Fixed issue #17284: Formprotection persistToken method is called too often, causing...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_formmail.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Contains a class for formmail
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
32 *
33 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 69: class t3lib_formmail
41 * 95: function start($V,$base64=false)
42 * 172: function addAttachment($file, $filename)
43 *
44 * TOTAL FUNCTIONS: 2
45 * (This index is automatically created/updated by the extension "extdeveval")
46 *
47 */
48
49
50 /**
51 * Formmail class, used by the TYPO3 "cms" extension (default frontend) to send email forms.
52 *
53 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
54 * @package TYPO3
55 * @subpackage t3lib
56 * @see tslib_fe::sendFormmail(), t3lib/formmail.php
57 */
58 class t3lib_formmail {
59 protected $reserved_names = 'recipient,recipient_copy,auto_respond_msg,auto_respond_checksum,redirect,subject,attachment,from_email,from_name,replyto_email,replyto_name,organisation,priority,html_enabled,quoted_printable,submit_x,submit_y';
60 protected $dirtyHeaders = array(); // collection of suspicious header data, used for logging
61
62 protected $characterSet;
63 protected $subject;
64 protected $fromName;
65 protected $replyToName;
66 protected $organisation;
67 protected $fromAddress;
68 protected $replyToAddress;
69 protected $priority;
70 protected $autoRespondMessage;
71 protected $encoding = 'quoted-printable';
72
73 /** @var t3lib_mail_Message */
74 protected $mailMessage;
75 protected $recipient;
76 protected $returnPath;
77 protected $plainContent = '';
78
79 /** @var array Files to clean up at the end (attachments) */
80 protected $temporaryFiles = array();
81
82 /**
83 * Start function
84 * This class is able to generate a mail in formmail-style from the data in $V
85 * Fields:
86 *
87 * [recipient]: email-adress of the one to receive the mail. If array, then all values are expected to be recipients
88 * [attachment]: ....
89 *
90 * [subject]: The subject of the mail
91 * [from_email]: Sender email. If not set, [email] is used
92 * [from_name]: Sender name. If not set, [name] is used
93 * [replyto_email]: Reply-to email. If not set [from_email] is used
94 * [replyto_name]: Reply-to name. If not set [from_name] is used
95 * [organisation]: Organization (header)
96 * [priority]: Priority, 1-5, default 3
97 * [html_enabled]: If mail is sent as html
98 * [use_base64]: If set, base64 encoding will be used instead of quoted-printable
99 *
100 * @param array Contains values for the field names listed above (with slashes removed if from POST input)
101 * @param boolean Whether to base64 encode the mail content
102 * @return void
103 */
104 function start($valueList, $base64 = false) {
105
106 $this->mailMessage = t3lib_div::makeInstance('t3lib_mail_Message');
107
108 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['forceReturnPath']) {
109 $this->returnPath = $GLOBALS['TYPO3_CONF_VARS']['SYS']['forceReturnPath'];
110 $this->mailMessage->setReturnPath($this->returnPath);
111 }
112 $this->mailMessage->getHeaders()->addTextHeader('X-Mailer', 'TYPO3');
113
114 if ($GLOBALS['TSFE']->config['config']['formMailCharset']) {
115 // Respect formMailCharset if it was set
116 $this->characterSet = $GLOBALS['TSFE']->csConvObj->parse_charset($GLOBALS['TSFE']->config['config']['formMailCharset']);
117 } elseif ($GLOBALS['TSFE']->metaCharset != $GLOBALS['TSFE']->renderCharset) {
118 // Use metaCharset for mail if different from renderCharset
119 $this->characterSet = $GLOBALS['TSFE']->metaCharset;
120 }
121
122 if ($base64 || $valueList['use_base64']) {
123 $this->encoding = 'base64';
124 }
125
126 if (isset($valueList['recipient'])) {
127 // convert form data from renderCharset to mail charset
