Rev 5 | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 5 | Rev 52 | ||
---|---|---|---|
1 | <?php |
1 | <?php |
2 | 2 | ||
3 | /* |
3 | /* |
4 | * Secure Mailer PHP Class |
4 | * Secure Mailer PHP Class |
5 | * Copyright 2009-2013 Daniel Marschall, ViaThinkSoft |
5 | * Copyright 2009-2013 Daniel Marschall, ViaThinkSoft |
6 | * QB_SECURE_MAIL_PARAM (C) Erich Kachel |
6 | * QB_SECURE_MAIL_PARAM (C) Erich Kachel |
7 | * Version 2013-04-14 |
7 | * Version 2013-04-14 |
8 | * |
8 | * |
9 | * Licensed under the Apache License, Version 2.0 (the "License"); |
9 | * Licensed under the Apache License, Version 2.0 (the "License"); |
10 | * you may not use this file except in compliance with the License. |
10 | * you may not use this file except in compliance with the License. |
11 | * You may obtain a copy of the License at |
11 | * You may obtain a copy of the License at |
12 | * |
12 | * |
13 | * http://www.apache.org/licenses/LICENSE-2.0 |
13 | * http://www.apache.org/licenses/LICENSE-2.0 |
14 | * |
14 | * |
15 | * Unless required by applicable law or agreed to in writing, software |
15 | * Unless required by applicable law or agreed to in writing, software |
16 | * distributed under the License is distributed on an "AS IS" BASIS, |
16 | * distributed under the License is distributed on an "AS IS" BASIS, |
17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
18 | * See the License for the specific language governing permissions and |
18 | * See the License for the specific language governing permissions and |
19 | * limitations under the License. |
19 | * limitations under the License. |
20 | */ |
20 | */ |
21 | 21 | ||
22 | // TODO: getHeaders() as single string , attachments , remove headers etc, headers as array in/out, do you also need addRawHeader()? |
22 | // TODO: getHeaders() as single string , attachments , remove headers etc, headers as array in/out, do you also need addRawHeader()? |
23 | 23 | ||
24 | class SecureMailer { |
24 | class SecureMailer { |
25 | private $headers = ''; |
25 | private $headers = ''; |
26 | 26 | ||
27 | // TODO: This should rather be private, but it won't work |
27 | // TODO: This should rather be private, but it won't work |
28 | const endl = "\n"; // GMX doesn't like CRLF! wtf?! (tested in Postfix in Linux) |
28 | const endl = "\n"; // GMX doesn't like CRLF! wtf?! (tested in Postfix in Linux) |
29 | 29 | ||
30 | private function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) { |
30 | private function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) { |
31 | // Prevents eMail header injections |
31 | // Prevents eMail header injections |
32 | // Source: http://www.erich-kachel.de/?p=26 (modified) |
32 | // Source: http://www.erich-kachel.de/?p=26 (modified) |
33 | 33 | ||
34 | /* replace until done */ |
34 | /* replace until done */ |
35 | $filtered = null; |
35 | $filtered = null; |
36 | while (is_null($filtered) || ($param_ != $filtered)) { |
36 | while (is_null($filtered) || ($param_ != $filtered)) { |
37 | if (!is_null($filtered)) { |
37 | if (!is_null($filtered)) { |
38 | $param_ = $filtered; |
38 | $param_ = $filtered; |
39 | } |
39 | } |
40 | 40 | ||
41 | $filtered = preg_replace("/(Content-Transfer-Encoding:|MIME-Version:|content-type:|Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $param_); |
41 | $filtered = preg_replace("/(Content-Transfer-Encoding:|MIME-Version:|content-type:|Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $param_); |
42 | } |
42 | } |
43 | 43 | ||
44 | unset($filtered); |
44 | unset($filtered); |
45 | 45 | ||
46 | if ($level_ >= 2) { |
46 | if ($level_ >= 2) { |
47 | /* replace until done */ |
47 | /* replace until done */ |
