function MakeMimeMail(&$s_body, &$a_headers, $a_raw_fields, $s_template = "", $s_missing = NULL, $b_no_plain = false, $s_filter = "", $a_file_vars = array(), $a_attach_spec = array(), $b_process_template = true)
{
global $FM_VERS, $aPHPVERSION;
global $SPECIAL_VALUES, $FILE_REPOSITORY;
$s_charset = GetMailOption("CharSet");
if (!isset($s_charset)) {
$s_charset = "ISO-8859-1";
}
$b_att = $b_html = false;
$b_got_filter = isset($s_filter) && !empty($s_filter);
if (isset($s_template) && !empty($s_template)) {
//
// need PHP 4.0.5 for the preg_replace_callback function
//
if (!IsPHPAtLeast("4.0.5")) {
SendAlert(GetMessage(MSG_PHP_HTML_TEMPLATES, array("PHPVERS" => implode(".", $aPHPVERSION))));
return false;
}
$b_html = true;
}
if (count($a_file_vars) > 0) {
if (!IsPHPAtLeast("4.0.3")) {
SendAlert(GetMessage(MSG_PHP_FILE_UPLOADS, array("PHPVERS" => implode(".", $aPHPVERSION))));
return false;
}
if (!FILEUPLOADS) {
SendAlert(GetMessage(MSG_FILE_UPLOAD));
} elseif ($FILE_REPOSITORY === "" || IsMailOptionSet("AlwaysEmailFiles")) {
foreach ($a_file_vars as $a_upload) {
//
// One customer reported:
// Possible file upload attack detected: name='' temp name='none'
// on PHP 4.1.2 on RAQ4.
// So, we now also test for "name".
//
if (isset($a_upload["tmp_name"]) && !empty($a_upload["tmp_name"]) && isset($a_upload["name"]) && !empty($a_upload["name"])) {
$b_att = true;
break;
}
}
}
}
//
// check for an internally-generated attachment
//
if (isset($a_attach_spec["Data"])) {
$b_att = true;
}
$s_uniq = md5($s_body);
$s_body_boundary = "BODY{$s_uniq}";
$s_att_boundary = "PART{$s_uniq}";
$a_headers['MIME-Version'] = "1.0 (produced by FormMail {$FM_VERS} from www.tectite.com)";
//
// if the filter strips formatting, then we'll only have plain text
// to send, even after the template has been used
//
if ($b_got_filter && IsFilterAttribSet($s_filter, "Strips")) {
//
// no HTML if the filter strips the formatting
//
$b_html = false;
}
$a_new = array();
if ($b_att) {
$a_headers['Content-Type'] = "multipart/mixed; boundary=\"{$s_att_boundary}\"";
MimePreamble($a_new);
//
// add the body of the email
//
$a_new[] = "--{$s_att_boundary}" . HEAD_CRLF;
if ($b_html) {
$a_lines = $a_local_headers = array();
if (!HTMLMail($a_lines, $a_local_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_process_template)) {
return false;
}
$a_new = array_merge($a_new, ExpandMailHeadersArray($a_local_headers));
$a_new[] = HEAD_CRLF;
// blank line after header
$a_new = array_merge($a_new, $a_lines);
} else {
$a_new[] = "Content-Type: text/plain; charset={$s_charset}" . HEAD_CRLF;
$a_new[] = HEAD_CRLF;
// blank line
//
// treat the body like one line, even though it isn't
//
$a_new[] = $s_body;
}
//
// now add the attachments or save to the $FILE_REPOSITORY
//
if (FILEUPLOADS && ($FILE_REPOSITORY === "" || IsMailOptionSet("AlwaysEmailFiles"))) {
foreach ($a_file_vars as $m_file_key => $a_upload) {
//
// One customer reported:
// Possible file upload attack detected: name='' temp name='none'
// on PHP 4.1.2 on RAQ4.
// So, we now also test for "name".
