コード例 #1
0
function MakeMimeMail(&$s_body, &$a_headers, $a_raw_fields, $s_template = "", $s_missing = NULL, $b_no_plain = false, $s_filter = "", $a_file_vars = array(), $a_attach_spec = array(), $b_process_template = true)
{
    global $FM_VERS, $aPHPVERSION;
    global $SPECIAL_VALUES, $FILE_REPOSITORY;
    $s_charset = GetMailOption("CharSet");
    if (!isset($s_charset)) {
        $s_charset = "ISO-8859-1";
    }
    $b_att = $b_html = false;
    $b_got_filter = isset($s_filter) && !empty($s_filter);
    if (isset($s_template) && !empty($s_template)) {
        //
        // need PHP 4.0.5 for the preg_replace_callback function
        //
        if (!IsPHPAtLeast("4.0.5")) {
            SendAlert(GetMessage(MSG_PHP_HTML_TEMPLATES, array("PHPVERS" => implode(".", $aPHPVERSION))));
            return false;
        }
        $b_html = true;
    }
    if (count($a_file_vars) > 0) {
        if (!IsPHPAtLeast("4.0.3")) {
            SendAlert(GetMessage(MSG_PHP_FILE_UPLOADS, array("PHPVERS" => implode(".", $aPHPVERSION))));
            return false;
        }
        if (!FILEUPLOADS) {
            SendAlert(GetMessage(MSG_FILE_UPLOAD));
        } elseif ($FILE_REPOSITORY === "" || IsMailOptionSet("AlwaysEmailFiles")) {
            foreach ($a_file_vars as $a_upload) {
                //
                // One customer reported:
                //  Possible file upload attack detected: name='' temp name='none'
                // on PHP 4.1.2 on RAQ4.
                // So, we now also test for "name".
                //
                if (isset($a_upload["tmp_name"]) && !empty($a_upload["tmp_name"]) && isset($a_upload["name"]) && !empty($a_upload["name"])) {
                    $b_att = true;
                    break;
                }
            }
        }
    }
    //
    // check for an internally-generated attachment
    //
    if (isset($a_attach_spec["Data"])) {
        $b_att = true;
    }
    $s_uniq = md5($s_body);
    $s_body_boundary = "BODY{$s_uniq}";
    $s_att_boundary = "PART{$s_uniq}";
    $a_headers['MIME-Version'] = "1.0 (produced by FormMail {$FM_VERS} from www.tectite.com)";
    //
    // if the filter strips formatting, then we'll only have plain text
    // to send, even after the template has been used
    //
    if ($b_got_filter && IsFilterAttribSet($s_filter, "Strips")) {
        //
        // no HTML if the filter strips the formatting
        //
        $b_html = false;
    }
    $a_new = array();
    if ($b_att) {
        $a_headers['Content-Type'] = "multipart/mixed; boundary=\"{$s_att_boundary}\"";
        MimePreamble($a_new);
        //
        // add the body of the email
        //
        $a_new[] = "--{$s_att_boundary}" . HEAD_CRLF;
        if ($b_html) {
            $a_lines = $a_local_headers = array();
            if (!HTMLMail($a_lines, $a_local_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_process_template)) {
                return false;
            }
            $a_new = array_merge($a_new, ExpandMailHeadersArray($a_local_headers));
            $a_new[] = HEAD_CRLF;
            // blank line after header
            $a_new = array_merge($a_new, $a_lines);
        } else {
            $a_new[] = "Content-Type: text/plain; charset={$s_charset}" . HEAD_CRLF;
            $a_new[] = HEAD_CRLF;
            // blank line
            //
            // treat the body like one line, even though it isn't
            //
            $a_new[] = $s_body;
        }
        //
        // now add the attachments or save to the $FILE_REPOSITORY
        //
        if (FILEUPLOADS && ($FILE_REPOSITORY === "" || IsMailOptionSet("AlwaysEmailFiles"))) {
            foreach ($a_file_vars as $m_file_key => $a_upload) {
                //
                // One customer reported:
                //  Possible file upload attack detected: name='' temp name='none'
                // on PHP 4.1.2 on RAQ4.
