14050_cleaning_t3lib_arraybrowser
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_formmail.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2010 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Contains a class for formmail
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
32 *
33 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 69: class t3lib_formmail extends t3lib_htmlmail
41 * 95: function start($V,$base64=false)
42 * 172: function addAttachment($file, $filename)
43 *
44 * TOTAL FUNCTIONS: 2
45 * (This index is automatically created/updated by the extension "extdeveval")
46 *
47 */
48
49
50
51
52
53
54
55
56
57
58
59
60
61 /**
62 * Formmail class, used by the TYPO3 "cms" extension (default frontend) to send email forms.
63 *
64 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
65 * @package TYPO3
66 * @subpackage t3lib
67 * @see tslib_fe::sendFormmail(), t3lib/formmail.php
68 */
69 class t3lib_formmail extends t3lib_htmlmail {
70 protected $reserved_names = 'recipient,recipient_copy,auto_respond_msg,auto_respond_checksum,redirect,subject,attachment,from_email,from_name,replyto_email,replyto_name,organisation,priority,html_enabled,quoted_printable,submit_x,submit_y';
71 var $dirtyHeaders = array(); // collection of suspicious header data, used for logging
72
73
74 /**
75 * Start function
76 * This class is able to generate a mail in formmail-style from the data in $V
77 * Fields:
78 *
79 * [recipient]: email-adress of the one to receive the mail. If array, then all values are expected to be recipients
80 * [attachment]: ....
81 *
82 * [subject]: The subject of the mail
83 * [from_email]: Sender email. If not set, [email] is used
84 * [from_name]: Sender name. If not set, [name] is used
85 * [replyto_email]: Reply-to email. If not set [from_email] is used
86 * [replyto_name]: Reply-to name. If not set [from_name] is used
87 * [organisation]: Organization (header)
88 * [priority]: Priority, 1-5, default 3
89 * [html_enabled]: If mail is sent as html
90 * [use_base64]: If set, base64 encoding will be used instead of quoted-printable
91 *
92 * @param array Contains values for the field names listed above (with slashes removed if from POST input)
93 * @param boolean Whether to base64 encode the mail content
94 * @return void
95 */
96 function start($V,$base64=false) {
97 $convCharset = FALSE; // do we need to convert form data?
98
99 if ($GLOBALS['TSFE']->config['config']['formMailCharset']) { // Respect formMailCharset if it was set
100 $this->charset = $GLOBALS['TSFE']->csConvObj->parse_charset($GLOBALS['TSFE']->config['config']['formMailCharset']);
101 $convCharset = TRUE;
102
103 } elseif ($GLOBALS['TSFE']->metaCharset != $GLOBALS['TSFE']->renderCharset) { // Use metaCharset for mail if different from renderCharset
104 $this->charset = $GLOBALS['TSFE']->metaCharset;
105 $convCharset = TRUE;
106 }
107
108 parent::start();
109
110 if ($base64 || $V['use_base64']) { $this->useBase64(); }
111
112 if (isset($V['recipient'])) {
113 // convert form data from renderCharset to mail charset
114 $val = ($V['subject']) ? $V['subject'] : 'Formmail on '.t3lib_div::getIndpEnv('HTTP_HOST');
115 $this->subject = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
116 $this->subject = $this->sanitizeHeaderString($this->subject);
117 $val = ($V['from_name']) ? $V['from_name'] : (($V['name'])?$V['name']:''); // Be careful when changing $val! It is used again as the fallback value for replyto_name
118 $this->from_name = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
119 $this->from_name = $this->sanitizeHeaderString($this->from_name);
120 $this->from_name = preg_match( '/\s|,/', $this->from_name ) >= 1 ? '"'.$this->from_name.'"' : $this->from_name;
121 $val = ($V['replyto_name']) ? $V['replyto_name'] : $val;
122 $this->replyto_name = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
123 $this->replyto_name = $this->sanitizeHeaderString($this->replyto_name);
124 $this->replyto_name = preg_match( '/\s|,/', $this->replyto_name ) >= 1 ? '"'.$this->replyto_name.'"' : $this->replyto_name;
125 $val = ($V['organisation']) ? $V['organisation'] : '';
126 $this->organisation = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
127 $this->organisation = $this->sanitizeHeaderString($this->organisation);
128
129 $this->from_email = ($V['from_email']) ? $V['from_email'] : (($V['email'])?$V['email']:'');
130 $this->from_email = t3lib_div::validEmail($this->from_email) ? $this->from_email : '';
131 $this->replyto_email = ($V['replyto_email']) ? $V['replyto_email'] : $this->from_email;
132 $this->replyto_email = t3lib_div::validEmail($this->replyto_email) ? $this->replyto_email : '';
133 $this->priority = ($V['priority']) ? t3lib_div::intInRange($V['priority'],1,5) : 3;
134
135 // auto responder
136 $this->auto_respond_msg = (trim($V['auto_respond_msg']) && $this->from_email) ? trim($V['auto_respond_msg']) : '';
137
138 if ($this->auto_respond_msg !== '') {
