Here's a short example on how to build a basic message and set the recipients. In this example, I'll send a quick note to my old friend Bolivar Shagnasty, and give him both a text and HTML version of the message.
Note | |
---|---|
Note that the |
<?php
$text = TEXT<<<
The quick brown fox jumps over the lazy dog.
Now is the time for all good men to come to the aid of their country.
TEXT;
$html = HTML<<<
<p>The quick brown fox jumps <em>over</em> the lazy dog.</p>
<p><strong>Now</strong> is the time for all good men
to come to the aid of their country.</p>
HTML;
$mail = Solar::factory('Solar_Mail_Message');
$mail->setCharset('utf-8')
->setFrom('pmjones@example.com', 'Paul M. Jones')
->addTo('boshag@example.com', 'Bolivar Shagnasty')
->addCc('nobody@example.net')
->setSubject('A Short Test Message')
->setText($text)
->setHtml($html);
?>
That's pretty easy ... but is it safe?
Anything that ends up getting sent as a mail header, including addresses and the subject line, is sanitized against header-injection attacks by removing newlines from the header label and value. Let's say you want to add a new custom header:
<?php
$mail = Solar::factory('Solar_Mail_Message');
$mail->setHeader('X-Custom-Header', "Foo\r\n\r\nAn evil message");
?>
Under a less-secure system this would cause the header to be sent as:
X-Custom-Header: Foo
An evil message.
That's no good -- somebody just injected their own message into our email.
With Solar_Mail_Message
, when the mail gets sent, that header will go out as:
X-Custom-Header: FooAn evil message
We strip the newlines in header labels and values automatically, so you should be safe against header injections. (If there are other aspects to securing against header injections I would be happy to hear them.)