Mail.php 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266
  1. <?php
  2. /**
  3. * PEAR's Mail:: interface.
  4. *
  5. * PHP version 5
  6. *
  7. * LICENSE:
  8. *
  9. * Copyright (c) 2002-2007, Richard Heyes
  10. * All rights reserved.
  11. *
  12. * Redistribution and use in source and binary forms, with or without
  13. * modification, are permitted provided that the following conditions
  14. * are met:
  15. *
  16. * o Redistributions of source code must retain the above copyright
  17. * notice, this list of conditions and the following disclaimer.
  18. * o Redistributions in binary form must reproduce the above copyright
  19. * notice, this list of conditions and the following disclaimer in the
  20. * documentation and/or other materials provided with the distribution.
  21. * o The names of the authors may not be used to endorse or promote
  22. * products derived from this software without specific prior written
  23. * permission.
  24. *
  25. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  26. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  27. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  28. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  29. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  30. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  31. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  32. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  33. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  34. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  35. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36. *
  37. * @category Mail
  38. * @package Mail
  39. * @author Chuck Hagenbuch <chuck@horde.org>
  40. * @copyright 1997-2010 Chuck Hagenbuch
  41. * @license http://opensource.org/licenses/bsd-license.php New BSD License
  42. * @version CVS: $Id$
  43. * @link http://pear.php.net/package/Mail/
  44. */
  45. require_once 'PEAR.php';
  46. /**
  47. * PEAR's Mail:: interface. Defines the interface for implementing
  48. * mailers under the PEAR hierarchy, and provides supporting functions
  49. * useful in multiple mailer backends.
  50. *
  51. * @version $Revision$
  52. * @package Mail
  53. */
  54. class Mail
  55. {
  56. /**
  57. * Line terminator used for separating header lines.
  58. * @var string
  59. */
  60. public $sep = "\r\n";
  61. /**
  62. * Provides an interface for generating Mail:: objects of various
  63. * types
  64. *
  65. * @param string $driver The kind of Mail:: object to instantiate.
  66. * @param array $params The parameters to pass to the Mail:: object.
  67. *
  68. * @return object Mail a instance of the driver class or if fails a PEAR Error
  69. */
  70. public static function factory($driver, $params = array())
  71. {
  72. $driver = strtolower($driver);
  73. @include_once 'Mail/' . $driver . '.php';
  74. $class = 'Mail_' . $driver;
  75. if (class_exists($class)) {
  76. $mailer = new $class($params);
  77. return $mailer;
  78. } else {
  79. return PEAR::raiseError('Unable to find class for driver ' . $driver);
  80. }
  81. }
  82. /**
  83. * Implements Mail::send() function using php's built-in mail()
  84. * command.
  85. *
  86. * @param mixed $recipients Either a comma-seperated list of recipients
  87. * (RFC822 compliant), or an array of recipients,
  88. * each RFC822 valid. This may contain recipients not
  89. * specified in the headers, for Bcc:, resending
  90. * messages, etc.
  91. *
  92. * @param array $headers The array of headers to send with the mail, in an
  93. * associative array, where the array key is the
  94. * header name (ie, 'Subject'), and the array value
  95. * is the header value (ie, 'test'). The header
  96. * produced from those values would be 'Subject:
  97. * test'.
  98. *
  99. * @param string $body The full text of the message body, including any
  100. * Mime parts, etc.
  101. *
  102. * @return mixed Returns true on success, or a PEAR_Error
  103. * containing a descriptive error message on
  104. * failure.
  105. *
  106. * @deprecated use Mail_mail::send instead
  107. */
  108. public function send($recipients, $headers, $body)
  109. {
  110. if (!is_array($headers)) {
  111. return PEAR::raiseError('$headers must be an array');
  112. }
  113. $result = $this->_sanitizeHeaders($headers);
  114. if (is_a($result, 'PEAR_Error')) {
  115. return $result;
  116. }
  117. // if we're passed an array of recipients, implode it.
  118. if (is_array($recipients)) {
  119. $recipients = implode(', ', $recipients);
  120. }
  121. // get the Subject out of the headers array so that we can
  122. // pass it as a seperate argument to mail().
  123. $subject = '';
  124. if (isset($headers['Subject'])) {
  125. $subject = $headers['Subject'];
  126. unset($headers['Subject']);
  127. }
  128. // flatten the headers out.
