3 namespace Drupal\Core\Mail\Plugin\Mail;
5 use Drupal\Component\Utility\Unicode;
6 use Drupal\Core\Mail\MailFormatHelper;
7 use Drupal\Core\Mail\MailInterface;
8 use Drupal\Core\Site\Settings;
11 * Defines the default Drupal mail backend, using PHP's native mail() function.
15 * label = @Translation("Default PHP mailer"),
16 * description = @Translation("Sends the message as plain text, using PHP's native mail() function.")
19 class PhpMail implements MailInterface {
22 * The configuration factory.
24 * @var \Drupal\Core\Config\ConfigFactoryInterface
26 protected $configFactory;
29 * PhpMail constructor.
31 public function __construct() {
32 $this->configFactory = \Drupal::configFactory();
36 * Concatenates and wraps the email body for plain-text mails.
38 * @param array $message
39 * A message array, as described in hook_mail_alter().
42 * The formatted $message.
44 public function format(array $message) {
45 // Join the body array into one string.
46 $message['body'] = implode("\n\n", $message['body']);
48 // Convert any HTML to plain-text.
49 $message['body'] = MailFormatHelper::htmlToText($message['body']);
50 // Wrap the mail body for sending.
51 $message['body'] = MailFormatHelper::wrapMail($message['body']);
57 * Sends an email message.
59 * @param array $message
60 * A message array, as described in hook_mail_alter().
63 * TRUE if the mail was successfully accepted, otherwise FALSE.
65 * @see http://php.net/manual/function.mail.php
66 * @see \Drupal\Core\Mail\MailManagerInterface::mail()
68 public function mail(array $message) {
69 // If 'Return-Path' isn't already set in php.ini, we pass it separately
70 // as an additional parameter instead of in the header.
71 if (isset($message['headers']['Return-Path'])) {
72 $return_path_set = strpos(ini_get('sendmail_path'), ' -f');
73 if (!$return_path_set) {
74 $message['Return-Path'] = $message['headers']['Return-Path'];
75 unset($message['headers']['Return-Path']);
79 foreach ($message['headers'] as $name => $value) {
80 $mimeheaders[] = $name . ': ' . Unicode::mimeHeaderEncode($value);
82 $line_endings = Settings::get('mail_line_endings', PHP_EOL);
83 // Prepare mail commands.
84 $mail_subject = Unicode::mimeHeaderEncode($message['subject']);
85 // Note: email uses CRLF for line-endings. PHP's API requires LF
86 // on Unix and CRLF on Windows. Drupal automatically guesses the
87 // line-ending format appropriate for your system. If you need to
88 // override this, adjust $settings['mail_line_endings'] in settings.php.
89 $mail_body = preg_replace('@\r?\n@', $line_endings, $message['body']);
90 // For headers, PHP's API suggests that we use CRLF normally,
91 // but some MTAs incorrectly replace LF with CRLF. See #234403.
92 $mail_headers = implode("\n", $mimeheaders);
94 $request = \Drupal::request();
96 // We suppress warnings and notices from mail() because of issues on some
97 // hosts. The return value of this method will still indicate whether mail
98 // was sent successfully.
99 if (!$request->server->has('WINDIR') && strpos($request->server->get('SERVER_SOFTWARE'), 'Win32') === FALSE) {
100 // On most non-Windows systems, the "-f" option to the sendmail command
101 // is used to set the Return-Path. There is no space between -f and
102 // the value of the return path.
103 // We validate the return path, unless it is equal to the site mail, which
104 // we assume to be safe.
105 $site_mail = $this->configFactory->get('system.site')->get('mail');
106 $additional_headers = isset($message['Return-Path']) && ($site_mail === $message['Return-Path'] || static::_isShellSafe($message['Return-Path'])) ? '-f' . $message['Return-Path'] : '';
107 $mail_result = @mail(
116 // On Windows, PHP will use the value of sendmail_from for the
117 // Return-Path header.
118 $old_from = ini_get('sendmail_from');
119 ini_set('sendmail_from', $message['Return-Path']);
120 $mail_result = @mail(
126 ini_set('sendmail_from', $old_from);
133 * Disallows potentially unsafe shell characters.
135 * Functionally similar to PHPMailer::isShellSafe() which resulted from
136 * CVE-2016-10045. Note that escapeshellarg and escapeshellcmd are inadequate
139 * @param string $string
140 * The string to be validated.
143 * True if the string is shell-safe.
145 * @see https://github.com/PHPMailer/PHPMailer/issues/924
146 * @see https://github.com/PHPMailer/PHPMailer/blob/v5.2.21/class.phpmailer.php#L1430
148 * @todo Rename to ::isShellSafe() and/or discuss whether this is the correct
149 * location for this helper.
151 protected static function _isShellSafe($string) {
152 if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), ["'$string'", "\"$string\""])) {
155 if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) {