//
if (!isset($a_upload["tmp_name"]) || empty($a_upload["tmp_name"]) || !isset($a_upload["name"]) || empty($a_upload["name"])) {
continue;
}
if (!IsUploadedFile($a_upload)) {
SendAlert(GetMessage(MSG_FILE_UPLOAD_ATTACK, array("NAME" => $a_upload["name"], "TEMP" => $a_upload["tmp_name"], "FLD" => $m_file_key)));
continue;
}
if (MAX_FILE_UPLOAD_SIZE != 0 && $a_upload["size"] > MAX_FILE_UPLOAD_SIZE * 1024) {
UserError("upload_size", GetMessage(MSG_FILE_UPLOAD_SIZE, array("NAME" => $a_upload["name"], "SIZE" => $a_upload["size"], "MAX" => MAX_FILE_UPLOAD_SIZE)));
}
if (!AttachFile($a_new, $s_att_boundary, $a_upload, $s_charset, $FILE_REPOSITORY === "" ? true : false)) {
return false;
}
}
}
if (isset($a_attach_spec["Data"])) {
//
// build a specification similar to a file upload
//
$a_file_spec["name"] = isset($a_attach_spec["Name"]) ? $a_attach_spec["Name"] : "attachment.dat";
$a_file_spec["type"] = isset($a_attach_spec["MIME"]) ? $a_attach_spec["MIME"] : "text/plain";
$a_file_spec["data"] = $a_attach_spec["Data"];
if (!AttachFile($a_new, $s_att_boundary, $a_file_spec, isset($a_attach_spec["CharSet"]) ? $a_attach_spec["CharSet"] : $s_charset)) {
return false;
}
}
$a_new[] = "--{$s_att_boundary}--" . HEAD_CRLF;
// the end
$a_new[] = HEAD_CRLF;
// blank line
} elseif ($b_html) {
if (!HTMLMail($a_new, $a_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_process_template)) {
return false;
}
} else {
$a_headers['Content-Type'] = SafeHeader("text/plain; charset={$s_charset}");
//
// treat the body like one line, even though it isn't
//
$a_new[] = $s_body;
}
$s_body = JoinLines(BODY_LF, $a_new);
return true;
}
function MakeMimeMail(&$s_body, &$a_headers, $a_raw_fields, $s_template = "", $s_missing = NULL, $b_no_plain = false, $s_filter = "", $a_file_vars = array(), $a_attach_spec = array())
{
global $FM_VERS, $aPHPVERSION;
global $SPECIAL_VALUES, $FILTER_ATTRIBS;
$s_charset = GetMailOption("CharSet");
if (!isset($s_charset)) {
$s_charset = "ISO-8859-1";
}
$b_att = $b_html = false;
$b_got_filter = isset($s_filter) && !empty($s_filter);
if (isset($s_template) && !empty($s_template)) {
//
// need PHP 4.0.5 for the preg_replace_callback function
//
if (!IsPHPAtLeast("4.0.5")) {
SendAlert("HTMLTemplate option is only supported with PHP version " . "4.0.5 or above. Your server is running version " . implode(".", $aPHPVERSION));
return false;
}
$b_html = true;
}
if (count($a_file_vars) > 0) {
if (!IsPHPAtLeast("4.0.3")) {
SendAlert("For security reasons, file upload is only allowed with PHP version " . "4.0.3 or above. Your server is running version " . implode(".", $aPHPVERSION));
return false;
}
if (!FILEUPLOADS) {
SendAlert("File upload attempt ignored");
} else {
foreach ($a_file_vars as $a_upload) {
if (isset($a_upload['tmp_name']) && !empty($a_upload['tmp_name'])) {
$b_att = true;
break;
}
}
}
}
//
// check for an internally-generated attachment
//
if (isset($a_attach_spec["Data"])) {
$b_att = true;
}
$s_uniq = md5($s_body);
$s_body_boundary = "BODY{$s_uniq}";
$s_att_boundary = "PART{$s_uniq}";
$a_headers['MIME-Version'] = "1.0 (produced by FormMail {$FM_VERS} from www.tectite.com)";
//
// if the filter strips formatting, then we'll only have plain text
// to send, even after the template has been used
//
if ($b_got_filter && IsFilterAttribSet($s_filter, "Strips")) {
//
// no HTML if the filter strips the formatting
//
$b_html = false;
}
$a_new = array();
if ($b_att) {
$a_headers['Content-Type'] = "multipart/mixed; boundary=\"{$s_att_boundary}\"";
MimePreamble($a_new);
//
// add the body of the email
//
$a_new[] = "--{$s_att_boundary}" . HEAD_CRLF;
if ($b_html) {
$a_lines = $a_local_headers = array();
if (!HTMLMail($a_lines, $a_local_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_body_filtered)) {
return false;
}
$a_new = array_merge($a_new, ExpandMailHeadersArray($a_local_headers));
$a_new[] = HEAD_CRLF;
// blank line after header
$a_new = array_merge($a_new, $a_lines);
} else {
$a_new[] = "Content-Type: text/plain; charset={$s_charset}" . HEAD_CRLF;
$a_new[] = HEAD_CRLF;
// blank line
//
// treat the body like one line, even though it isn't
//
$a_new[] = $s_body;
}
//
// now add the attachments
//
if (FILEUPLOADS) {
foreach ($a_file_vars as $a_upload) {
if (!isset($a_upload['tmp_name']) || empty($a_upload['tmp_name'])) {
continue;
}
if (!is_uploaded_file($a_upload['tmp_name'])) {
SendAlert("Possible file upload attack detected: name='" . $a_upload['name'] . "' temp name='" . $a_upload['tmp_name'] . "'");
continue;
}
if (!AttachFile($a_new, $s_att_boundary, $a_upload, $s_charset)) {
return false;
}
}
}
if (isset($a_attach_spec["Data"])) {
//
// build a specification similar to a file upload
//
$a_file_spec["name"] = isset($a_attach_spec["Name"]) ? $a_attach_spec["Name"] : "attachment.dat";
$a_file_spec["type"] = isset($a_attach_spec["MIME"]) ? $a_attach_spec["MIME"] : "text/plain";
$a_file_spec["data"] = $a_attach_spec["Data"];
if (!AttachFile($a_new, $s_att_boundary, $a_file_spec, isset($a_attach_spec["CharSet"]) ? $a_attach_spec["CharSet"] : $s_charset)) {
return false;
}
}
$a_new[] = "--{$s_att_boundary}--" . HEAD_CRLF;
// the end
$a_new[] = HEAD_CRLF;
// blank line
} elseif ($b_html) {
if (!HTMLMail($a_new, $a_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_body_filtered)) {
return false;
}
} else {
$a_headers['Content-Type'] = "text/plain; charset={$s_charset}";
//
// treat the body like one line, even though it isn't
//
$a_new[] = $s_body;
}
$s_body = JoinLines(BODY_LF, $a_new);
return true;
}
