Fixed bug #14050: CleanUp - CGL format of t3lib files - t3lib_scbase
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_formmail.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2010 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Contains a class for formmail
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
32 *
33 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 69: class t3lib_formmail extends t3lib_htmlmail
41 * 95: function start($V,$base64=false)
42 * 172: function addAttachment($file, $filename)
43 *
44 * TOTAL FUNCTIONS: 2
45 * (This index is automatically created/updated by the extension "extdeveval")
46 *
47 */
48
49
50 /**
51 * Formmail class, used by the TYPO3 "cms" extension (default frontend) to send email forms.
52 *
53 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
54 * @package TYPO3
55 * @subpackage t3lib
56 * @see tslib_fe::sendFormmail(), t3lib/formmail.php
57 */
58 class t3lib_formmail extends t3lib_htmlmail {
59 protected $reserved_names = 'recipient,recipient_copy,auto_respond_msg,auto_respond_checksum,redirect,subject,attachment,from_email,from_name,replyto_email,replyto_name,organisation,priority,html_enabled,quoted_printable,submit_x,submit_y';
60 var $dirtyHeaders = array(); // collection of suspicious header data, used for logging
61
62
63 /**
64 * Start function
65 * This class is able to generate a mail in formmail-style from the data in $V
66 * Fields:
67 *
68 * [recipient]: email-adress of the one to receive the mail. If array, then all values are expected to be recipients
69 * [attachment]: ....
70 *
71 * [subject]: The subject of the mail
72 * [from_email]: Sender email. If not set, [email] is used
73 * [from_name]: Sender name. If not set, [name] is used
74 * [replyto_email]: Reply-to email. If not set [from_email] is used
75 * [replyto_name]: Reply-to name. If not set [from_name] is used
76 * [organisation]: Organization (header)
77 * [priority]: Priority, 1-5, default 3
78 * [html_enabled]: If mail is sent as html
79 * [use_base64]: If set, base64 encoding will be used instead of quoted-printable
80 *
81 * @param array Contains values for the field names listed above (with slashes removed if from POST input)
82 * @param boolean Whether to base64 encode the mail content
83 * @return void
84 */
85 function start($V, $base64 = false) {
86 $convCharset = FALSE; // do we need to convert form data?
87
88 if ($GLOBALS['TSFE']->config['config']['formMailCharset']) { // Respect formMailCharset if it was set
89 $this->charset = $GLOBALS['TSFE']->csConvObj->parse_charset($GLOBALS['TSFE']->config['config']['formMailCharset']);
90 $convCharset = TRUE;
91
92 } elseif ($GLOBALS['TSFE']->metaCharset != $GLOBALS['TSFE']->renderCharset) { // Use metaCharset for mail if different from renderCharset
93 $this->charset = $GLOBALS['TSFE']->metaCharset;
94 $convCharset = TRUE;
95 }
96
97 parent::start();
98
99 if ($base64 || $V['use_base64']) {
100 $this->useBase64();
101 }
102
103 if (isset($V['recipient'])) {
104 // convert form data from renderCharset to mail charset
105 $val = ($V['subject']) ? $V['subject'] : 'Formmail on ' . t3lib_div::getIndpEnv('HTTP_HOST');
106 $this->subject = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val, $GLOBALS['TSFE']->renderCharset, $this->charset) : $val;
107 $this->subject = $this->sanitizeHeaderString($this->subject);
108 $val = ($V['from_name']) ? $V['from_name'] : (($V['name']) ? $V['name'] : ''); // Be careful when changing $val! It is used again as the fallback value for replyto_name
109 $this->from_name = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val, $GLOBALS['TSFE']->renderCharset, $this->charset) : $val;
110 $this->from_name = $this->sanitizeHeaderString($this->from_name);
111 $this->from_name = preg_match('/\s|,/', $this->from_name) >= 1 ? '"' . $this->from_name . '"' : $this->from_name;
112 $val = ($V['replyto_name']) ? $V['replyto_name'] : $val;
113 $this->replyto_name = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val, $GLOBALS['TSFE']->renderCharset, $this->charset) : $val;
114 $this->replyto_name = $this->sanitizeHeaderString($this->replyto_name);
115 $this->replyto_name = preg_match('/\s|,/', $this->replyto_name) >= 1 ? '"' . $this->replyto_name . '"' : $this->replyto_name;
116 $val = ($V['organisation']) ? $V['organisation'] : '';
117 $this->organisation = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val, $GLOBALS['TSFE']->renderCharset, $this->charset) : $val;
118 $this->organisation = $this->sanitizeHeaderString($this->organisation);
119
120 $this->from_email = ($V['from_email']) ? $V['from_email'] : (($V['email']) ? $V['email'] : '');
121 $this->from_email = t3lib_div::validEmail($this->from_email) ? $this->from_email : '';
122 $this->replyto_email = ($V['replyto_email']) ? $V['replyto_email'] : $this->from_email;
123 $this->replyto_email = t3lib_div::validEmail($this->replyto_email) ? $this->replyto_email : '';
124 $this->priority = ($V['priority']) ? t3lib_div::intInRange($V['priority'], 1, 5) : 3;
125
126 // auto responder
127 $this->auto_respond_msg = (trim($V['auto_respond_msg']) && $this->from_email) ? trim($V['auto_respond_msg']) : '';
128