48 | while (!isset($filtered) || ($param_ != $filtered)) { |
48 | while (!isset($filtered) || ($param_ != $filtered)) { |
49 | if (isset($filtered)) { |
49 | if (isset($filtered)) { |
50 | $param_ = $filtered; |
50 | $param_ = $filtered; |
51 | } |
51 | } |
52 | 52 | ||
53 | $filtered = preg_replace("/(%0A|\\\\r|%0D|\\\\n|%00|\\\\0|%09|\\\\t|%01|%02|%03|%04|%05|%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", '', $param_); |
53 | $filtered = preg_replace("/(%0A|\\\\r|%0D|\\\\n|%00|\\\\0|%09|\\\\t|%01|%02|%03|%04|%05|%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", '', $param_); |
54 | } |
54 | } |
55 | } |
55 | } |
56 | 56 | ||
57 | return $param_; |
57 | return $param_; |
58 | } |
58 | } |
59 | 59 | ||
60 | private function getHeaders() { |
60 | private function getHeaders() { |
61 | return $this->headers; |
61 | return $this->headers; |
62 | } |
62 | } |
63 | 63 | ||
64 | private static function mail_base64_encode($text) { |
64 | private static function mail_base64_encode($text) { |
65 | // Why 72? Seen here: http://linux.dsplabs.com.au/munpack-mime-base64-multi-part-attachment-php-perl-decode-email-pdf-p82/ |
65 | // Why 72? Seen here: http://linux.dsplabs.com.au/munpack-mime-base64-multi-part-attachment-php-perl-decode-email-pdf-p82/ |
66 | return wordwrap(base64_encode($text), 72, self::endl, true); |
66 | return wordwrap(base64_encode($text), 72, self::endl, true); |
67 | } |
67 | } |
68 | 68 | ||
69 | private function headerLine($name, $value) { |
69 | private function headerLine($name, $value) { |
70 | // Change 2011-02-09 |
70 | // Change 2011-02-09 |
71 | // LF is OK! CRLF does lead to CR+CRLF on some systems! |
71 | // LF is OK! CRLF does lead to CR+CRLF on some systems! |
72 | // http://bugs.php.net/bug.php?id=15841 |
72 | // http://bugs.php.net/bug.php?id=15841 |
73 | // The mail() function is not talking to an SMTP server, so RFC2822 does not apply here. mail() is talking to a command line program on the local system, and it is reasonable to expect that program to require system-native line breaks. |
73 | // The mail() function is not talking to an SMTP server, so RFC2822 does not apply here. mail() is talking to a command line program on the local system, and it is reasonable to expect that program to require system-native line breaks. |
74 | return $this->QB_SECURE_MAIL_PARAM($name).': '.$this->QB_SECURE_MAIL_PARAM($value)."\n"; |
74 | return $this->QB_SECURE_MAIL_PARAM($name).': '.$this->QB_SECURE_MAIL_PARAM($value)."\n"; |
75 | } |
75 | } |
76 | 76 | ||
77 | public function addHeader($name, $value) { |
77 | public function addHeader($name, $value) { |
78 | $this->headers .= $this->headerLine($name, $value); |
78 | $this->headers .= $this->headerLine($name, $value); |
79 | } |
79 | } |
80 | 80 | ||
81 | public static function utf8Subject($subject) { |
81 | public static function utf8Subject($subject) { |
- | 82 | $subject = mb_convert_encoding($subject, 'UTF-8'); |
|
82 | return '=?UTF-8?B?'.base64_encode(utf8_encode($subject)).'?='; |
83 | return '=?UTF-8?B?'.base64_encode($subject).'?='; |
83 | } |
84 | } |
84 | 85 | ||
85 | private function _sendMail($recipient, $subject, $message, $add_headers='') { |
86 | private function _sendMail($recipient, $subject, $message, $add_headers='') { |
86 | return @mail( |
87 | return @mail( |
87 | $this->QB_SECURE_MAIL_PARAM($recipient), |
88 | $this->QB_SECURE_MAIL_PARAM($recipient), |
88 | $this->QB_SECURE_MAIL_PARAM($subject), |
89 | $this->QB_SECURE_MAIL_PARAM($subject), |
89 | $this->QB_SECURE_MAIL_PARAM($message, 1), |
90 | $this->QB_SECURE_MAIL_PARAM($message, 1), |
90 | $this->getHeaders().$add_headers |
