我有一个我在互联网上开发的php程序。到目前为止,我使用了共享主机包。一切顺利,直到我转移到vps(apache2 suse 9.1 plesk)。我发现某些PHP函数尚未激活。我通过互联网解决了大部分问题。
我的主要问题是用fpdf通过电子邮件发送pdf文件。即
<?php
// download fpdf class (http://fpdf.org)
require("fpdf.php");
// fpdf object
$pdf = new FPDF();
// generate a simple PDF (for more info, see http://fpdf.org/en/tutorial/)
$pdf->AddPage();
$pdf->SetFont("Arial","B",14);
$pdf->Cell(40,10, "this is a pdf example");
// email stuff (change data below)
$to = "steven@siteaddress.co.uk";
$from = "me@domain.com";
$subject = "send email with pdf attachment";
$message = "<p>Please see the attachment.</p>";
// a random hash will be necessary to send mixed content
$separator = md5(time());
// carriage return type (we use a PHP end of line constant)
$eol = PHP_EOL;
// attachment name
$filename = "example.pdf";
// encode data (puts attachment in proper format)
$pdfdoc = $pdf->Output("", "S");
$attachment = chunk_split(base64_encode($pdfdoc));
// main header (multipart mandatory)
$headers = "From: ".$from.$eol;
$headers .= "MIME-Version: 1.0".$eol;
$headers .= "Content-Type: multipart/mixed; boundary=\"".$separator."\"".$eol.$eol;
$headers .= "Content-Transfer-Encoding: 7bit".$eol;
$headers .= "This is a MIME encoded message.".$eol.$eol;
// message
$headers .= "--".$separator.$eol;
$headers .= "Content-Type: text/html; charset=\"iso-8859-1\"".$eol;
$headers .= "Content-Transfer-Encoding: 8bit".$eol.$eol;
$headers .= $message.$eol.$eol;
// attachment
$headers .= "--".$separator.$eol;
$headers .= "Content-Type: application/octet-stream; name=\"".$filename."\"".$eol;
$headers .= "Content-Transfer-Encoding: base64".$eol;
$headers .= "Content-Disposition: attachment".$eol.$eol;
$headers .= $attachment.$eol.$eol;
$headers .= "--".$separator."--";
// send message
//mail($to, $subject, "", $headers);
if (@mail($to, $subject, "",$headers)) {
echo('<p>Mail sent successfully.</p>');
} else {
echo('<p>Mail could not be sent.</p>');
}
?>
上面的文件适用于我的共享托管,但是当从我的vps发送时,我从我的文件中收到此错误消息
Mar 23 19:16:56 h1871885 suhosin[64630]: ALERT - mail() - double newline in headers, possible injection, mail dropped (attacker '86.137.40.199', file '/srv/www/vhosts/sitename.co.uk/httpdocs/main/email.php', line 111)
经过多次试用,错误来自这一行
if (@mail($to, $subject, "",$headers))
如果我删除“”,它会在我的vps上发送电子邮件,但没有附件。这也发生在我的共享帐户上。附件最终在消息中带有一个空洞加载字符'。 所以我需要他们在那里。有没有人知道如何克服这个问题。
非常感谢Mar 23 20:52:48 h1871885 suhosin[60778]: ALERT - mail() - double newline in headers, possible injection, mail dropped (attacker '86.137.40.199', file '/srv/www/vhosts/sitename.co.uk/httpdocs/main/email1.php', line 56)
答案 0 :(得分:1)
你的.$eol.$eol中有很多$headers,我想suhosin会禁止第二个邮件上的邮件。但我认为你已经足够了解RFC2822以确切地知道消息格式中你需要空白行的位置,所以你可以turn off suhosin's mail() protection,假设你确信你没有任何远程可利用的注射漏洞。