/wp-content/plugins/contact-form-7/includes/config-validator.php

https://gitlab.com/webkod3r/tripolis · PHP · 286 lines · 223 code · 62 blank · 1 comment · 47 complexity · 3521da852a1b3a452b1b1d4bea5052f4 MD5 · raw file 

    

  1. <?php
    2. 

  2. 

  3. class WPCF7_ConfigValidator {
    4. 

  4. 

  5. 	const error_maybe_empty = 101;
    6. 

  6. 	const error_invalid_syntax = 102;
    7. 

  7. 	const error_email_not_in_site_domain = 103;
    8. 

  8. 	const error_html_in_message = 104;
    9. 

  9. 

  10. 	private $contact_form;
    11. 

  11. 	private $errors = array();
    12. 

  12. 

  13. 	public function __construct( WPCF7_ContactForm $contact_form ) {
    14. 

  14. 		$this->contact_form = $contact_form;
    15. 

  15. 		$this->errors = (array) get_post_meta(
    16. 

  16. 			$this->contact_form->id(), '_config_errors', true );
    17. 

  17. 		$this->errors = array_filter( $this->errors );
    18. 

  18. 	}
    19. 

  19. 

  20. 	public function is_valid() {
    21. 

  21. 		return ! $this->errors;
    22. 

  22. 	}
    23. 

  23. 

  24. 	public function get_errors() {
    25. 

  25. 		return $this->errors;
    26. 

  26. 	}
    27. 

  27. 

  28. 	public function get_error( $section ) {
    29. 

  29. 		if ( isset( $this->errors[$section] ) ) {
    30. 

  30. 			return $this->errors[$section];
    31. 

  31. 		}
    32. 

  32. 

  33. 		return null;
    34. 

  34. 	}
    35. 

  35. 

  36. 	public function get_error_message( $section ) {
    37. 

  37. 		$code = $this->get_error( $section );
    38. 

  38. 

  39. 		switch ( $code ) {
    40. 

  40. 			case self::error_maybe_empty:
    41. 

  41. 				return __( "This field can be empty depending on user input.", 'contact-form-7' );
    42. 

  42. 			case self::error_invalid_syntax:
    43. 

  43. 				return __( "This field has syntax errors.", 'contact-form-7' );
    44. 

  44. 			case self::error_email_not_in_site_domain:
    45. 

  45. 				return __( "This email address does not belong to the same domain as the site.", 'contact-form-7' );
    46. 

  46. 			case self::error_html_in_message:
    47. 

  47. 				return __( "HTML tags are not allowed in a message.", 'contact-form-7' );
    48. 

  48. 			default:
    49. 

  49. 				return '';
    50. 

  50. 		}
    51. 

  51. 	}
    52. 

  52. 

  53. 	private function add_error( $section, $error ) {
    54. 

  54. 		$this->errors[$section] = $error;
    55. 

  55. 	}
    56. 

  56. 

  57. 	public function validate() {
    58. 

  58. 		$this->errors = array();
    59. 

  59. 

  60. 		$this->validate_mail( 'mail' );
    61. 

  61. 		$this->validate_mail( 'mail_2' );
    62. 

  62. 		$this->validate_messages();
    63. 

  63. 

  64. 		delete_post_meta( $this->contact_form->id(), '_config_errors' );
    65. 

  65. 

  66. 		if ( $this->errors ) {
    67. 

  67. 			update_post_meta( $this->contact_form->id(), '_config_errors',
    68. 

  68. 				$this->errors );
    69. 

  69. 			return false;
    70. 

  70. 		}
    71. 

  71. 

  72. 		return true;
    73. 

  73. 	}
    74. 

  74. 

  75. 	public function validate_mail( $template = 'mail' ) {
    76. 

  76. 		$components = (array) $this->contact_form->prop( $template );
    77. 

  77. 

  78. 		if ( ! $components ) {
    79. 

  79. 			return;
    80. 

  80. 		}
    81. 

  81. 

  82. 		if ( 'mail' != $template && empty( $components['active'] ) ) {
    83. 

  83. 			return;
    84. 

  84. 		}
    85. 

  85. 

  86. 		$components = wp_parse_args( $components, array(
    87. 

  87. 			'subject' => '',
    88. 

  88. 			'sender' => '',
    89. 

  89. 			'recipient' => '',
    90. 

  90. 			'additional_headers' => '',
    91. 

  91. 			'body' => '' ) );
    92. 

  92. 

  93. 		$callback = array( $this, 'replace_mail_tags_with_minimum_input' );
    94. 

  94. 

  95. 		$subject = $components['subject'];
    96. 

  96. 		$subject = new WPCF7_MailTaggedText( $subject,
    97. 

  97. 			array( 'callback' => $callback ) );
    98. 

  98. 		$subject = $subject->replace_tags();
    99. 

