[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * @version        $Id: helper.php 14401 2010-01-26 14:10:00Z louis $
   4   * @package        Joomla.Framework
   5   * @subpackage    Mail
   6   * @copyright    Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
   7   * @license        GNU/GPL, see LICENSE.php
   8   * Joomla! is free software. This version may have been modified pursuant
   9   * to the GNU General Public License, and as distributed it includes or
  10   * is derivative of works licensed under the GNU General Public License or
  11   * other free or open source software licenses.
  12   * See COPYRIGHT.php for copyright notices and details.
  13   */
  14  
  15  // Check to ensure this file is within the rest of the framework
  16  defined('JPATH_BASE') or die();
  17  
  18  /**
  19   * E-Mail helper class, provides static methods to perform various tasks relevant
  20   * to the Joomla e-mail routines.
  21   *
  22   * TODO: Test these methods as the regex work is first run and not tested thoroughly
  23   *
  24   * @static
  25   * @package     Joomla.Framework
  26   * @subpackage    Mail
  27   * @since        1.5
  28   */
  29  class JMailHelper
  30  {
  31      /**
  32       * Cleans single line inputs.
  33       *
  34       * @static
  35       * @param string $value String to be cleaned.
  36       * @return string Cleaned string.
  37       */
  38  	function cleanLine( $value ) {
  39          return trim( preg_replace( '/(%0A|%0D|\n+|\r+)/i', '', $value ) );
  40      }
  41  
  42      /**
  43       * Cleans multi-line inputs.
  44       *
  45       * @static
  46       * @param string $value Multi-line string to be cleaned.
  47       * @return string Cleaned multi-line string.
  48       */
  49  	function cleanText( $value ) {
  50          return trim( preg_replace( '/(%0A|%0D|\n+|\r+)(content-type:|to:|cc:|bcc:)/i', '', $value ) );
  51      }
  52  
  53      /**
  54       * Cleans any injected headers from the E-Mail body.
  55       *
  56       * @static
  57       * @param string $body E-Mail body string.
  58       * @return string Cleaned E-Mail body string.
  59       * @since 1.5
  60       */
  61  	function cleanBody($body) {
  62          // Strip all E-Mail headers from a string
  63          return preg_replace("/((From:|To:|Cc:|Bcc:|Subject:|Content-type:) ([\S]+))/", "", $body);
  64      }
  65  
  66      /**
  67       * Cleans any injected headers from the subject string.
  68       *
  69       * @static
  70       * @param string $subject E-Mail subject string.
  71       * @return string Cleaned E-Mail subject string.
  72       * @since 1.5
  73       */
  74  	function cleanSubject($subject) {
  75          return preg_replace("/((From:|To:|Cc:|Bcc:|Content-type:) ([\S]+))/", "", $subject);
  76      }
  77  
  78      /**
  79       * Verifies that an e-mail address does not have any extra headers injected into it.
  80       *
  81       * @static
  82       * @param string $address E-Mail address.
  83       * @return string|false E-Mail address string or boolean false if injected headers are present.
  84       * @since 1.5
  85       */
  86  	function cleanAddress($address)
  87      {
  88          if (preg_match("[\s;,]", $address)) {
  89              return false;
  90          }
  91          return $address;
  92      }
  93  
  94      /**
  95       * Verifies that the string is in a proper e-mail address format.
  96       *
  97       * @static
  98       * @param string $email String to be verified.
  99       * @return boolean True if string has the correct format; false otherwise.
 100       * @since 1.5
 101       */
 102  	function isEmailAddress($email)
 103      {
 104  
 105          // Split the email into a local and domain
 106          $atIndex    = strrpos($email, "@");
 107          $domain        = substr($email, $atIndex+1);
 108          $local        = substr($email, 0, $atIndex);
 109  
 110          // Check Length of domain
 111          $domainLen    = strlen($domain);
 112          if ($domainLen < 1 || $domainLen > 255) {
 113              return false;
 114          }
 115  
 116          // Check the local address
 117          // We're a bit more conservative about what constitutes a "legal" address, that is, A-Za-z0-9!#$%&\'*+/=?^_`{|}~-
 118          $allowed    = 'A-Za-z0-9!#&*+=?_-';
 119          $regex        = "/^[$allowed][\.$allowed]{0,63}$/";
 120          if ( ! preg_match($regex, $local) ) {
 121              return false;
 122          }
 123  
 124          // No problem if the domain looks like an IP address, ish
 125          $regex        = '/^[0-9\.]+$/';
 126          if ( preg_match($regex, $domain)) {
 127              return true;
 128          }
 129  
 130          // Check Lengths
 131          $localLen    = strlen($local);
 132          if ($localLen < 1 || $localLen > 64) {
 133              return false;
 134          }
 135  
 136          // Check the domain
 137          $domain_array    = explode(".", rtrim( $domain, '.' ));
 138          $regex        = '/^[A-Za-z0-9-]{0,63}$/';
 139          foreach ($domain_array as $domain ) {
 140  
 141              // Must be something
 142              if ( ! $domain ) {
 143                  return false;
 144              }
 145  
 146              // Check for invalid characters
 147              if ( ! preg_match($regex, $domain) ) {
 148                  return false;
 149              }
 150  
 151              // Check for a dash at the beginning of the domain
 152              if ( strpos($domain, '-' ) === 0 ) {
 153                  return false;
 154              }
 155  
 156              // Check for a dash at the end of the domain
 157              $length = strlen($domain) -1;
 158              if ( strpos($domain, '-', $length ) === $length ) {
 159                  return false;
 160              }
 161  
 162          }
 163  
 164          return true;
 165      }
 166  
 167  }