baae319aef
PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as: 1.2.0: • QA release - stable. • Updated minimum dependencies (Net_SMTP, PEAR, PHP) • Doc Bug #15620 Licence change to BSD • Bug #13659 Mail parse error in special condition • Bug #16200 - Security hole allow to read/write Arbitrary File _hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137). • Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772). • Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764). • Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766). PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail: 1.4.2: • Fixing header string quoting in data(). (Bug #17199) 1.4.1: • The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349) • Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012) 1.4.0: • The data() method now accepts either a string or a file resource containing the message data. (Request #16962) 1.3.4: • All Net_Socket write failures are now recognized. (Bug #16831) 1.3.3: • Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail] • We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254) • You can now specify a debug output handler via setDebug(). (Request #16420) 1.3.2: • TLS connection only gets started if no AUTH methods are sent. (Bug #14944)
172 lines
6.5 KiB
PHP
Executable File
172 lines
6.5 KiB
PHP
Executable File
<?php
|
|
//
|
|
// +----------------------------------------------------------------------+
|
|
// | PHP Version 4 |
|
|
// +----------------------------------------------------------------------+
|
|
// | Copyright (c) 1997-2003 The PHP Group |
|
|
// +----------------------------------------------------------------------+
|
|
// | This source file is subject to version 2.02 of the PHP license, |
|
|
// | that is bundled with this package in the file LICENSE, and is |
|
|
// | available at through the world-wide-web at |
|
|
// | http://www.php.net/license/2_02.txt. |
|
|
// | If you did not receive a copy of the PHP license and are unable to |
|
|
// | obtain it through the world-wide-web, please send a note to |
|
|
// | license@php.net so we can mail you a copy immediately. |
|
|
// +----------------------------------------------------------------------+
|
|
// | Author: Chuck Hagenbuch <chuck@horde.org> |
|
|
// +----------------------------------------------------------------------+
|
|
|
|
/**
|
|
* Sendmail implementation of the PEAR Mail:: interface.
|
|
* @access public
|
|
* @package Mail
|
|
* @version $Revision: 294744 $
|
|
*/
|
|
class Mail_sendmail extends Mail {
|
|
|
|
/**
|
|
* The location of the sendmail or sendmail wrapper binary on the
|
|
* filesystem.
|
|
* @var string
|
|
*/
|
|
var $sendmail_path = '/usr/sbin/sendmail';
|
|
|
|
/**
|
|
* Any extra command-line parameters to pass to the sendmail or
|
|
* sendmail wrapper binary.
|
|
* @var string
|
|
*/
|
|
var $sendmail_args = '-i';
|
|
|
|
/**
|
|
* Constructor.
|
|
*
|
|
* Instantiates a new Mail_sendmail:: object based on the parameters
|
|
* passed in. It looks for the following parameters:
|
|
* sendmail_path The location of the sendmail binary on the
|
|
* filesystem. Defaults to '/usr/sbin/sendmail'.
|
|
*
|
|
* sendmail_args Any extra parameters to pass to the sendmail
|
|
* or sendmail wrapper binary.
|
|
*
|
|
* If a parameter is present in the $params array, it replaces the
|
|
* default.
|
|
*
|
|
* @param array $params Hash containing any parameters different from the
|
|
* defaults.
|
|
* @access public
|
|
*/
|
|
function Mail_sendmail($params)
|
|
{
|
|
if (isset($params['sendmail_path'])) {
|
|
$this->sendmail_path = $params['sendmail_path'];
|
|
}
|
|
if (isset($params['sendmail_args'])) {
|
|
$this->sendmail_args = $params['sendmail_args'];
|
|
}
|
|
|
|
/*
|
|
* Because we need to pass message headers to the sendmail program on
|
|
* the commandline, we can't guarantee the use of the standard "\r\n"
|
|
* separator. Instead, we use the system's native line separator.
|
|
*/
|
|
if (defined('PHP_EOL')) {
|
|
$this->sep = PHP_EOL;
|
|
} else {
|
|
$this->sep = (strpos(PHP_OS, 'WIN') === false) ? "\n" : "\r\n";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Implements Mail::send() function using the sendmail
|
|
* command-line binary.
|
|
*
|
|
* @param mixed $recipients Either a comma-seperated list of recipients
|
|
* (RFC822 compliant), or an array of recipients,
|
|
* each RFC822 valid. This may contain recipients not
|
|
* specified in the headers, for Bcc:, resending
|
|
* messages, etc.
|
|
*
|
|
* @param array $headers The array of headers to send with the mail, in an
|
|
* associative array, where the array key is the
|
|
* header name (ie, 'Subject'), and the array value
|
|
* is the header value (ie, 'test'). The header
|
|
* produced from those values would be 'Subject:
|
|
* test'.
|
|
*
|
|
* @param string $body The full text of the message body, including any
|
|
* Mime parts, etc.
|
|
*
|
|
* @return mixed Returns true on success, or a PEAR_Error
|
|
* containing a descriptive error message on
|
|
* failure.
|
|
* @access public
|
|
*/
|
|
function send($recipients, $headers, $body)
|
|
{
|
|
if (!is_array($headers)) {
|
|
return PEAR::raiseError('$headers must be an array');
|
|
}
|
|
|
|
$result = $this->_sanitizeHeaders($headers);
|
|
if (is_a($result, 'PEAR_Error')) {
|
|
return $result;
|
|
}
|
|
|
|
$recipients = $this->parseRecipients($recipients);
|
|
if (is_a($recipients, 'PEAR_Error')) {
|
|
return $recipients;
|
|
}
|
|
$recipients = implode(' ', array_map('escapeshellarg', $recipients));
|
|
|
|
$headerElements = $this->prepareHeaders($headers);
|
|
if (is_a($headerElements, 'PEAR_Error')) {
|
|
return $headerElements;
|
|
}
|
|
list($from, $text_headers) = $headerElements;
|
|
|
|
/* Since few MTAs are going to allow this header to be forged
|
|
* unless it's in the MAIL FROM: exchange, we'll use
|
|
* Return-Path instead of From: if it's set. */
|
|
if (!empty($headers['Return-Path'])) {
|
|
$from = $headers['Return-Path'];
|
|
}
|
|
|
|
if (!isset($from)) {
|
|
return PEAR::raiseError('No from address given.');
|
|
} elseif (strpos($from, ' ') !== false ||
|
|
strpos($from, ';') !== false ||
|
|
strpos($from, '&') !== false ||
|
|
strpos($from, '`') !== false) {
|
|
return PEAR::raiseError('From address specified with dangerous characters.');
|
|
}
|
|
|
|
$from = escapeshellarg($from); // Security bug #16200
|
|
|
|
$mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
|
|
if (!$mail) {
|
|
return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');
|
|
}
|
|
|
|
// Write the headers following by two newlines: one to end the headers
|
|
// section and a second to separate the headers block from the body.
|
|
fputs($mail, $text_headers . $this->sep . $this->sep);
|
|
|
|
fputs($mail, $body);
|
|
$result = pclose($mail);
|
|
if (version_compare(phpversion(), '4.2.3') == -1) {
|
|
// With older php versions, we need to shift the pclose
|
|
// result to get the exit code.
|
|
$result = $result >> 8 & 0xFF;
|
|
}
|
|
|
|
if ($result != 0) {
|
|
return PEAR::raiseError('sendmail returned error code ' . $result,
|
|
$result);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
}
|