Fixed issue #13670: Performance optimization: change while(list() to foreach() (thank...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_formmail.php
index f1d80e4..ac6b8c8 100644 (file)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2009 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -76,15 +76,15 @@ class t3lib_formmail extends t3lib_htmlmail {
         * This class is able to generate a mail in formmail-style from the data in $V
         * Fields:
         *
-        * [recipient]:         email-adress of the one to receive the mail. If array, then all values are expected to be recipients
+        * [recipient]:                 email-adress of the one to receive the mail. If array, then all values are expected to be recipients
         * [attachment]:                ....
         *
         * [subject]:                   The subject of the mail
         * [from_email]:                Sender email. If not set, [email] is used
-        * [from_name]:         Sender name. If not set, [name] is used
-        * [replyto_email]:     Reply-to email. If not set [from_email] is used
+        * [from_name]:                 Sender name. If not set, [name] is used
+        * [replyto_email]:             Reply-to email. If not set [from_email] is used
         * [replyto_name]:              Reply-to name. If not set [from_name] is used
-        * [organisation]:              Organisation (header)
+        * [organisation]:              Organization (header)
         * [priority]:                  Priority, 1-5, default 3
         * [html_enabled]:              If mail is sent as html
         * [use_base64]:                If set, base64 encoding will be used instead of quoted-printable
@@ -114,14 +114,14 @@ class t3lib_formmail extends t3lib_htmlmail {
                        $val = ($V['subject']) ? $V['subject'] : 'Formmail on '.t3lib_div::getIndpEnv('HTTP_HOST');
                        $this->subject = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
                        $this->subject = $this->sanitizeHeaderString($this->subject);
-                       $val = ($V['from_name']) ? $V['from_name'] : (($V['name'])?$V['name']:'');
+                       $val = ($V['from_name']) ? $V['from_name'] : (($V['name'])?$V['name']:'');      // Be careful when changing $val! It is used again as the fallback value for replyto_name
                        $this->from_name = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
                        $this->from_name = $this->sanitizeHeaderString($this->from_name);
                        $this->from_name = preg_match( '/\s|,/', $this->from_name ) >= 1 ? '"'.$this->from_name.'"' : $this->from_name;
-                       $val = ($V['replyto_name']) ? $V['replyto_name'] : $this->from_name;
+                       $val = ($V['replyto_name']) ? $V['replyto_name'] : $val;
                        $this->replyto_name = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
                        $this->replyto_name = $this->sanitizeHeaderString($this->replyto_name);
-                       $this->replyto_name = preg_match( '/\s|,/', $this->replyto_name ) > 1 ? '"'.$this->replyto_name.'"' : $this->replyto_name;
+                       $this->replyto_name = preg_match( '/\s|,/', $this->replyto_name ) >= 1 ? '"'.$this->replyto_name.'"' : $this->replyto_name;
                        $val = ($V['organisation']) ? $V['organisation'] : '';
                        $this->organisation = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset) : $val;
                        $this->organisation = $this->sanitizeHeaderString($this->organisation);
@@ -141,17 +141,16 @@ class t3lib_formmail extends t3lib_htmlmail {
 
                                // Runs through $V and generates the mail
                        if (is_array($V))       {
-                               reset($V);
-                               while (list($key,$val)=each($V))        {
+                               foreach ($V as $key => $val) {
                                        if (!t3lib_div::inList($this->reserved_names,$key))     {
-                                               $space = (strlen($val)>60)?chr(10):'';
-                                               $val = (is_array($val) ? implode($val,chr(10)) : $val);
+                                               $space = (strlen($val)>60)?LF:'';
+                                               $val = (is_array($val) ? implode($val,LF) : $val);
 
                                                        // convert form data from renderCharset to mail charset (HTML may use entities)
                                                $Plain_val = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv($val,$GLOBALS['TSFE']->renderCharset,$this->charset,0) : $val;
                                                $HTML_val = ($convCharset && strlen($val)) ? $GLOBALS['TSFE']->csConvObj->conv(htmlspecialchars($val),$GLOBALS['TSFE']->renderCharset,$this->charset,1) : htmlspecialchars($val);
 
-                                               $Plain_content.= strtoupper($key).':  '.$space.$Plain_val."\n".$space;
+                                               $Plain_content.= strtoupper($key).':  '.$space.$Plain_val.LF.$space;
                                                $HTML_content.= '<tr><td bgcolor="#eeeeee"><font face="Verdana" size="1"><b>'.strtoupper($key).'</b></font></td><td bgcolor="#eeeeee"><font face="Verdana" size="1">'.nl2br($HTML_val).'&nbsp;</font></td></tr>';
                                        }
                                }
@@ -165,11 +164,20 @@ class t3lib_formmail extends t3lib_htmlmail {
 
                        for ($a=0;$a<10;$a++)   {
                                $varname = 'attachment'.(($a)?$a:'');
+                               if (!isset($_FILES[$varname])) {
+                                       continue;
+                               }
+                               if (!is_uploaded_file($_FILES[$varname]['tmp_name'])) {
+                                       t3lib_div::sysLog('Possible abuse of t3lib_formmail: temporary file "'.$_FILES[$varname]['tmp_name'].'" ("'.$_FILES[$varname]['name'].'") was not an uploaded file.', 'Core', 3);
+                               }
+                               if ($_FILES[$varname]['tmp_name']['error'] !== UPLOAD_ERR_OK) {
+                                       t3lib_div::sysLog('Error in uploaded file in t3lib_formmail: temporary file "'.$_FILES[$varname]['tmp_name'].'" ("'.$_FILES[$varname]['name'].'") Error code: '.$_FILES[$varname]['tmp_name']['error'], 'Core', 3);
+                               }
                                $theFile = t3lib_div::upload_to_tempfile($_FILES[$varname]['tmp_name']);
                                $theName = $_FILES[$varname]['name'];
 
-                               if ($theFile && @file_exists($theFile)) {
-                                       if (filesize($theFile) < 250000)        {
+                               if ($theFile && file_exists($theFile))  {
+                                       if (filesize($theFile) < $GLOBALS['TYPO3_CONF_VARS']['FE']['formmailMaxAttachmentSize'])        {
                                                $this->addAttachment($theFile, $theName);
                                        }
                                }
@@ -239,4 +247,5 @@ class t3lib_formmail extends t3lib_htmlmail {
 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php']) {
        include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_formmail.php']);
 }
-?>
+
+?>
\ No newline at end of file