                // So, we now also test for "name".
                //
                if (!isset($a_upload["tmp_name"]) || empty($a_upload["tmp_name"]) || !isset($a_upload["name"]) || empty($a_upload["name"])) {
                    continue;
                }
                if (!IsUploadedFile($a_upload)) {
                    SendAlert(GetMessage(MSG_FILE_UPLOAD_ATTACK, array("NAME" => $a_upload["name"], "TEMP" => $a_upload["tmp_name"], "FLD" => $m_file_key)));
                    continue;
                }
                if (MAX_FILE_UPLOAD_SIZE != 0 && $a_upload["size"] > MAX_FILE_UPLOAD_SIZE * 1024) {
                    UserError("upload_size", GetMessage(MSG_FILE_UPLOAD_SIZE, array("NAME" => $a_upload["name"], "SIZE" => $a_upload["size"], "MAX" => MAX_FILE_UPLOAD_SIZE)));
                }
                if (!AttachFile($a_new, $s_att_boundary, $a_upload, $s_charset, $FILE_REPOSITORY === "" ? true : false)) {
                    return false;
                }
            }
        }
        if (isset($a_attach_spec["Data"])) {
            //
            // build a specification similar to a file upload
            //
            $a_file_spec["name"] = isset($a_attach_spec["Name"]) ? $a_attach_spec["Name"] : "attachment.dat";
            $a_file_spec["type"] = isset($a_attach_spec["MIME"]) ? $a_attach_spec["MIME"] : "text/plain";
            $a_file_spec["data"] = $a_attach_spec["Data"];
            if (!AttachFile($a_new, $s_att_boundary, $a_file_spec, isset($a_attach_spec["CharSet"]) ? $a_attach_spec["CharSet"] : $s_charset)) {
                return false;
            }
        }
        $a_new[] = "--{$s_att_boundary}--" . HEAD_CRLF;
        // the end
        $a_new[] = HEAD_CRLF;
        // blank line
    } elseif ($b_html) {
        if (!HTMLMail($a_new, $a_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_process_template)) {
            return false;
        }
    } else {
        $a_headers['Content-Type'] = SafeHeader("text/plain; charset={$s_charset}");
        //
        // treat the body like one line, even though it isn't
        //
        $a_new[] = $s_body;
    }
    $s_body = JoinLines(BODY_LF, $a_new);
    return true;
}
コード例 #2
0
ファイル: queryml.php プロジェクト: sjlu/network-generations
function MakeMimeMail(&$s_body, &$a_headers, $a_raw_fields, $s_template = "", $s_missing = NULL, $b_no_plain = false, $s_filter = "", $a_file_vars = array(), $a_attach_spec = array())
{
    global $FM_VERS, $aPHPVERSION;
    global $SPECIAL_VALUES, $FILTER_ATTRIBS;
    $s_charset = GetMailOption("CharSet");
    if (!isset($s_charset)) {
        $s_charset = "ISO-8859-1";
    }
    $b_att = $b_html = false;
    $b_got_filter = isset($s_filter) && !empty($s_filter);
    if (isset($s_template) && !empty($s_template)) {
        //
        // need PHP 4.0.5 for the preg_replace_callback function
        //
        if (!IsPHPAtLeast("4.0.5")) {
            SendAlert("HTMLTemplate option is only supported with PHP version " . "4.0.5 or above.  Your server is running version " . implode(".", $aPHPVERSION));
            return false;
        }
        $b_html = true;
    }
    if (count($a_file_vars) > 0) {
        if (!IsPHPAtLeast("4.0.3")) {
            SendAlert("For security reasons, file upload is only allowed with PHP version " . "4.0.3 or above.  Your server is running version " . implode(".", $aPHPVERSION));
            return false;
        }
        if (!FILEUPLOADS) {
            SendAlert("File upload attempt ignored");
        } else {
            foreach ($a_file_vars as $a_upload) {
                if (isset($a_upload['tmp_name']) && !empty($a_upload['tmp_name'])) {
                    $b_att = true;
