diff --git a/includes/mail.inc b/includes/mail.inc index 0e5c178..f6e06d9 100644 --- a/includes/mail.inc +++ b/includes/mail.inc @@ -105,7 +105,9 @@ define('MAIL_LINE_ENDINGS', isset($_SERVER['WINDIR']) || (isset($_SERVER['SERVER * @param $params * Optional parameters to build the e-mail. * @param $from - * Sets From to this value, if given. + * Sets the From header to this value, if the domain of the email provided + * matches the approved sending email address (site_mail). Sets the Reply-To + * header to this value if the domains do not match. * @param $send * If TRUE, drupal_mail() will call drupal_mail_system()->mail() to deliver * the message, and store the result in $message['result']. Modules @@ -128,7 +130,7 @@ function drupal_mail($module, $key, $to, $language, $params = array(), $from = N 'module' => $module, 'key' => $key, 'to' => $to, - 'from' => isset($from) ? $from : $default_from, + 'from' => $default_from, 'language' => $language, 'params' => $params, 'send' => TRUE, @@ -149,9 +151,41 @@ function drupal_mail($module, $key, $to, $language, $params = array(), $from = N // SMTP server. $headers['From'] = $headers['Sender'] = $headers['Return-Path'] = $default_from; } - if ($from) { - $headers['From'] = $from; + + if (isset($from)) { + // Check to see if the domain matches the specified sending email address. + $default_from_parts = explode('@', $default_from); + if (count($default_from_parts) == 2 && isset($default_from_parts[1]) && + stripos($from, '@' . $default_from_parts[1]) === FALSE) { + + // If domain does not match set Reply-To to From, and reformat From. + $headers['Reply-To'] = $from; + // Match e-mails of the form 'My Name ' as follows: + // ^ = beginning of string + // "? = optional quote + // ([^<]*?) = match optional characters that aren't a < (non-greedy) + // "? = optional quote + // SPACE* = optional spaces + // (?:<(.*)>) = < matching stuff > (without the angle brakets) + // $ = end of string + preg_match('/^"?([^<]*?)"? *(?:<(.*)>)?$/', $from, $matches); + if ($matches) { + $from_reformatted = t('"!name via !site_name" ', array( + '!name' => empty($matches[1]) ? $matches[2] : $matches[1], + '!site_name' => variable_get('site_name', 'Drupal'), + '!site_mail' => $default_from, + )); + $message['from'] = $from_reformatted; + $headers['From'] = mime_header_encode($from_reformatted); + } + } + else { + // If the domain matches the specified email, it is likely safe to use. + $message['from'] = $from; + $headers['From'] = $from; + } } + $message['headers'] = $headers; // Build the e-mail (get subject and body, allow additional headers) by