From 93839b00458bc30cf311d693b6c0e35a4700165b Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Fri, 13 Jul 2007 05:00:49 +0000 Subject: [PATCH] In mail.php, we don't want to double encode fields so in send() create local variables instead of using object properties --- mail.php | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/mail.php b/mail.php index e78cb41..17be8a0 100644 --- a/mail.php +++ b/mail.php @@ -257,43 +257,43 @@ class Mail $tostring = ($name == null ? $address : "\"$name\" <$address>"); // sanitize the from field - $this->from = $this->_fetch_first_line($this->from); - $this->from = trim($this->registry->unsanitize($this->from)); + $from = $this->_fetch_first_line($this->from); + $from = trim($this->registry->unsanitize($from)); // sanitize the from name - $this->fromname = $this->_fetch_first_line($this->fromname); - $this->fromname = ($this->fromname == '' ? $this->from : trim($this->registry->unsanitize($this->fromname))); - $this->fromname = $this->_encodeHeaderValue($this->fromname); + $fromname = $this->_fetch_first_line($this->fromname); + $fromname = ($fromname == '' ? $from : trim($this->registry->unsanitize($fromname))); + $fromname = $this->_encodeHeaderValue($this->fromname); // sanitize the subject - $this->subject = $this->_fetch_first_line($this->subject); - $this->subject = trim($this->registry->unsanitize($this->subject)); - $this->subject = $this->_encodeHeaderValue($this->subject); + $subject = $this->_fetch_first_line($this->subject); + $subject = trim($this->registry->unsanitize($subject)); + $subject = $this->_encodeHeaderValue($subject); // sanitize the body - $this->bodytext = $this->registry->modules['functions']->convert_line_breaks($this->bodytext, $this->delim); - $this->bodytext = trim($this->registry->unsanitize($this->bodytext, true)); + $bodytext = $this->registry->modules['functions']->convert_line_breaks($this->bodytext, $this->delim); + $bodytext = trim($this->registry->unsanitize($bodytext, true)); // attach additional headers $headers = $this->registry->modules['functions']->convert_line_breaks($this->headers, $this->delim); - $headers .= ((!preg_match("#{$this->delim}$#", $headers) AND $headers != '') ? "\n" : '') . "From: \"{$this->fromname}\" <{$this->from}>" . $this->delim; - $headers .= "Return-Path: {$this->from}" . $this->delim; + $headers .= ((!preg_match("#{$this->delim}$#", $headers) AND $headers != '') ? "\n" : '') . "From: \"{$fromname}\" <{$from}>" . $this->delim; + $headers .= "Return-Path: {$from}" . $this->delim; $headers .= "X-Mailer: ISSO Mail Framework \$Revision$" . $this->delim; $headers .= "MIME-Version: 1.0" . $this->delim; // see if we need to use mime/multipart - if ($sendhtml AND !empty($this->bodyhtml) == true) + if ($sendhtml AND !empty($bodyhtml) == true) { $boundary = 'ISSO-MULTIPART-' . $this->registry->modules['functions']->rand(10); $headers .= "Content-Type: multipart/alternative; boundary=\"$boundary\"" . $this->delim; - $this->bodyhtml = $this->registry->modules['functions']->convert_line_breaks($this->bodyhtml, $this->delim); + $bodyhtml = $this->registry->modules['functions']->convert_line_breaks($this->bodyhtml, $this->delim); // first part of the message (plaintext) $body = "--$boundary" . $this->delim; $body .= "Content-Type: text/plain; charset=\"" . $this->charset . "\"" . $this->delim; $body .= "Content-Transfer-Encoding: 8bit" . $this->delim . $this->delim; - $body .= $this->bodytext . $this->delim; + $body .= $bodytext . $this->delim; // add some space between the parts $body .= $this->delim . $this->delim . $this->delim; @@ -303,20 +303,20 @@ class Mail $body .= "Content-Type: text/html; charset=\"" . $this->charset . "\"" . $this->delim; $body .= "Content-Transfer-Encoding: 8bit" . $this->delim; $body .= "Content-Disposition: inline" . $this->delim . $this->delim; - $body .= $this->bodyhtml . $this->delim; + $body .= $bodyhtml . $this->delim; $body .= "--$boundary--"; } else { $headers .= "Content-Type: text/plain; charset=\"" . $this->charset . "\"" . $this->delim; - $body = $this->bodytext; + $body = $bodytext; } $headers .= "Content-Transfer-Encoding: 8bit" . $this->delim; $headers = trim($headers); // attempt to send the mail! - if (mail($tostring, $this->subject, $body, $headers, "-f {$this->from}")) + if (mail($tostring, $subject, $body, $headers, "-f {$from}")) { $this->registry->debug("email: sent to $address"); } @@ -354,6 +354,11 @@ class Mail */ function _encodeHeaderValue($text) { + if (preg_match('#[^a-zA-Z0-9\+\-\*!/]#', $text) == 0) + { + return $text; + } + // perform this on non-ASCII characters; excluding _ and = because we want them to be encoded as they have // different meanings in mail messages $text = preg_replace('#([^a-zA-Z0-9\+\-\*!/])#e', '"=" . strtoupper(dechex(ord("\\1")))', $text); -- 2.43.5