a header, move it to the correct place. 321 if ('envelope_sender_address' == $key) { 322 $this->_params['envelope_sender_address'] = isset($this->_params['envelope_sender_address']) ? $this->_params['envelope_sender_address'] : $val; 323 continue; 313 324 } 314 325 $final_headers[] = sprintf('%s: %s', $key, $val); … … 317 328 318 329 // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part. 319 $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']); 330 if (isset($this->_params['envelope_sender_address'])) { 331 $envelope_sender_address = sprintf('<%s>', trim($this->_params['envelope_sender_address'], '<>')); 332 } else { 333 $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']); 334 } 320 335 if ('' != $envelope_sender_address && $this->validEmail($envelope_sender_address)) { 321 $ envelope_sender_header = sprintf('-f %s', $envelope_sender_address);322 } else { 323 $ envelope_sender_header = '';336 $additional_parameter = sprintf('-f %s', $envelope_sender_address); 337 } else { 338 $additional_parameter = ''; 324 339 } 325 340 … … 328 343 if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc)\s*:/i", $full_mail_content)) { 329 344 $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); 330 sleep(3);331 345 return false; 332 346 } … … 336 350 $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers); 337 351 } else { 338 $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $ envelope_sender_header);352 $ret = mb_send_mail($final_to, $this->_params['subject'], $final_body, $final_headers, $additional_parameter); 339 353 } 340 354 … … 344 358 return true; 345 359 } else { 346 $app->logMsg(sprintf('Email failure: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $ envelope_sender_header), LOG_WARNING, __FILE__, __LINE__);360 $app->logMsg(sprintf('Email failure: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $additional_parameter), LOG_WARNING, __FILE__, __LINE__); 347 361 return false; 348 362 }
Note: See TracChangeset
for help on using the changeset viewer.