  99. 		$subject = wpcf7_strip_newline( $subject );
    100. 

  100. 

  101. 		if ( '' === $subject ) {
    102. 

  102. 			$this->add_error( sprintf( '%s.subject', $template ),
    103. 

  103. 				self::error_maybe_empty );
    104. 

  104. 		}
    105. 

  105. 

  106. 		$sender = $components['sender'];
    107. 

  107. 		$sender = new WPCF7_MailTaggedText( $sender,
    108. 

  108. 			array( 'callback' => $callback ) );
    109. 

  109. 		$sender = $sender->replace_tags();
    110. 

  110. 		$sender = wpcf7_strip_newline( $sender );
    111. 

  111. 

  112. 		if ( ! wpcf7_is_mailbox_list( $sender ) ) {
    113. 

  113. 			$this->add_error( sprintf( '%s.sender', $template ),
    114. 

  114. 				self::error_invalid_syntax );
    115. 

  115. 		} elseif ( ! wpcf7_is_email_in_site_domain( $sender ) ) {
    116. 

  116. 			$this->add_error( sprintf( '%s.sender', $template ),
    117. 

  117. 				self::error_email_not_in_site_domain );
    118. 

  118. 		}
    119. 

  119. 

  120. 		$recipient = $components['recipient'];
    121. 

  121. 		$recipient = new WPCF7_MailTaggedText( $recipient,
    122. 

  122. 			array( 'callback' => $callback ) );
    123. 

  123. 		$recipient = $recipient->replace_tags();
    124. 

  124. 		$recipient = wpcf7_strip_newline( $recipient );
    125. 

  125. 

  126. 		if ( ! wpcf7_is_mailbox_list( $recipient ) ) {
    127. 

  127. 			$this->add_error( sprintf( '%s.recipient', $template ),
    128. 

  128. 				self::error_invalid_syntax );
    129. 

  129. 		}
    130. 

  130. 

  131. 		$additional_headers = $components['additional_headers'];
    132. 

  132. 		$additional_headers = new WPCF7_MailTaggedText( $additional_headers,
    133. 

  133. 			array( 'callback' => $callback ) );
    134. 

  134. 		$additional_headers = $additional_headers->replace_tags();
    135. 

  135. 

  136. 		if ( ! $this->test_additional_headers_syntax( $additional_headers ) ) {
    137. 

  137. 			$this->add_error( sprintf( '%s.additional_headers', $template ),
    138. 

  138. 				self::error_invalid_syntax );
    139. 

  139. 		}
    140. 

  140. 

  141. 		$body = $components['body'];
    142. 

  142. 		$body = new WPCF7_MailTaggedText( $body,
    143. 

  143. 			array( 'callback' => $callback ) );
    144. 

  144. 		$body = $body->replace_tags();
    145. 

  145. 

  146. 		if ( '' === $body ) {
    147. 

  147. 			$this->add_error( sprintf( '%s.body', $template ),
    148. 

  148. 				self::error_maybe_empty );
    149. 

  149. 		}
    150. 

  150. 	}
    151. 

  151. 

  152. 	public function test_additional_headers_syntax( $content ) {
    153. 

  153. 		$headers = explode( "\n", $content );
    154. 

  154. 

  155. 		foreach ( $headers as $header ) {
    156. 

  156. 			$header = trim( $header );
    157. 

  157. 

  158. 			if ( '' === $header ) {
    159. 

  159. 				continue;
    160. 

  160. 			}
    161. 

  161. 

  162. 			if ( ! preg_match( '/^([0-9A-Za-z-]+):(.+)$/', $header, $matches ) ) {
    163. 

  163. 				return false;
    164. 

  164. 			}
    165. 

  165. 

  166. 			$is_mailbox_list_field = in_array( strtolower( $matches[1] ),
    167. 

  167. 				array( 'reply-to', 'cc', 'bcc' ) );
    168. 

  168. 

  169. 			if ( $is_mailbox_list_field
    170. 

  170. 			&& ! wpcf7_is_mailbox_list( $matches[2] ) ) {
    171. 

  171. 				return false;
    172. 

  172. 			}
    173. 

  173. 		}
    174. 

  174. 

  175. 		return true;
    176. 

  176. 	}
    177. 

  177. 

  178. 	public function validate_messages() {
    179. 

  179. 		$messages = (array) $this->contact_form->prop( 'messages' );
    180. 

  180. 

  181. 		if ( ! $messages ) {
    182. 

  182. 			return;
    183. 

  183. 		}
    184. 

  184. 

  185. 		if ( isset( $messages['captcha_not_match'] )
    186. 

  186. 		&& ! wpcf7_use_really_simple_captcha() ) {
    187. 

  187. 			unset( $messages['captcha_not_match'] );
    188. 

  188. 		}
    189. 

  189. 