128 $this->subject = ($valueList['subject'])
129 ? $valueList['subject']
130 : 'Formmail on ' . t3lib_div::getIndpEnv('HTTP_HOST');
131 $this->subject = $this->sanitizeHeaderString($this->subject);
132
133 $this->fromName = ($valueList['from_name'])
134 ? $valueList['from_name']
135 : (($valueList['name']) ? $valueList['name'] : '');
136 $this->fromName = $this->sanitizeHeaderString($this->fromName);
137 $this->fromName = preg_match('/\s|,/', $this->fromName) >= 1 ? '"' . $this->fromName . '"' : $this->fromName;
138
139 $this->replyToName = ($valueList['replyto_name']) ? $valueList['replyto_name'] : $this->fromName;
140 $this->replyToName = $this->sanitizeHeaderString($this->replyToName);
141 $this->replyToName = preg_match('/\s|,/', $this->replyToName) >= 1 ? '"' . $this->replyToName . '"' : $this->replyToName;
142
143 $this->organisation = ($valueList['organisation']) ? $valueList['organisation'] : '';
144 $this->organisation = $this->sanitizeHeaderString($this->organisation);
145
146 $this->fromAddress = ($valueList['from_email']) ? $valueList['from_email'] : (
147 ($valueList['email']) ? $valueList['email'] : ''
148 );
149 $this->fromAddress = t3lib_div::validEmail($this->fromAddress)
150 ? $this->fromAddress
151 : t3lib_utility_Mail::getSystemFromAddress();
152
153 $this->replyToAddress = ($valueList['replyto_email']) ? $valueList['replyto_email'] : $this->fromAddress;
154 $this->replyToAddress = t3lib_div::validEmail($this->replyToAddress)
155 ? $this->replyToAddress
156 : t3lib_utility_Mail::getSystemFromAddress();
157
158 $this->priority = ($valueList['priority']) ? t3lib_div::intInRange($valueList['priority'], 1, 5) : 3;
159
160 // auto responder
161 $this->autoRespondMessage = (trim($valueList['auto_respond_msg']) && $this->fromAddress)
162 ? trim($valueList['auto_respond_msg'])
163 : '';
164
165 if ($this->autoRespondMessage !== '') {
166 // Check if the value of the auto responder message has been modified with evil intentions
167 $autoRespondChecksum = $valueList['auto_respond_checksum'];
168 $correctHmacChecksum = t3lib_div::hmac($this->autoRespondMessage);
169 if ($autoRespondChecksum !== $correctHmacChecksum) {
170 t3lib_div::sysLog('Possible misuse of t3lib_formmail auto respond method. Subject: ' . $valueList['subject'],
171 'Core',
172 3);
173 return;
174 } else {
175 $this->autoRespondMessage = $this->sanitizeHeaderString($this->autoRespondMessage);
176 }
177 }
178
179 $plainTextContent = '';
180 $htmlContent = '<table border="0" cellpadding="2" cellspacing="2">';
181
182 // Runs through $V and generates the mail
183 if (is_array($valueList)) {
184 foreach ($valueList as $key => $val) {
185 if (!t3lib_div::inList($this->reserved_names, $key)) {
186 $space = (strlen($val) > 60) ? LF : '';
187 $val = (is_array($val) ? implode($val, LF) : $val);
188
189 // convert form data from renderCharset to mail charset (HTML may use entities)
190 $plainTextValue = $val;
191 $HtmlValue = htmlspecialchars($val);
192
193 $plainTextContent .= strtoupper($key) . ': ' . $space . $plainTextValue . LF . $space;
194 $htmlContent .= '<tr><td bgcolor="#eeeeee"><font face="Verdana" size="1"><strong>' . strtoupper($key)
195 . '</strong></font></td><td bgcolor="#eeeeee"><font face="Verdana" size="1">' . nl2br($HtmlValue)
196 . '&nbsp;</font></td></tr>';
197 }
198 }
199 }
200 $htmlContent .= '</table>';
201
202 $this->plainContent = $plainTextContent;
203
204 if ($valueList['html_enabled']) {
205 $this->mailMessage->setBody($htmlContent, 'text/html');
206 $this->mailMessage->addPart($plainTextContent, 'text/plain');
207 } else {
208 $this->mailMessage->setBody($plainTextContent, 'text/plain');
209 }
210
211 for ($a = 0; $a < 10; $a++) {
212 $variableName = 'attachment' . (($a) ? $a : '');
213 if (!isset($_FILES[$variableName])) {
214 continue;
215 }
216 if (!is_uploaded_file($_FILES[$variableName]['tmp_name'])) {