  129. list(, $text_headers) = Mail::prepareHeaders($headers);
  130. return mail($recipients, $subject, $body, $text_headers);
  131. }
  132. /**
  133. * Sanitize an array of mail headers by removing any additional header
  134. * strings present in a legitimate header's value. The goal of this
  135. * filter is to prevent mail injection attacks.
  136. *
  137. * @param array $headers The associative array of headers to sanitize.
  138. */
  139. protected function _sanitizeHeaders(&$headers)
  140. {
  141. foreach ($headers as $key => $value) {
  142. $headers[$key] =
  143. preg_replace('=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i',
  144. "", $value);
  145. }
  146. }
  147. /**
  148. * Take an array of mail headers and return a string containing
  149. * text usable in sending a message.
  150. *
  151. * @param array $headers The array of headers to prepare, in an associative
  152. * array, where the array key is the header name (ie,
  153. * 'Subject'), and the array value is the header
  154. * value (ie, 'test'). The header produced from those
  155. * values would be 'Subject: test'.
  156. *
  157. * @return mixed Returns false if it encounters a bad address,
  158. * otherwise returns an array containing two
  159. * elements: Any From: address found in the headers,
  160. * and the plain text version of the headers.
  161. */
  162. protected function prepareHeaders($headers)
  163. {
  164. $lines = array();
  165. $from = null;
  166. foreach ($headers as $key => $value) {
  167. if (strcasecmp($key, 'From') === 0) {
  168. include_once 'Mail/RFC822.php';
  169. $parser = new Mail_RFC822();
  170. $addresses = $parser->parseAddressList($value, 'localhost', false);
  171. if (is_a($addresses, 'PEAR_Error')) {
  172. return $addresses;
  173. }
  174. $from = $addresses[0]->mailbox . '@' . $addresses[0]->host;
  175. // Reject envelope From: addresses with spaces.
  176. if (strstr($from, ' ')) {
  177. return false;
  178. }
  179. $lines[] = $key . ': ' . $value;
  180. } elseif (strcasecmp($key, 'Received') === 0) {
  181. $received = array();
  182. if (is_array($value)) {
  183. foreach ($value as $line) {
  184. $received[] = $key . ': ' . $line;
  185. }
  186. }
  187. else {
  188. $received[] = $key . ': ' . $value;
  189. }
  190. // Put Received: headers at the top. Spam detectors often
  191. // flag messages with Received: headers after the Subject:
  192. // as spam.
  193. $lines = array_merge($received, $lines);
  194. } else {
  195. // If $value is an array (i.e., a list of addresses), convert
  196. // it to a comma-delimited string of its elements (addresses).
  197. if (is_array($value)) {
  198. $value = implode(', ', $value);
  199. }
  200. $lines[] = $key . ': ' . $value;
  201. }
  202. }
  203. return array($from, join($this->sep, $lines));
  204. }
  205. /**
  206. * Take a set of recipients and parse them, returning an array of
  207. * bare addresses (forward paths) that can be passed to sendmail
  208. * or an smtp server with the rcpt to: command.
  209. *
  210. * @param mixed Either a comma-seperated list of recipients
  211. * (RFC822 compliant), or an array of recipients,
  212. * each RFC822 valid.
  213. *
  214. * @return mixed An array of forward paths (bare addresses) or a PEAR_Error
  215. * object if the address list could not be parsed.
  216. */
  217. protected function parseRecipients($recipients)
  218. {
  219. include_once 'Mail/RFC822.php';
  220. // if we're passed an array, assume addresses are valid and
  221. // implode them before parsing.
  222. if (is_array($recipients)) {
  223. $recipients = implode(', ', $recipients);
  224. }
  225. // Parse recipients, leaving out all personal info. This is
  226. // for smtp recipients, etc. All relevant personal information
  227. // should already be in the headers.
  228. $Mail_RFC822 = new Mail_RFC822();
  229. $addresses = $Mail_RFC822->parseAddressList($recipients, 'localhost', false);
  230. // If parseAddressList() returned a PEAR_Error object, just return it.
  231. if (is_a($addresses, 'PEAR_Error')) {
  232. return $addresses;
  233. }
  234. $recipients = array();
  235. if (is_array($addresses)) {
  236. foreach ($addresses as $ob) {
  237. $recipients[] = $ob->mailbox . '@' . $ob->host;
  238. }
  239. }
  240. return $recipients;
  241. }
  242. }