Rev 3 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
3 | daniel-mar | 1 | <?php |
2 | |||
3 | // Secure Mailer PHP Class |
||
10 | daniel-mar | 4 | // Revision: 2009-08-13 |
3 | daniel-mar | 5 | // (C) 2009 ViaThinkSoft |
6 | // QB_SECURE_MAIL_PARAM (C) Erich Kachel |
||
7 | |||
8 | class SecureMailer { |
||
9 | private $headers; |
||
10 | |||
11 | private function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) { |
||
12 | // Verhindert Mail-Header-Injections |
||
13 | // Quelle: http://www.erich-kachel.de/?p=26 |
||
14 | |||
15 | unset($filtered); |
||
16 | |||
17 | /* replace until done */ |
||
18 | while ($param_ != $filtered || !isset($filtered)) { |
||
19 | |||
20 | if (isset($filtered)) { |
||
21 | $param_ = $filtered; |
||
22 | } |
||
23 | |||
24 | $filtered = preg_replace("/(Content-Transfer-Encoding:|MIME-Version:|content-type:|Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $param_); |
||
25 | } |
||
26 | |||
27 | unset($filtered); |
||
28 | |||
29 | if ($level_ >= 2) { |
||
30 | /* replace until done */ |
||
31 | while ($param_ != $filtered || !isset($filtered)) { |
||
32 | |||
33 | if (isset($filtered)) { |
||
34 | $param_ = $filtered; |
||
35 | } |
||
36 | |||
37 | $filtered = preg_replace("/(%0A|\\\\r|%0D|\\\\n|%00|\\\\0|%09|\\\\t|%01|%02|%03|%04|%05|%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", '', $param_); |
||
38 | } |
||
39 | } |
||
40 | |||
41 | return $param_; |
||
42 | } |
||
43 | |||
44 | private function getHeaders() { |
||
45 | return $this->headers; |
||
46 | } |
||
47 | |||
48 | function addHeader($name, $value) { |
||
10 | daniel-mar | 49 | $this->headers .= $this->QB_SECURE_MAIL_PARAM($name).': '.$this->QB_SECURE_MAIL_PARAM($value)."\r\n"; |
3 | daniel-mar | 50 | } |
51 | |||
10 | daniel-mar | 52 | // TODO: Braucht man auch ein addRawHeader()? |
53 | |||
3 | daniel-mar | 54 | function sendMail($recipient, $subject, $message) { |
55 | return @mail($this->QB_SECURE_MAIL_PARAM($recipient), |
||
56 | $this->QB_SECURE_MAIL_PARAM($subject), |
||
57 | $this->QB_SECURE_MAIL_PARAM($message, 1), |
||
58 | $this->getHeaders()); |
||
59 | } |
||
60 | } |
||
61 | |||
62 | ?> |