129 if ($this->auto_respond_msg !== '') {
130 // Check if the value of the auto responder message has been modified with evil intentions
131 $autoRespondChecksum = $V['auto_respond_checksum'];
132 $correctHmacChecksum = t3lib_div::hmac($this->auto_respond_msg);
133 if ($autoRespondChecksum !== $correctHmacChecksum) {
134 t3lib_div::sysLog('Possible misuse of t3lib_formmail auto respond method. Subject: ' . $V['subject'], 'Core', 3);
135 return;
136 } else {
137 $this->auto_respond_msg = $this->sanitizeHeaderString($this->auto_respond_msg);
138 }
139 }
140
141 $Plain_content = '';
142 $HTML_content = '<table border="0" cellpadding="2" cellspacing="2">';
143
144 // Runs through $V and generates the mail
145 if (is_array($V)) {
146 foreach ($V as $key => $val) {
147 if (!t3lib_div::inList($this->reserved_names, $key)) {
148 $space = (strlen($val) > 60) ? LF : '';
149 $val = (is_array($val) ? implode($val, LF) : $val);
150
151 // convert form data from renderCharset to mail charset (HTML may use entities)
152 $Plain_val = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val, $GLOBALS['TSFE']->renderCharset, $this->charset, 0) : $val;
153 $HTML_val = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv(htmlspecialchars($val), $GLOBALS['TSFE']->renderCharset, $this->charset, 1) : htmlspecialchars($val);
154
155 $Plain_content .= strtoupper($key) . ': ' . $space . $Plain_val . LF . $space;
156 $HTML_content .= '<tr><td bgcolor="#eeeeee"><font face="Verdana" size="1"><strong>' . strtoupper($key) . '</strong></font></td><td bgcolor="#eeeeee"><font face="Verdana" size="1">' . nl2br($HTML_val) . '&nbsp;</font></td></tr>';
157 }
158 }
159 }
160 $HTML_content .= '</table>';
161
162 if ($V['html_enabled']) {
163 $this->setHTML($this->encodeMsg($HTML_content));
164 }
165 $this->addPlain($Plain_content);
166
167 for ($a = 0; $a < 10; $a++) {
168 $varname = 'attachment' . (($a) ? $a : '');
169 if (!isset($_FILES[$varname])) {
170 continue;
171 }
172 if (!is_uploaded_file($_FILES[$varname]['tmp_name'])) {
173 t3lib_div::sysLog('Possible abuse of t3lib_formmail: temporary file "' . $_FILES[$varname]['tmp_name'] . '" ("' . $_FILES[$varname]['name'] . '") was not an uploaded file.', 'Core', 3);
174 }
175 if ($_FILES[$varname]['tmp_name']['error'] !== UPLOAD_ERR_OK) {
176 t3lib_div::sysLog('Error in uploaded file in t3lib_formmail: temporary file "' . $_FILES[$varname]['tmp_name'] . '" ("' . $_FILES[$varname]['name'] . '") Error code: ' . $_FILES[$varname]['tmp_name']['error'], 'Core', 3);
177 }
178 $theFile = t3lib_div::upload_to_tempfile($_FILES[$varname]['tmp_name']);
179 $theName = $_FILES[$varname]['name'];
180
181 if ($theFile && file_exists($theFile)) {
182 if (filesize($theFile) < $GLOBALS['TYPO3_CONF_VARS']['FE']['formmailMaxAttachmentSize']) {
183 $this->addAttachment($theFile, $theName);
184 }
185 }
186 t3lib_div::unlink_tempfile($theFile);
187 }
188
189 $this->setHeaders();
190 $this->setContent();
191 $this->setRecipient($V['recipient']);
192 if ($V['recipient_copy']) {
193 $this->recipient_copy = trim($V['recipient_copy']);
194 }
195 // log dirty header lines
196 if ($this->dirtyHeaders) {
197 t3lib_div::sysLog('Possible misuse of t3lib_formmail: see TYPO3 devLog', 'Core', 3);
198 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG']) {
199 t3lib_div::devLog('t3lib_formmail: ' . t3lib_div::arrayToLogString($this->dirtyHeaders, '', 200), 'Core', 3);
200 }
201 }
202 }
203 }
204
205 /**
206 * Adds an attachment to the mail
207 *
208 * @param string The absolute path to the file to add as attachment
209 * @param string The files original filename (not necessarily the same as the current since this could be uploaded files...)
210 * @return boolean True if the file existed and was added.
211 * @access private
212 */
213 function addAttachment($file, $filename) {
214 $content = $this->getURL($file); // We fetch the content and the mime-type
215 $fileInfo = $this->split_fileref($filename);
216 if ($fileInfo['fileext'] == 'gif') {
217 $content_type = 'image/gif';
218 }
219 if ($fileInfo['fileext'] == 'bmp') {
220 $content_type = 'image/bmp';
221 }
222 if ($fileInfo['fileext'] == 'jpg' || $fileInfo['fileext'] == 'jpeg') {
223 $content_type = 'image/jpeg';
224 }
225 if ($fileInfo['fileext'] == 'html' || $fileInfo['fileext'] == 'htm') {
226 $content_type = 'text/html';
227 }
228 if (!$content_type) {
229 $content_type = 'application/octet-stream';
230 }
231
232 if ($content) {
233 $theArr['content_type'] = $content_type;
234 $theArr['content'] = $content;
235 $theArr['filename'] = $filename;
236 $this->theParts['attach'][] = $theArr;
237 return TRUE;
238 } else {
239 return FALSE;
240 }
241 }
242
243
244 /**
245 * Checks string for suspicious characters
246 *
247 * @param string String to check
248 * @return string Valid or empty string
249 */
250 function sanitizeHeaderString($string) {
251 $pattern = '/[\r\n\f\e]/';
252 if (preg_match($pattern, $string) > 0) {
253 $this->dirtyHeaders[] = $string;
254 $string = '';
255 }
256 return $string;
257 }
258 }
259
260
261 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php']) {
262 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php']);
263 }
264
265 ?>