217 t3lib_div::sysLog('Possible abuse of t3lib_formmail: temporary file "' . $_FILES[$variableName]['tmp_name']
218 . '" ("' . $_FILES[$variableName]['name'] . '") was not an uploaded file.', 'Core', 3);
219 }
220 if ($_FILES[$variableName]['tmp_name']['error'] !== UPLOAD_ERR_OK) {
221 t3lib_div::sysLog('Error in uploaded file in t3lib_formmail: temporary file "'
222 . $_FILES[$variableName]['tmp_name'] . '" ("' . $_FILES[$variableName]['name'] . '") Error code: '
223 . $_FILES[$variableName]['tmp_name']['error'], 'Core', 3);
224 }
225 $theFile = t3lib_div::upload_to_tempfile($_FILES[$variableName]['tmp_name']);
226 $theName = $_FILES[$variableName]['name'];
227
228 if ($theFile && file_exists($theFile)) {
229 if (filesize($theFile) < $GLOBALS['TYPO3_CONF_VARS']['FE']['formmailMaxAttachmentSize']) {
230 $this->mailMessage->attach(Swift_Attachment::fromPath($theFile)->setFilename($theName));
231 }
232 }
233 $this->temporaryFiles[] = $theFile;
234 }
235
236 $this->recipient = $valueList['recipient'];
237 $this->mailMessage->setSubject($this->subject)
238 ->setFrom(array($this->fromAddress => $this->fromName))
239 ->setTo($this->recipient)
240 ->setPriority($this->priority);
241 $this->mailMessage->getHeaders()->addTextHeader('Organization', $this->organisation);
242 if ($valueList['recipient_copy']) {
243 $this->mailMessage->addCc(trim($valueList['recipient_copy']));
244 }
245 if ($this->characterSet) {
246 $this->mailMessage->setCharset($this->characterSet);
247 }
248 // Ignore target encoding. This is handled automatically by Swift Mailer and overriding the defaults
249 // is not worth the trouble
250
251 // log dirty header lines
252 if ($this->dirtyHeaders) {
253 t3lib_div::sysLog('Possible misuse of t3lib_formmail: see TYPO3 devLog', 'Core', 3);
254 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG']) {
255 t3lib_div::devLog('t3lib_formmail: ' . t3lib_div::arrayToLogString($this->dirtyHeaders, '', 200), 'Core', 3);
256 }
257 }
258 }
259 }
260
261 /**
262 * Checks string for suspicious characters
263 *
264 * @param string String to check
265 * @return string Valid or empty string
266 */
267 protected function sanitizeHeaderString($string) {
268 $pattern = '/[\r\n\f\e]/';
269 if (preg_match($pattern, $string) > 0) {
270 $this->dirtyHeaders[] = $string;
271 $string = '';
272 }
273 return $string;
274 }
275
276 /**
277 * Sends the actual mail and handles autorespond message
278 *
279 * @return boolean
280 */
281 public function sendTheMail() {
282
283 // Sending the mail requires the recipient and message to be set.
284 if (!$this->mailMessage->getTo() || !trim($this->mailMessage->getBody())) {
285 return FALSE;
286 }
287
288 $this->mailMessage->send();
289
290 // Auto response
291 if ($this->autoRespondMessage) {
292 $theParts = explode('/', $this->autoRespondMessage, 2);
293 $theParts[0] = str_replace('###SUBJECT###', $this->subject, $theParts[0]);
294 $theParts[1] = str_replace("/", LF, $theParts[1]);
295 $theParts[1] = str_replace("###MESSAGE###", $this->plainContent, $theParts[1]);
296
297 /** @var $autoRespondMail t3lib_mail_Message */
298 $autoRespondMail = t3lib_div::makeInstance('t3lib_mail_Message');
299 $autoRespondMail->setTo($this->fromAddress)
300 ->setSubject($theParts[0])
301 ->setFrom($this->recipient)
302 ->setBody($theParts[1]);
303 if ($this->returnPath) {
304 $autoRespondMail->setReturnPath($this->returnPath);
305 }
306 $autoRespondMail->send();
307 }
308 return $this->mailMessage->isSent();
309 }
310
311 /**
312 * Do some cleanup at the end (deleting attachment files)
313 */
314 public function __destruct() {
315 foreach ($this->temporaryFiles as $file) {
316 t3lib_div::unlink_tempfile($file);
317 }
318 }
319 }
320
321
322 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php'])) {
323 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php']);
324 }
325
326 ?>