Subversion Repositories php_guestbook

Rev

Rev 3 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <?php
  2.  
  3. /*
  4.  * Secure Mailer PHP Class
  5.  * Copyright 2009-2013 Daniel Marschall, ViaThinkSoft
  6.  * QB_SECURE_MAIL_PARAM (C) Erich Kachel
  7.  * Version 2013-04-14
  8.  *
  9.  * Licensed under the Apache License, Version 2.0 (the "License");
  10.  * you may not use this file except in compliance with the License.
  11.  * You may obtain a copy of the License at
  12.  *
  13.  *     http://www.apache.org/licenses/LICENSE-2.0
  14.  *
  15.  * Unless required by applicable law or agreed to in writing, software
  16.  * distributed under the License is distributed on an "AS IS" BASIS,
  17.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18.  * See the License for the specific language governing permissions and
  19.  * limitations under the License.
  20.  */
  21.  
  22. // TODO: getHeaders() als single string , attachments , remove headers etc, headers als array in/out, Braucht man auch ein addRawHeader()?
  23.  
  24. class SecureMailer {
  25.         private $headers = '';
  26.  
  27.         // TODO: sollte eher private sein, geht aber net
  28.         const endl = "\n"; // GMX will kein CRLF! wtf?! (Unter Postfix in Linux)
  29.  
  30.         private function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) {
  31.                 // Verhindert Mail-Header-Injections
  32.                 // Quelle: http://www.erich-kachel.de/?p=26
  33.  
  34.                 /* replace until done */
  35.                 while (!isset($filtered) || ($param_ != $filtered)) {
  36.                         if (isset($filtered)) {
  37.                         $param_ = $filtered;
  38.                 }
  39.  
  40.                         $filtered = preg_replace("/(Content-Transfer-Encoding:|MIME-Version:|content-type:|Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $param_);
  41.                 }
  42.  
  43.                 unset($filtered);
  44.  
  45.                 if ($level_ >= 2) {
  46.                         /* replace until done */
  47.                         while (!isset($filtered) || ($param_ != $filtered)) {
  48.                                 if (isset($filtered)) {
  49.                                         $param_ = $filtered;
  50.                                 }
  51.  
  52.                                 $filtered = preg_replace("/(%0A|\\\\r|%0D|\\\\n|%00|\\\\0|%09|\\\\t|%01|%02|%03|%04|%05|%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", '', $param_);
  53.                         }
  54.                 }
  55.  
  56.                 return $param_;
  57.         }
  58.  
  59.         private function getHeaders() {
  60.                 return $this->headers;
  61.         }
  62.  
  63.         private static function mail_base64_encode($text) {
  64.                 // Why 72? Seen here: http://linux.dsplabs.com.au/munpack-mime-base64-multi-part-attachment-php-perl-decode-email-pdf-p82/
  65.                 return wordwrap(base64_encode($text), 72, self::endl, true);
  66.         }
  67.  
  68.         private function headerLine($name, $value) {
  69.                 // Change 2011-02-09
  70.                 // LF is OK! CRLF does lead to CR+CRLF on some systems!
  71.                 // http://bugs.php.net/bug.php?id=15841
  72.                 // The mail() function is not talking to an SMTP server, so RFC2822 does not apply here. mail() is talking to a command line program on the local system, and it is reasonable to expect that program to require system-native line breaks.
  73.                 return $this->QB_SECURE_MAIL_PARAM($name).': '.$this->QB_SECURE_MAIL_PARAM($value)."\n";
  74.         }
  75.  
  76.         public function addHeader($name, $value) {
  77.                 $this->headers .= $this->headerLine($name, $value);
  78.         }
  79.  
  80.         public static function utf8Subject($subject) {
  81.                 return '=?UTF-8?B?'.base64_encode(utf8_encode($subject)).'?=';
  82.         }
  83.  
  84.         private function _sendMail($recipient, $subject, $message, $add_headers='') {
  85.                 return @mail(
  86.                         $this->QB_SECURE_MAIL_PARAM($recipient),
  87.                         $this->QB_SECURE_MAIL_PARAM($subject),
  88.                         $this->QB_SECURE_MAIL_PARAM($message, 1),
  89.                         $this->getHeaders().$add_headers
  90.                 );
  91.         }
  92.  
  93.         public function sendMail($recipient, $subject, $message) {
  94.                 return $this->_sendMail($recipient, $subject, $message, '');
  95.         }
  96.  
  97.         // TODO: plain aus html berechnen als optional?
  98.         public function sendMailHTMLandPlainMultipart($to, $subject, $msg_html, $msg_plain) {
  99.                 $boundary = uniqid('np');
  100.  
  101.                 $msg_html  = $this->QB_SECURE_MAIL_PARAM($msg_html,  1);
  102.                 $msg_plain = $this->QB_SECURE_MAIL_PARAM($msg_plain, 1);
  103.  
  104.                 $add_headers  = $this->headerLine('MIME-Version', '1.0');
  105.                 $add_headers .= $this->headerLine('Content-Type', 'multipart/alternative; boundary="'.$boundary.'"');
  106.  
  107.                 $message  = "This is a MIME encoded message.";
  108.                 $message .= self::endl;
  109.                 $message .= self::endl;
  110.                 $message .= "--" . $boundary . self::endl;
  111.                 $message .= "Content-type: text/plain; charset=utf-8".self::endl;
  112.                 $message .= "Content-Transfer-Encoding: base64".self::endl;
  113.                 $message .= self::endl;
  114.                 $message .= $this->mail_base64_encode($msg_plain); // better than wordwrap&quoted-printable because of long lines (e.g. links)
  115.                 $message .= self::endl;
  116.                 $message .= self::endl;
  117.                 $message .= "--" . $boundary . self::endl;
  118.                 $message .= "Content-type: text/html; charset=utf-8".self::endl;
  119.                 $message .= "Content-Transfer-Encoding: base64".self::endl;
  120.                 $message .= self::endl;
  121.                 $message .= $this->mail_base64_encode($msg_html);
  122.                 $message .= self::endl;
  123.                 $message .= self::endl."--" . $boundary . "--";
  124.  
  125.                 return @mail(
  126.                         $this->QB_SECURE_MAIL_PARAM($to),
  127.                         $this->QB_SECURE_MAIL_PARAM($subject),
  128.                         $message,
  129.                         $this->getHeaders().$add_headers
  130.                 );
  131.         }
  132. }
  133.