  190. 		foreach ( $messages as $key => $message ) {
    191. 

  191. 			$stripped = wp_strip_all_tags( $message );
    192. 

  192. 

  193. 			if ( $stripped != $message ) {
    194. 

  194. 				$this->add_error( sprintf( 'messages.%s', $key ),
    195. 

  195. 					self::error_html_in_message );
    196. 

  196. 			}
    197. 

  197. 		}
    198. 

  198. 	}
    199. 

  199. 

  200. 	public function replace_mail_tags_with_minimum_input( $matches ) {
    201. 

  201. 		// allow [[foo]] syntax for escaping a tag
    202. 

  202. 		if ( $matches[1] == '[' && $matches[4] == ']' ) {
    203. 

  203. 			return substr( $matches[0], 1, -1 );
    204. 

  204. 		}
    205. 

  205. 

  206. 		$tag = $matches[0];
    207. 

  207. 		$tagname = $matches[2];
    208. 

  208. 		$values = $matches[3];
    209. 

  209. 

  210. 		if ( ! empty( $values ) ) {
    211. 

  211. 			preg_match_all( '/"[^"]*"|\'[^\']*\'/', $values, $matches );
    212. 

  212. 			$values = wpcf7_strip_quote_deep( $matches[0] );
    213. 

  213. 		}
    214. 

  214. 

  215. 		$do_not_heat = false;
    216. 

  216. 

  217. 		if ( preg_match( '/^_raw_(.+)$/', $tagname, $matches ) ) {
    218. 

  218. 			$tagname = trim( $matches[1] );
    219. 

  219. 			$do_not_heat = true;
    220. 

  220. 		}
    221. 

  221. 

  222. 		$format = '';
    223. 

  223. 

  224. 		if ( preg_match( '/^_format_(.+)$/', $tagname, $matches ) ) {
    225. 

  225. 			$tagname = trim( $matches[1] );
    226. 

  226. 			$format = $values[0];
    227. 

  227. 		}
    228. 

  228. 

  229. 		$example_email = 'example@example.com';
    230. 

  230. 		$example_text = 'example';
    231. 

  231. 		$example_blank = '';
    232. 

  232. 

  233. 		$form_tags = $this->contact_form->form_scan_shortcode(
    234. 

  234. 			array( 'name' => $tagname ) );
    235. 

  235. 

  236. 		if ( $form_tags ) {
    237. 

  237. 			$form_tag = new WPCF7_Shortcode( $form_tags[0] );
    238. 

  238. 

  239. 			$is_required = ( $form_tag->is_required() || 'radio' == $form_tag->type );
    240. 

  240. 

  241. 			if ( ! $is_required ) {
    242. 

  242. 				return $example_blank;
    243. 

  243. 			}
    244. 

  244. 

  245. 			$is_selectable = in_array( $form_tag->basetype,
    246. 

  246. 				array( 'radio', 'checkbox', 'select' ) );
    247. 

  247. 

  248. 			if ( $is_selectable ) {
    249. 

  249. 				if ( $form_tag->pipes instanceof WPCF7_Pipes ) {
    250. 

  250. 					if ( $do_not_heat ) {
    251. 

  251. 						$before_pipes = $form_tag->pipes->collect_befores();
    252. 

  252. 						$last_item = array_pop( $before_pipes );
    253. 

  253. 					} else {
    254. 

  254. 						$after_pipes = $form_tag->pipes->collect_afters();
    255. 

  255. 						$last_item = array_pop( $after_pipes );
    256. 

  256. 					}
    257. 

  257. 				} else {
    258. 

  258. 					$last_item = array_pop( $form_tag->values );
    259. 

  259. 				}
    260. 

  260. 

  261. 				if ( $last_item && wpcf7_is_mailbox_list( $last_item ) ) {
    262. 

  262. 					return $example_email;
    263. 

  263. 				} else {
    264. 

  264. 					return $example_text;
    265. 

  265. 				}
    266. 

  266. 			}
    267. 

  267. 

  268. 			if ( 'email' == $form_tag->basetype ) {
    269. 

  269. 				return $example_email;
    270. 

  270. 			} else {
    271. 

  271. 				return $example_text;
    272. 

  272. 			}
    273. 

  273. 

  274. 		} else {
    275. 

  275. 			$tagname = preg_replace( '/^wpcf7\./', '_', $tagname ); // for back-compat
    276. 

  276. 

  277. 			if ( '_post_author_email' == $tagname ) {
    278. 

  278. 				return $example_email;
    279. 

  279. 			} elseif ( '_' == substr( $tagname, 0, 1 ) ) { // maybe special mail tag
    280. 

  280. 				return $example_text;
    281. 

  281. 			}
    282. 

  282. 		}
    283. 

  283. 

  284. 		return $tag;
    285. 

  285. 	}
    286. 

  286. }
    287.