PageRenderTime 37ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/libraries/joomla/mail/helper.php

https://bitbucket.org/izubizarreta/https-bitbucket.org-bityvip-alpes
PHP | 182 lines | 79 code | 17 blank | 86 comment | 13 complexity | b3e09483978dde18d1eb0929cf8155ae MD5 | raw file
Possible License(s): GPL-2.0, BSD-3-Clause, LGPL-2.1, MIT, LGPL-3.0, LGPL-2.0, JSON
  1. <?php
  2. /**
  3. * @package Joomla.Platform
  4. * @subpackage Mail
  5. *
  6. * @copyright Copyright (C) 2005 - 2012 Open Source Matters, Inc. All rights reserved.
  7. * @license GNU General Public License version 2 or later; see LICENSE
  8. */
  9. defined('JPATH_PLATFORM') or die;
  10. /**
  11. * Email helper class, provides static methods to perform various tasks relevant
  12. * to the Joomla email routines.
  13. *
  14. * TODO: Test these methods as the regex work is first run and not tested thoroughly
  15. *
  16. * @package Joomla.Platform
  17. * @subpackage Mail
  18. * @since 11.1
  19. */
  20. abstract class JMailHelper
  21. {
  22. /**
  23. * Cleans single line inputs.
  24. *
  25. * @param string $value String to be cleaned.
  26. *
  27. * @return string Cleaned string.
  28. *
  29. * @since 11.1
  30. */
  31. public static function cleanLine($value)
  32. {
  33. return trim(preg_replace('/(%0A|%0D|\n+|\r+)/i', '', $value));
  34. }
  35. /**
  36. * Cleans multi-line inputs.
  37. *
  38. * @param string $value Multi-line string to be cleaned.
  39. *
  40. * @return string Cleaned multi-line string.
  41. *
  42. * @since 11.1
  43. */
  44. public static function cleanText($value)
  45. {
  46. return trim(preg_replace('/(%0A|%0D|\n+|\r+)(content-type:|to:|cc:|bcc:)/i', '', $value));
  47. }
  48. /**
  49. * Cleans any injected headers from the email body.
  50. *
  51. * @param string $body email body string.
  52. *
  53. * @return string Cleaned email body string.
  54. *
  55. * @since 11.1
  56. */
  57. public static function cleanBody($body)
  58. {
  59. // Strip all email headers from a string
  60. return preg_replace("/((From:|To:|Cc:|Bcc:|Subject:|Content-type:) ([\S]+))/", "", $body);
  61. }
  62. /**
  63. * Cleans any injected headers from the subject string.
  64. *
  65. * @param string $subject email subject string.
  66. *
  67. * @return string Cleaned email subject string.
  68. *
  69. * @since 11.1
  70. */
  71. public static function cleanSubject($subject)
  72. {
  73. return preg_replace("/((From:|To:|Cc:|Bcc:|Content-type:) ([\S]+))/", "", $subject);
  74. }
  75. /**
  76. * Verifies that an email address does not have any extra headers injected into it.
  77. *
  78. * @param string $address email address.
  79. *
  80. * @return mixed email address string or boolean false if injected headers are present.
  81. *
  82. * @since 11.1
  83. */
  84. public static function cleanAddress($address)
  85. {
  86. if (preg_match("[\s;,]", $address))
  87. {
  88. return false;
  89. }
  90. return $address;
  91. }
  92. /**
  93. * Verifies that the string is in a proper email address format.
  94. *
  95. * @param string $email String to be verified.
  96. *
  97. * @return boolean True if string has the correct format; false otherwise.
  98. *
  99. * @since 11.1
  100. */
  101. public static function isEmailAddress($email)
  102. {
  103. // Split the email into a local and domain
  104. $atIndex = strrpos($email, "@");
  105. $domain = substr($email, $atIndex + 1);
  106. $local = substr($email, 0, $atIndex);
  107. // Check Length of domain
  108. $domainLen = strlen($domain);
  109. if ($domainLen < 1 || $domainLen > 255)
  110. {
  111. return false;
  112. }
  113. /*
  114. * Check the local address
  115. * We're a bit more conservative about what constitutes a "legal" address, that is, A-Za-z0-9!#$%&\'*+/=?^_`{|}~-
  116. * Also, the last character in local cannot be a period ('.')
  117. */
  118. $allowed = 'A-Za-z0-9!#&*+=?_-';
  119. $regex = "/^[$allowed][\.$allowed]{0,63}$/";
  120. if (!preg_match($regex, $local) || substr($local, -1) == '.')
  121. {
  122. return false;
  123. }
  124. // No problem if the domain looks like an IP address, ish
  125. $regex = '/^[0-9\.]+$/';
  126. if (preg_match($regex, $domain))
  127. {
  128. return true;
  129. }
  130. // Check Lengths
  131. $localLen = strlen($local);
  132. if ($localLen < 1 || $localLen > 64)
  133. {
  134. return false;
  135. }
  136. // Check the domain
  137. $domain_array = explode(".", rtrim($domain, '.'));
  138. $regex = '/^[A-Za-z0-9-]{0,63}$/';
  139. foreach ($domain_array as $domain)
  140. {
  141. // Must be something
  142. if (!$domain)
  143. {
  144. return false;
  145. }
  146. // Check for invalid characters
  147. if (!preg_match($regex, $domain))
  148. {
  149. return false;
  150. }
  151. // Check for a dash at the beginning of the domain
  152. if (strpos($domain, '-') === 0)
  153. {
  154. return false;
  155. }
  156. // Check for a dash at the end of the domain
  157. $length = strlen($domain) - 1;
  158. if (strpos($domain, '-', $length) === $length)
  159. {
  160. return false;
  161. }
  162. }
  163. return true;
  164. }
  165. }