Mail.php 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271
  1. <?php
  2. /**
  3. * PEAR's Mail:: interface.
  4. *
  5. * PHP versions 4 and 5
  6. *
  7. * LICENSE:
  8. *
  9. * Copyright (c) 2002-2007, Richard Heyes
  10. * All rights reserved.
  11. *
  12. * Redistribution and use in source and binary forms, with or without
  13. * modification, are permitted provided that the following conditions
  14. * are met:
  15. *
  16. * o Redistributions of source code must retain the above copyright
  17. * notice, this list of conditions and the following disclaimer.
  18. * o Redistributions in binary form must reproduce the above copyright
  19. * notice, this list of conditions and the following disclaimer in the
  20. * documentation and/or other materials provided with the distribution.
  21. * o The names of the authors may not be used to endorse or promote
  22. * products derived from this software without specific prior written
  23. * permission.
  24. *
  25. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  26. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  27. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  28. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  29. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  30. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  31. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  32. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  33. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  34. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  35. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36. *
  37. * @category Mail
  38. * @package Mail
  39. * @author Chuck Hagenbuch <chuck@horde.org>
  40. * @copyright 1997-2010 Chuck Hagenbuch
  41. * @license http://opensource.org/licenses/bsd-license.php New BSD License
  42. * @version CVS: $Id: Mail.php 294747 2010-02-08 08:18:33Z clockwerx $
  43. * @link http://pear.php.net/package/Mail/
  44. */
  45. require_once 'PEAR.php';
  46. /**
  47. * PEAR's Mail:: interface. Defines the interface for implementing
  48. * mailers under the PEAR hierarchy, and provides supporting functions
  49. * useful in multiple mailer backends.
  50. *
  51. * @access public
  52. * @version $Revision: 294747 $
  53. * @package Mail
  54. */
  55. class Mail
  56. {
  57. /**
  58. * Line terminator used for separating header lines.
  59. * @var string
  60. */
  61. var $sep = "\r\n";
  62. /**
  63. * Provides an interface for generating Mail:: objects of various
  64. * types
  65. *
  66. * @param string $driver The kind of Mail:: object to instantiate.
  67. * @param array $params The parameters to pass to the Mail:: object.
  68. * @return object Mail a instance of the driver class or if fails a PEAR Error
  69. * @access public
  70. */
  71. function &factory($driver, $params = array())
  72. {
  73. $driver = strtolower($driver);
  74. @include_once 'Mail/' . $driver . '.php';
  75. $class = 'Mail_' . $driver;
  76. if (class_exists($class)) {
  77. $mailer = new $class($params);
  78. return $mailer;
  79. } else {
  80. return PEAR::raiseError('Unable to find class for driver ' . $driver);
  81. }
  82. }
  83. /**
  84. * Implements Mail::send() function using php's built-in mail()
  85. * command.
  86. *
  87. * @param mixed $recipients Either a comma-seperated list of recipients
  88. * (RFC822 compliant), or an array of recipients,
  89. * each RFC822 valid. This may contain recipients not
  90. * specified in the headers, for Bcc:, resending
  91. * messages, etc.
  92. *
  93. * @param array $headers The array of headers to send with the mail, in an
  94. * associative array, where the array key is the
  95. * header name (ie, 'Subject'), and the array value
  96. * is the header value (ie, 'test'). The header
  97. * produced from those values would be 'Subject:
  98. * test'.
  99. *
  100. * @param string $body The full text of the message body, including any
  101. * Mime parts, etc.
  102. *
  103. * @return mixed Returns true on success, or a PEAR_Error
  104. * containing a descriptive error message on
  105. * failure.
  106. *
  107. * @access public
  108. * @deprecated use Mail_mail::send instead
  109. */
  110. function send($recipients, $headers, $body)
  111. {
  112. if (!is_array($headers)) {
  113. return PEAR::raiseError('$headers must be an array');
  114. }
  115. $result = $this->_sanitizeHeaders($headers);
  116. if (is_a($result, 'PEAR_Error')) {
  117. return $result;
  118. }
  119. // if we're passed an array of recipients, implode it.
  120. if (is_array($recipients)) {
  121. $recipients = implode(', ', $recipients);
  122. }
  123. // get the Subject out of the headers array so that we can
  124. // pass it as a seperate argument to mail().
  125. $subject = '';
  126. if (isset($headers['Subject'])) {
  127. $subject = $headers['Subject'];
  128. unset($headers['Subject']);
  129. }
  130. // flatten the headers out.