91 | $this->getHeaders().$add_headers |
91 | ); |
92 | ); |
92 | } |
93 | } |
93 | 94 | ||
94 | public function sendMail($recipient, $subject, $message) { |
95 | public function sendMail($recipient, $subject, $message) { |
95 | return $this->_sendMail($recipient, $subject, $message, ''); |
96 | return $this->_sendMail($recipient, $subject, $message, ''); |
96 | } |
97 | } |
97 | 98 | ||
98 | // TODO: generate plain from html (strip tags), optional |
99 | // TODO: generate plain from html (strip tags), optional |
99 | public function sendMailHTMLandPlainMultipart($to, $subject, $msg_html, $msg_plain) { |
100 | public function sendMailHTMLandPlainMultipart($to, $subject, $msg_html, $msg_plain) { |
100 | $boundary = uniqid('np'); |
101 | $boundary = uniqid('np'); |
101 | 102 | ||
102 | $msg_html = $this->QB_SECURE_MAIL_PARAM($msg_html, 1); |
103 | $msg_html = $this->QB_SECURE_MAIL_PARAM($msg_html, 1); |
103 | $msg_plain = $this->QB_SECURE_MAIL_PARAM($msg_plain, 1); |
104 | $msg_plain = $this->QB_SECURE_MAIL_PARAM($msg_plain, 1); |
104 | 105 | ||
105 | $add_headers = $this->headerLine('MIME-Version', '1.0'); |
106 | $add_headers = $this->headerLine('MIME-Version', '1.0'); |
106 | $add_headers .= $this->headerLine('Content-Type', 'multipart/alternative; boundary="'.$boundary.'"'); |
107 | $add_headers .= $this->headerLine('Content-Type', 'multipart/alternative; boundary="'.$boundary.'"'); |
107 | 108 | ||
108 | $message = "This is a MIME encoded message."; |
109 | $message = "This is a MIME encoded message."; |
109 | $message .= self::endl; |
110 | $message .= self::endl; |
110 | $message .= self::endl; |
111 | $message .= self::endl; |
111 | $message .= "--" . $boundary . self::endl; |
112 | $message .= "--" . $boundary . self::endl; |
112 | $message .= "Content-type: text/plain; charset=utf-8".self::endl; |
113 | $message .= "Content-type: text/plain; charset=utf-8".self::endl; |
113 | $message .= "Content-Transfer-Encoding: base64".self::endl; |
114 | $message .= "Content-Transfer-Encoding: base64".self::endl; |
114 | $message .= self::endl; |
115 | $message .= self::endl; |
115 | $message .= $this->mail_base64_encode($msg_plain); // better than wordwrap"ed-printable because of long lines (e.g. links) |
116 | $message .= $this->mail_base64_encode($msg_plain); // better than wordwrap"ed-printable because of long lines (e.g. links) |
116 | $message .= self::endl; |
117 | $message .= self::endl; |
117 | $message .= self::endl; |
118 | $message .= self::endl; |
118 | $message .= "--" . $boundary . self::endl; |
119 | $message .= "--" . $boundary . self::endl; |
119 | $message .= "Content-type: text/html; charset=utf-8".self::endl; |
120 | $message .= "Content-type: text/html; charset=utf-8".self::endl; |
120 | $message .= "Content-Transfer-Encoding: base64".self::endl; |
121 | $message .= "Content-Transfer-Encoding: base64".self::endl; |
121 | $message .= self::endl; |
122 | $message .= self::endl; |
122 | $message .= $this->mail_base64_encode($msg_html); |
123 | $message .= $this->mail_base64_encode($msg_html); |
123 | $message .= self::endl; |
124 | $message .= self::endl; |
124 | $message .= self::endl."--" . $boundary . "--"; |
125 | $message .= self::endl."--" . $boundary . "--"; |
125 | 126 | ||
126 | return @mail( |
127 | return @mail( |
127 | $this->QB_SECURE_MAIL_PARAM($to), |
128 | $this->QB_SECURE_MAIL_PARAM($to), |
128 | $this->QB_SECURE_MAIL_PARAM($subject), |
129 | $this->QB_SECURE_MAIL_PARAM($subject), |
129 | $message, |
130 | $message, |
130 | $this->getHeaders().$add_headers |
131 | $this->getHeaders().$add_headers |
131 | ); |
132 | ); |
132 | } |
133 | } |
133 | } |
134 | } |
134 | 135 |