139 // Check if the value of the auto responder message has been modified with evil intentions
140 $autoRespondChecksum = $V['auto_respond_checksum'];
141 $correctHmacChecksum = t3lib_div::hmac($this->auto_respond_msg);
142 if ($autoRespondChecksum !== $correctHmacChecksum) {
143 t3lib_div::sysLog('Possible misuse of t3lib_formmail auto respond method. Subject: ' . $V['subject'], 'Core', 3);
144 return;
145 } else {
146 $this->auto_respond_msg = $this->sanitizeHeaderString($this->auto_respond_msg);
147 }
148 }
149
150 $Plain_content = '';
151 $HTML_content = '<table border="0" cellpadding="2" cellspacing="2">';
152
153 // Runs through $V and generates the mail
154 if (is_array($V)) {
155 foreach ($V as $key => $val) {
156 if (!t3lib_div::inList($this->reserved_names,$key)) {
157 $space = (strlen($val)>60)?LF:'';
158 $val = (is_array($val) ? implode($val,LF) : $val);
159
160 // convert form data from renderCharset to mail charset (HTML may use entities)
161 $Plain_val = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset,0) : $val;
162 $HTML_val = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv(htmlspecialchars($val),$GLOBALS['TSFE']->renderCharset,$this->charset,1) : htmlspecialchars($val);
163
164 $Plain_content.= strtoupper($key).': '.$space.$Plain_val.LF.$space;
165 $HTML_content.= '<tr><td bgcolor="#eeeeee"><font face="Verdana" size="1"><strong>'.strtoupper($key).'</strong></font></td><td bgcolor="#eeeeee"><font face="Verdana" size="1">'.nl2br($HTML_val).'&nbsp;</font></td></tr>';
166 }
167 }
168 }
169 $HTML_content.= '</table>';
170
171 if ($V['html_enabled']) {
172 $this->setHTML($this->encodeMsg($HTML_content));
173 }
174 $this->addPlain($Plain_content);
175
176 for ($a=0;$a<10;$a++) {
177 $varname = 'attachment'.(($a)?$a:'');
178 if (!isset($_FILES[$varname])) {
179 continue;
180 }
181 if (!is_uploaded_file($_FILES[$varname]['tmp_name'])) {
182 t3lib_div::sysLog('Possible abuse of t3lib_formmail: temporary file "'.$_FILES[$varname]['tmp_name'].'" ("'.$_FILES[$varname]['name'].'") was not an uploaded file.', 'Core', 3);
183 }
184 if ($_FILES[$varname]['tmp_name']['error'] !== UPLOAD_ERR_OK) {
185 t3lib_div::sysLog('Error in uploaded file in t3lib_formmail: temporary file "'.$_FILES[$varname]['tmp_name'].'" ("'.$_FILES[$varname]['name'].'") Error code: '.$_FILES[$varname]['tmp_name']['error'], 'Core', 3);
186 }
187 $theFile = t3lib_div::upload_to_tempfile($_FILES[$varname]['tmp_name']);
188 $theName = $_FILES[$varname]['name'];
189
190 if ($theFile && file_exists($theFile)) {
191 if (filesize($theFile) < $GLOBALS['TYPO3_CONF_VARS']['FE']['formmailMaxAttachmentSize']) {
192 $this->addAttachment($theFile, $theName);
193 }
194 }
195 t3lib_div::unlink_tempfile($theFile);
196 }
197
198 $this->setHeaders();
199 $this->setContent();
200 $this->setRecipient($V['recipient']);
201 if ($V['recipient_copy']) {
202 $this->recipient_copy = trim($V['recipient_copy']);
203 }
204 // log dirty header lines
205 if ($this->dirtyHeaders) {
206 t3lib_div::sysLog( 'Possible misuse of t3lib_formmail: see TYPO3 devLog', 'Core', 3 );
207 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG']) {
208 t3lib_div::devLog( 't3lib_formmail: '. t3lib_div::arrayToLogString($this->dirtyHeaders, '', 200 ), 'Core', 3 );
209 }
210 }
211 }
212 }
213
214 /**
215 * Adds an attachment to the mail
216 *
217 * @param string The absolute path to the file to add as attachment
218 * @param string The files original filename (not necessarily the same as the current since this could be uploaded files...)
219 * @return boolean True if the file existed and was added.
220 * @access private
221 */
222 function addAttachment($file, $filename) {
223 $content = $this->getURL($file); // We fetch the content and the mime-type
224 $fileInfo = $this->split_fileref($filename);
225 if ($fileInfo['fileext'] == 'gif') {$content_type = 'image/gif';}
226 if ($fileInfo['fileext'] == 'bmp') {$content_type = 'image/bmp';}
227 if ($fileInfo['fileext'] == 'jpg' || $fileInfo['fileext'] == 'jpeg') {$content_type = 'image/jpeg';}
228 if ($fileInfo['fileext'] == 'html' || $fileInfo['fileext'] == 'htm') {$content_type = 'text/html';}
229 if (!$content_type) {$content_type = 'application/octet-stream';}
230
231 if ($content) {
232 $theArr['content_type']= $content_type;
233 $theArr['content']= $content;
234 $theArr['filename']= $filename;
235 $this->theParts['attach'][]=$theArr;
236 return true;
237 } else { return false;}
238 }
239
240
241 /**
242 * Checks string for suspicious characters
243 *
244 * @param string String to check
245 * @return string Valid or empty string
246 */
247 function sanitizeHeaderString ($string) {
248 $pattern = '/[\r\n\f\e]/';
249 if (preg_match($pattern, $string) > 0) {
250 $this->dirtyHeaders[] = $string;
251 $string = '';
252 }
253 return $string;
254 }
255 }
256
257
258 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php']) {
259 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php']);
260 }
261
262 ?>