class DefaultMailSystem in Drupal 7
The default Drupal mail backend using PHP's mail function.
Hierarchy
- class \DefaultMailSystem implements MailSystemInterface
Expanded class hierarchy of DefaultMailSystem
1 string reference to 'DefaultMailSystem'
- drupal_mail_system in includes/
mail.inc - Returns an object that implements the MailSystemInterface interface.
File
- modules/
system/ system.mail.inc, line 11 - Drupal core implementations of MailSystemInterface.
View source
class DefaultMailSystem implements MailSystemInterface {
/**
* Concatenate and wrap the e-mail body for plain-text mails.
*
* @param $message
* A message array, as described in hook_mail_alter().
*
* @return
* The formatted $message.
*/
public function format(array $message) {
// Join the body array into one string.
$message['body'] = implode("\n\n", $message['body']);
// Convert any HTML to plain-text.
$message['body'] = drupal_html_to_text($message['body']);
// Wrap the mail body for sending.
$message['body'] = drupal_wrap_mail($message['body']);
return $message;
}
/**
* Send an e-mail message, using Drupal variables and default settings.
*
* @see http://php.net/manual/function.mail.php
* @see drupal_mail()
*
* @param $message
* A message array, as described in hook_mail_alter().
* @return
* TRUE if the mail was successfully accepted, otherwise FALSE.
*/
public function mail(array $message) {
// If 'Return-Path' isn't already set in php.ini, we pass it separately
// as an additional parameter instead of in the header.
// However, if PHP's 'safe_mode' is on, this is not allowed.
if (isset($message['headers']['Return-Path']) && !ini_get('safe_mode')) {
$return_path_set = strpos(ini_get('sendmail_path'), ' -f');
if (!$return_path_set) {
$message['Return-Path'] = $message['headers']['Return-Path'];
unset($message['headers']['Return-Path']);
}
}
$mimeheaders = array();
foreach ($message['headers'] as $name => $value) {
$mimeheaders[] = $name . ': ' . mime_header_encode($value);
}
$line_endings = variable_get('mail_line_endings', MAIL_LINE_ENDINGS);
// Prepare mail commands.
$mail_subject = mime_header_encode($message['subject']);
// Note: e-mail uses CRLF for line-endings. PHP's API requires LF
// on Unix and CRLF on Windows. Drupal automatically guesses the
// line-ending format appropriate for your system. If you need to
// override this, adjust $conf['mail_line_endings'] in settings.php.
$mail_body = preg_replace('@\\r?\\n@', $line_endings, $message['body']);
// For headers, PHP's API suggests that we use CRLF normally,
// but some MTAs incorrectly replace LF with CRLF. See #234403.
$mail_headers = join("\n", $mimeheaders);
// We suppress warnings and notices from mail() because of issues on some
// hosts. The return value of this method will still indicate whether mail
// was sent successfully.
if (!isset($_SERVER['WINDIR']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') === FALSE) {
// We validate the return path, unless it is equal to the site mail, which
// we assume to be safe.
if (isset($message['Return-Path']) && !ini_get('safe_mode') && (variable_get('site_mail', ini_get('sendmail_from')) === $message['Return-Path'] || self::_isShellSafe($message['Return-Path']))) {
// On most non-Windows systems, the "-f" option to the sendmail command
// is used to set the Return-Path. There is no space between -f and
// the value of the return path.
$mail_result = @mail($message['to'], $mail_subject, $mail_body, $mail_headers, '-f' . $message['Return-Path']);
}
else {
// The optional $additional_parameters argument to mail() is not
// allowed if safe_mode is enabled. Passing any value throws a PHP
// warning and makes mail() return FALSE.
$mail_result = @mail($message['to'], $mail_subject, $mail_body, $mail_headers);
}
}
else {
// On Windows, PHP will use the value of sendmail_from for the
// Return-Path header.
$old_from = ini_get('sendmail_from');
ini_set('sendmail_from', $message['Return-Path']);
$mail_result = @mail($message['to'], $mail_subject, $mail_body, $mail_headers);
ini_set('sendmail_from', $old_from);
}
return $mail_result;
}
/**
* Disallows potentially unsafe shell characters.
*
* Functionally similar to PHPMailer::isShellSafe() which resulted from
* CVE-2016-10045. Note that escapeshellarg and escapeshellcmd are inadequate
* for this purpose.
*
* @param string $string
* The string to be validated.
*
* @return bool
* True if the string is shell-safe.
*
* @see https://github.com/PHPMailer/PHPMailer/issues/924
* @see https://github.com/PHPMailer/PHPMailer/blob/v5.2.21/class.phpmailer.php#L1430
*
* @todo Rename to ::isShellSafe() and/or discuss whether this is the correct
* location for this helper.
*/
protected static function _isShellSafe($string) {
if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array(
"'{$string}'",
"\"{$string}\"",
))) {
return FALSE;
}
if (preg_match('/[^a-zA-Z0-9@_\\-.]/', $string) !== 0) {
return FALSE;
}
return TRUE;
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
DefaultMailSystem:: |
public | function |
Concatenate and wrap the e-mail body for plain-text mails. Overrides MailSystemInterface:: |
|
DefaultMailSystem:: |
public | function |
Send an e-mail message, using Drupal variables and default settings. Overrides MailSystemInterface:: |
1 |
DefaultMailSystem:: |
protected static | function | Disallows potentially unsafe shell characters. |