                    break;
                }
            }
        }
    }
    //
    // check for an internally-generated attachment
    //
    if (isset($a_attach_spec["Data"])) {
        $b_att = true;
    }
    $s_uniq = md5($s_body);
    $s_body_boundary = "BODY{$s_uniq}";
    $s_att_boundary = "PART{$s_uniq}";
    $a_headers['MIME-Version'] = "1.0 (produced by FormMail {$FM_VERS} from www.tectite.com)";
    //
    // if the filter strips formatting, then we'll only have plain text
    // to send, even after the template has been used
    //
    if ($b_got_filter && IsFilterAttribSet($s_filter, "Strips")) {
        //
        // no HTML if the filter strips the formatting
        //
        $b_html = false;
    }
    $a_new = array();
    if ($b_att) {
        $a_headers['Content-Type'] = "multipart/mixed; boundary=\"{$s_att_boundary}\"";
        MimePreamble($a_new);
        //
        // add the body of the email
        //
        $a_new[] = "--{$s_att_boundary}" . HEAD_CRLF;
        if ($b_html) {
            $a_lines = $a_local_headers = array();
            if (!HTMLMail($a_lines, $a_local_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_body_filtered)) {
                return false;
            }
            $a_new = array_merge($a_new, ExpandMailHeadersArray($a_local_headers));
            $a_new[] = HEAD_CRLF;
            // blank line after header
            $a_new = array_merge($a_new, $a_lines);
        } else {
            $a_new[] = "Content-Type: text/plain; charset={$s_charset}" . HEAD_CRLF;
            $a_new[] = HEAD_CRLF;
            // blank line
            //
            // treat the body like one line, even though it isn't
            //
            $a_new[] = $s_body;
        }
        //
        // now add the attachments
        //
        if (FILEUPLOADS) {
            foreach ($a_file_vars as $a_upload) {
                if (!isset($a_upload['tmp_name']) || empty($a_upload['tmp_name'])) {
                    continue;
                }
                if (!is_uploaded_file($a_upload['tmp_name'])) {
                    SendAlert("Possible file upload attack detected: name='" . $a_upload['name'] . "' temp name='" . $a_upload['tmp_name'] . "'");
                    continue;
                }
                if (!AttachFile($a_new, $s_att_boundary, $a_upload, $s_charset)) {
                    return false;
                }
            }
        }
        if (isset($a_attach_spec["Data"])) {
            //
            // build a specification similar to a file upload
            //
            $a_file_spec["name"] = isset($a_attach_spec["Name"]) ? $a_attach_spec["Name"] : "attachment.dat";
            $a_file_spec["type"] = isset($a_attach_spec["MIME"]) ? $a_attach_spec["MIME"] : "text/plain";
            $a_file_spec["data"] = $a_attach_spec["Data"];
            if (!AttachFile($a_new, $s_att_boundary, $a_file_spec, isset($a_attach_spec["CharSet"]) ? $a_attach_spec["CharSet"] : $s_charset)) {
                return false;
            }
        }
        $a_new[] = "--{$s_att_boundary}--" . HEAD_CRLF;
        // the end
        $a_new[] = HEAD_CRLF;
        // blank line
    } elseif ($b_html) {
        if (!HTMLMail($a_new, $a_headers, $s_body, $s_template, $s_missing, $b_got_filter ? $s_filter : "", $s_body_boundary, $a_raw_fields, $b_no_plain, $b_body_filtered)) {
            return false;
        }
    } else {
        $a_headers['Content-Type'] = "text/plain; charset={$s_charset}";
        //
        // treat the body like one line, even though it isn't
        //
        $a_new[] = $s_body;
    }
    $s_body = JoinLines(BODY_LF, $a_new);
    return true;
}