  131. list(, $text_headers) = Mail::prepareHeaders($headers);
  132. return mail($recipients, $subject, $body, $text_headers);
  133. }
  134. /**
  135. * Sanitize an array of mail headers by removing any additional header
  136. * strings present in a legitimate header's value. The goal of this
  137. * filter is to prevent mail injection attacks.
  138. *
  139. * @param array $headers The associative array of headers to sanitize.
  140. *
  141. * @access private
  142. */
  143. function _sanitizeHeaders(&$headers)
  144. {
  145. foreach ($headers as $key => $value) {
  146. $headers[$key] =
  147. preg_replace('=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i',
  148. null, $value);
  149. }
  150. }
  151. /**
  152. * Take an array of mail headers and return a string containing
  153. * text usable in sending a message.
  154. *
  155. * @param array $headers The array of headers to prepare, in an associative
  156. * array, where the array key is the header name (ie,
  157. * 'Subject'), and the array value is the header
  158. * value (ie, 'test'). The header produced from those
  159. * values would be 'Subject: test'.
  160. *
  161. * @return mixed Returns false if it encounters a bad address,
  162. * otherwise returns an array containing two
  163. * elements: Any From: address found in the headers,
  164. * and the plain text version of the headers.
  165. * @access private
  166. */
  167. function prepareHeaders($headers)
  168. {
  169. $lines = array();
  170. $from = null;
  171. foreach ($headers as $key => $value) {
  172. if (strcasecmp($key, 'From') === 0) {
  173. include_once 'Mail/RFC822.php';
  174. $parser = new Mail_RFC822();
  175. $addresses = $parser->parseAddressList($value, 'localhost', false);
  176. if (is_a($addresses, 'PEAR_Error')) {
  177. return $addresses;
  178. }
  179. $from = $addresses[0]->mailbox . '@' . $addresses[0]->host;
  180. // Reject envelope From: addresses with spaces.
  181. if (strstr($from, ' ')) {
  182. return false;
  183. }
  184. $lines[] = $key . ': ' . $value;
  185. } elseif (strcasecmp($key, 'Received') === 0) {
  186. $received = array();
  187. if (is_array($value)) {
  188. foreach ($value as $line) {
  189. $received[] = $key . ': ' . $line;
  190. }
  191. }
  192. else {
  193. $received[] = $key . ': ' . $value;
  194. }
  195. // Put Received: headers at the top. Spam detectors often
  196. // flag messages with Received: headers after the Subject:
  197. // as spam.
  198. $lines = array_merge($received, $lines);
  199. } else {
  200. // If $value is an array (i.e., a list of addresses), convert
  201. // it to a comma-delimited string of its elements (addresses).
  202. if (is_array($value)) {
  203. $value = implode(', ', $value);
  204. }
  205. $lines[] = $key . ': ' . $value;
  206. }
  207. }
  208. return array($from, join($this->sep, $lines));
  209. }
  210. /**
  211. * Take a set of recipients and parse them, returning an array of
  212. * bare addresses (forward paths) that can be passed to sendmail
  213. * or an smtp server with the rcpt to: command.
  214. *
  215. * @param mixed Either a comma-seperated list of recipients
  216. * (RFC822 compliant), or an array of recipients,
  217. * each RFC822 valid.
  218. *
  219. * @return mixed An array of forward paths (bare addresses) or a PEAR_Error
  220. * object if the address list could not be parsed.
  221. * @access private
  222. */
  223. function parseRecipients($recipients)
  224. {
  225. include_once 'Mail/RFC822.php';
  226. // if we're passed an array, assume addresses are valid and
  227. // implode them before parsing.
  228. if (is_array($recipients)) {
  229. $recipients = implode(', ', $recipients);
  230. }
  231. // Parse recipients, leaving out all personal info. This is
  232. // for smtp recipients, etc. All relevant personal information
  233. // should already be in the headers.
  234. $addresses = Mail_RFC822::parseAddressList($recipients, 'localhost', false);
  235. // If parseAddressList() returned a PEAR_Error object, just return it.
  236. if (is_a($addresses, 'PEAR_Error')) {
  237. return $addresses;
  238. }
  239. $recipients = array();
  240. if (is_array($addresses)) {
  241. foreach ($addresses as $ob) {
  242. $recipients[] = $ob->mailbox . '@' . $ob->host;
  243. }
  244. }
  245. return $recipients;
  246. }
  247. }