source: branches/version-2_13-dev/data/module/Mail/sendmail.php @ 23141

Revision 23141, 6.5 KB checked in by m_uehara, 11 years ago (diff)

#2275
影響が大きいため、2.13.0では対応を行わない r23125 r23128 r23133 を差し戻します。

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Id Revision Date
  • Property svn:mime-type set to text/x-httpd-php; charset=UTF-8
Line 
1<?php
2//
3// +----------------------------------------------------------------------+
4// | PHP Version 4                                                        |
5// +----------------------------------------------------------------------+
6// | Copyright (c) 1997-2003 The PHP Group                                |
7// +----------------------------------------------------------------------+
8// | This source file is subject to version 2.02 of the PHP license,      |
9// | that is bundled with this package in the file LICENSE, and is        |
10// | available at through the world-wide-web at                           |
11// | http://www.php.net/license/2_02.txt.                                 |
12// | If you did not receive a copy of the PHP license and are unable to   |
13// | obtain it through the world-wide-web, please send a note to          |
14// | license@php.net so we can mail you a copy immediately.               |
15// +----------------------------------------------------------------------+
16// | Author: Chuck Hagenbuch <chuck@horde.org>                            |
17// +----------------------------------------------------------------------+
18
19/**
20 * Sendmail implementation of the PEAR Mail:: interface.
21 * @access public
22 * @package Mail
23 * @version $Revision$
24 */
25class Mail_sendmail extends Mail {
26
27    /**
28     * The location of the sendmail or sendmail wrapper binary on the
29     * filesystem.
30     * @var string
31     */
32    var $sendmail_path = '/usr/sbin/sendmail';
33
34    /**
35     * Any extra command-line parameters to pass to the sendmail or
36     * sendmail wrapper binary.
37     * @var string
38     */
39    var $sendmail_args = '-i';
40
41    /**
42     * Constructor.
43     *
44     * Instantiates a new Mail_sendmail:: object based on the parameters
45     * passed in. It looks for the following parameters:
46     *     sendmail_path    The location of the sendmail binary on the
47     *                      filesystem. Defaults to '/usr/sbin/sendmail'.
48     *
49     *     sendmail_args    Any extra parameters to pass to the sendmail
50     *                      or sendmail wrapper binary.
51     *
52     * If a parameter is present in the $params array, it replaces the
53     * default.
54     *
55     * @param array $params Hash containing any parameters different from the
56     *              defaults.
57     * @access public
58     */
59    function Mail_sendmail($params)
60    {
61        if (isset($params['sendmail_path'])) {
62            $this->sendmail_path = $params['sendmail_path'];
63        }
64        if (isset($params['sendmail_args'])) {
65            $this->sendmail_args = $params['sendmail_args'];
66        }
67
68        /*
69         * Because we need to pass message headers to the sendmail program on
70         * the commandline, we can't guarantee the use of the standard "\r\n"
71         * separator.  Instead, we use the system's native line separator.
72         */
73        if (defined('PHP_EOL')) {
74            $this->sep = PHP_EOL;
75        } else {
76            $this->sep = (strpos(PHP_OS, 'WIN') === false) ? "\n" : "\r\n";
77        }
78    }
79
80    /**
81     * Implements Mail::send() function using the sendmail
82     * command-line binary.
83     *
84     * @param mixed $recipients Either a comma-seperated list of recipients
85     *              (RFC822 compliant), or an array of recipients,
86     *              each RFC822 valid. This may contain recipients not
87     *              specified in the headers, for Bcc:, resending
88     *              messages, etc.
89     *
90     * @param array $headers The array of headers to send with the mail, in an
91     *              associative array, where the array key is the
92     *              header name (ie, 'Subject'), and the array value
93     *              is the header value (ie, 'test'). The header
94     *              produced from those values would be 'Subject:
95     *              test'.
96     *
97     * @param string $body The full text of the message body, including any
98     *               Mime parts, etc.
99     *
100     * @return mixed Returns true on success, or a PEAR_Error
101     *               containing a descriptive error message on
102     *               failure.
103     * @access public
104     */
105    function send($recipients, $headers, $body)
106    {
107        if (!is_array($headers)) {
108            return PEAR::raiseError('$headers must be an array');
109        }
110
111        $result = $this->_sanitizeHeaders($headers);
112        if (is_a($result, 'PEAR_Error')) {
113            return $result;
114        }
115
116        $recipients = $this->parseRecipients($recipients);
117        if (is_a($recipients, 'PEAR_Error')) {
118            return $recipients;
119        }
120        $recipients = implode(' ', array_map('escapeshellarg', $recipients));
121
122        $headerElements = $this->prepareHeaders($headers);
123        if (is_a($headerElements, 'PEAR_Error')) {
124            return $headerElements;
125        }
126        list($from, $text_headers) = $headerElements;
127
128        /* Since few MTAs are going to allow this header to be forged
129         * unless it's in the MAIL FROM: exchange, we'll use
130         * Return-Path instead of From: if it's set. */
131        if (!empty($headers['Return-Path'])) {
132            $from = $headers['Return-Path'];
133        }
134
135        if (!isset($from)) {
136            return PEAR::raiseError('No from address given.');
137        } elseif (strpos($from, ' ') !== false ||
138                  strpos($from, ';') !== false ||
139                  strpos($from, '&') !== false ||
140                  strpos($from, '`') !== false) {
141            return PEAR::raiseError('From address specified with dangerous characters.');
142        }
143
144        $from = escapeshellarg($from); // Security bug #16200
145
146        $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
147        if (!$mail) {
148            return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');
149        }
150
151        // Write the headers following by two newlines: one to end the headers
152        // section and a second to separate the headers block from the body.
153        fputs($mail, $text_headers . $this->sep . $this->sep);
154
155        fputs($mail, $body);
156        $result = pclose($mail);
157        if (version_compare(phpversion(), '4.2.3') == -1) {
158            // With older php versions, we need to shift the pclose
159            // result to get the exit code.
160            $result = $result >> 8 & 0xFF;
161        }
162
163        if ($result != 0) {
164            return PEAR::raiseError('sendmail returned error code ' . $result,
165                                    $result);
166        }
167
168        return true;
169    }
170
171}
Note: See TracBrowser for help on using the repository browser.