Rev 3 | Go to most recent revision | Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * Secure Mailer PHP Class |
||
5 | * Copyright 2009-2013 Daniel Marschall, ViaThinkSoft |
||
6 | * QB_SECURE_MAIL_PARAM (C) Erich Kachel |
||
7 | * Version 2013-04-14 |
||
8 | * |
||
9 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
10 | * you may not use this file except in compliance with the License. |
||
11 | * You may obtain a copy of the License at |
||
12 | * |
||
13 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
14 | * |
||
15 | * Unless required by applicable law or agreed to in writing, software |
||
16 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
18 | * See the License for the specific language governing permissions and |
||
19 | * limitations under the License. |
||
20 | */ |
||
21 | |||
22 | // TODO: getHeaders() als single string , attachments , remove headers etc, headers als array in/out, Braucht man auch ein addRawHeader()? |
||
23 | |||
24 | class SecureMailer { |
||
25 | private $headers = ''; |
||
26 | |||
27 | // TODO: sollte eher private sein, geht aber net |
||
28 | const endl = "\n"; // GMX will kein CRLF! wtf?! (Unter Postfix in Linux) |
||
29 | |||
30 | private function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) { |
||
31 | // Verhindert Mail-Header-Injections |
||
32 | // Quelle: http://www.erich-kachel.de/?p=26 |
||
33 | |||
34 | /* replace until done */ |
||
35 | while (!isset($filtered) || ($param_ != $filtered)) { |
||
36 | if (isset($filtered)) { |
||
37 | $param_ = $filtered; |
||
38 | } |
||
39 | |||
40 | $filtered = preg_replace("/(Content-Transfer-Encoding:|MIME-Version:|content-type:|Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $param_); |
||
41 | } |
||
42 | |||
43 | unset($filtered); |
||
44 | |||
45 | if ($level_ >= 2) { |
||
46 | /* replace until done */ |
||
47 | while (!isset($filtered) || ($param_ != $filtered)) { |
||
48 | if (isset($filtered)) { |
||
49 | $param_ = $filtered; |
||
50 | } |
||
51 | |||
52 | $filtered = preg_replace("/(%0A|\\\\r|%0D|\\\\n|%00|\\\\0|%09|\\\\t|%01|%02|%03|%04|%05|%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", '', $param_); |
||
53 | } |
||
54 | } |
||
55 | |||
56 | return $param_; |
||
57 | } |
||
58 | |||
59 | private function getHeaders() { |
||
60 | return $this->headers; |
||
61 | } |
||
62 | |||
63 | private static function mail_base64_encode($text) { |
||
64 | // Why 72? Seen here: http://linux.dsplabs.com.au/munpack-mime-base64-multi-part-attachment-php-perl-decode-email-pdf-p82/ |
||
65 | return wordwrap(base64_encode($text), 72, self::endl, true); |
||
66 | } |
||
67 | |||
68 | private function headerLine($name, $value) { |
||
69 | // Change 2011-02-09 |
||
70 | // LF is OK! CRLF does lead to CR+CRLF on some systems! |
||
71 | // http://bugs.php.net/bug.php?id=15841 |
||
72 | // The mail() function is not talking to an SMTP server, so RFC2822 does not apply here. mail() is talking to a command line program on the local system, and it is reasonable to expect that program to require system-native line breaks. |
||
73 | return $this->QB_SECURE_MAIL_PARAM($name).': '.$this->QB_SECURE_MAIL_PARAM($value)."\n"; |
||
74 | } |
||
75 | |||
76 | public function addHeader($name, $value) { |
||
77 | $this->headers .= $this->headerLine($name, $value); |
||
78 | } |
||
79 | |||
80 | public static function utf8Subject($subject) { |
||
81 | return '=?UTF-8?B?'.base64_encode(utf8_encode($subject)).'?='; |
||
82 | } |
||
83 | |||
84 | private function _sendMail($recipient, $subject, $message, $add_headers='') { |
||
85 | return @mail( |
||
86 | $this->QB_SECURE_MAIL_PARAM($recipient), |
||
87 | $this->QB_SECURE_MAIL_PARAM($subject), |
||
88 | $this->QB_SECURE_MAIL_PARAM($message, 1), |
||
89 | $this->getHeaders().$add_headers |
||
90 | ); |
||
91 | } |
||
92 | |||
93 | public function sendMail($recipient, $subject, $message) { |
||
94 | return $this->_sendMail($recipient, $subject, $message, ''); |
||
95 | } |
||
96 | |||
97 | // TODO: plain aus html berechnen als optional? |
||
98 | public function sendMailHTMLandPlainMultipart($to, $subject, $msg_html, $msg_plain) { |
||
99 | $boundary = uniqid('np'); |
||
100 | |||
101 | $msg_html = $this->QB_SECURE_MAIL_PARAM($msg_html, 1); |
||
102 | $msg_plain = $this->QB_SECURE_MAIL_PARAM($msg_plain, 1); |
||
103 | |||
104 | $add_headers = $this->headerLine('MIME-Version', '1.0'); |
||
105 | $add_headers .= $this->headerLine('Content-Type', 'multipart/alternative; boundary="'.$boundary.'"'); |
||
106 | |||
107 | $message = "This is a MIME encoded message."; |
||
108 | $message .= self::endl; |
||
109 | $message .= self::endl; |
||
110 | $message .= "--" . $boundary . self::endl; |
||
111 | $message .= "Content-type: text/plain; charset=utf-8".self::endl; |
||
112 | $message .= "Content-Transfer-Encoding: base64".self::endl; |
||
113 | $message .= self::endl; |
||
114 | $message .= $this->mail_base64_encode($msg_plain); // better than wordwrap"ed-printable because of long lines (e.g. links) |
||
115 | $message .= self::endl; |
||
116 | $message .= self::endl; |
||
117 | $message .= "--" . $boundary . self::endl; |
||
118 | $message .= "Content-type: text/html; charset=utf-8".self::endl; |
||
119 | $message .= "Content-Transfer-Encoding: base64".self::endl; |
||
120 | $message .= self::endl; |
||
121 | $message .= $this->mail_base64_encode($msg_html); |
||
122 | $message .= self::endl; |
||
123 | $message .= self::endl."--" . $boundary . "--"; |
||
124 | |||
125 | return @mail( |
||
126 | $this->QB_SECURE_MAIL_PARAM($to), |
||
127 | $this->QB_SECURE_MAIL_PARAM($subject), |
||
128 | $message, |
||
129 | $this->getHeaders().$add_headers |
||
130 | ); |
||
131 | } |
||
132 | } |