diff options
Diffstat (limited to 'program/steps/mail/sendmail.inc')
-rw-r--r-- | program/steps/mail/sendmail.inc | 46 |
1 files changed, 38 insertions, 8 deletions
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index 5f12f3fe9..8edf15ffe 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -137,6 +137,40 @@ function rcmail_attach_emoticons(&$mime_message) return $body; } +// parse email address input +function rcmail_mailto_format($mailto) +{ + $regexp = array('/[,;]\s*[\r\n]+/', '/[\r\n]+/', '/[,;]\s*$/m', '/;/', '/(\S{1})(<\S+@\S+>)/U'); + $replace = array(', ', ', ', '', ',', '\\1 \\2'); + + // replace new lines and strip ending ', ', make address strings more valid also + $mailto = trim(preg_replace($regexp, $replace, $mailto)); + + $result = $name = ''; + + // handle simple email (without <>) + if (preg_match('/^\S+@\S+$/', $mailto)) + $result = '<' . $mailto . '>'; + else + // quote unquoted names (#1485654) + foreach (explode(' ', $mailto) as $item) { + if (preg_match('/<\S+@\S+>,*/', $item)) { + if ($name && ($name[0] != '"' || $name[strlen($name)-1] != '"') + && preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name)) { + $name = '"'.addcslashes($name, '"').'"'; + } + if ($name) { + $result .= ' ' . $name; + $name = ''; + } + $result .= ' ' . $item; + } else { + $name .= ($name ? ' ' : '') . $item; + } + } + + return trim($result); +} /****** compose message ********/ @@ -149,13 +183,9 @@ $message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->con $input_charset = $OUTPUT->get_charset(); $message_charset = isset($_POST['_charset']) ? $_POST['_charset'] : $input_charset; -$mailto_regexp = array('/[,;]\s*[\r\n]+/', '/[\r\n]+/', '/[,;]\s*$/m', '/;/', '/(\S{1})(<\S+@\S+>)/U'); -$mailto_replace = array(', ', ', ', '', ',', '\\1 \\2'); - -// replace new lines and strip ending ', ', make address strings more valid also -$mailto = preg_replace($mailto_regexp, $mailto_replace, get_input_value('_to', RCUBE_INPUT_POST, TRUE, $message_charset)); -$mailcc = preg_replace($mailto_regexp, $mailto_replace, get_input_value('_cc', RCUBE_INPUT_POST, TRUE, $message_charset)); -$mailbcc = preg_replace($mailto_regexp, $mailto_replace, get_input_value('_bcc', RCUBE_INPUT_POST, TRUE, $message_charset)); +$mailto = rcmail_mailto_format(get_input_value('_to', RCUBE_INPUT_POST, TRUE, $message_charset)); +$mailcc = rcmail_mailto_format(get_input_value('_cc', RCUBE_INPUT_POST, TRUE, $message_charset)); +$mailbcc = rcmail_mailto_format(get_input_value('_bcc', RCUBE_INPUT_POST, TRUE, $message_charset)); if (empty($mailto) && !empty($mailcc)) { $mailto = $mailcc; @@ -196,7 +226,7 @@ if (!empty($identity_arr['organization'])) $headers['Organization'] = $identity_arr['organization']; if (!empty($_POST['_replyto'])) - $headers['Reply-To'] = preg_replace($mailto_regexp, $mailto_replace, get_input_value('_replyto', RCUBE_INPUT_POST, TRUE, $message_charset)); + $headers['Reply-To'] = rcmail_mailto_format(get_input_value('_replyto', RCUBE_INPUT_POST, TRUE, $message_charset)); else if (!empty($identity_arr['reply-to'])) $headers['Reply-To'] = $identity_arr['reply-to']; |