ViaThinkSoft CodeLib
This article is in:
CodeLib → Programming aids → PHP
<?php
// Secure Mailer PHP Class
// Revision: 2011-02-09
// (C) 2009 - 2011 ViaThinkSoft
// QB_SECURE_MAIL_PARAM (C) Erich Kachel
class SecureMailer {
private $headers = '';
private function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) {
// Verhindert Mail-Header-Injections
// Quelle: http://www.erich-kachel.de/?p=26
unset($filtered);
/* replace until done */
while ($param_ != $filtered || !isset($filtered)) {
if (isset($filtered)) {
$param_ = $filtered;
}
$filtered = preg_replace("/(Content-Transfer-Encoding:|MIME-Version:|content-type:|Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $param_);
}
unset($filtered);
if ($level_ >= 2) {
/* replace until done */
while ($param_ != $filtered || !isset($filtered)) {
if (isset($filtered)) {
$param_ = $filtered;
}
$filtered = preg_replace("/(%0A|\\r|%0D|\\n|%00|\\0|%09|\\t|%01|%02|%03|%04|%05|%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", '', $param_);
}
}
return $param_;
}
private function getHeaders() {
return $this->headers;
}
function addHeader($name, $value) {
// Change 2011-02-09
// LF is OK! CRLF does lead to CR+CRLF on some systems!
// http://bugs.php.net/bug.php?id=15841
// The mail() function is not talking to an SMTP server, so RFC2822 does not apply here. mail() is talking to a command line program on the local system, and it is reasonable to expect that program to require system-native line breaks.
$this->headers .= $this->QB_SECURE_MAIL_PARAM($name).': '.$this->QB_SECURE_MAIL_PARAM($value)."n"; // rn
}
// TODO: Braucht man auch ein addRawHeader()?
function sendMail($recipient, $subject, $message) {
return @mail($this->QB_SECURE_MAIL_PARAM($recipient),
$this->QB_SECURE_MAIL_PARAM($subject),
$this->QB_SECURE_MAIL_PARAM($message, 1),
$this->getHeaders());
}
}
?>
Daniel Marschall
ViaThinkSoft Co-Founder
ViaThinkSoft Co-Founder