Головна сторінка Огляд Довідка
Увійти
website
/
finlabsindia
2
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Гілка: master
Гілки Теги
finlabsindia
/
newSite
/
wp-content
/
plugins
/
contact-form-7
/
includes
/
config-validator.php

config-validator.php 19 KB
Постійне посилання Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706 
  1. <?php
    2. 

  2. 

  3. class WPCF7_ConfigValidator {
    4. 

  4. 

  5. 	const error = 100;
    6. 

  6. 	const error_maybe_empty = 101;
    7. 

  7. 	const error_invalid_mailbox_syntax = 102;
    8. 

  8. 	const error_email_not_in_site_domain = 103;
    9. 

  9. 	const error_html_in_message = 104;
    10. 

  10. 	const error_multiple_controls_in_label = 105;
    11. 

  11. 	const error_file_not_found = 106;
    12. 

  12. 	const error_unavailable_names = 107;
    13. 

  13. 	const error_invalid_mail_header = 108;
    14. 

  14. 	const error_deprecated_settings = 109;
    15. 

  15. 	const error_file_not_in_content_dir = 110;
    16. 

  16. 	const error_unavailable_html_elements = 111;
    17. 

  17. 	const error_attachments_overweight = 112;
    18. 

  18. 

  19. 	public static function get_doc_link( $error_code = '' ) {
    20. 

  20. 		$url = __( 'https://contactform7.com/configuration-errors/',
    21. 

  21. 			'contact-form-7' );
    22. 

  22. 

  23. 		if ( '' !== $error_code ) {
    24. 

  24. 			$error_code = strtr( $error_code, '_', '-' );
    25. 

  25. 

  26. 			$url = sprintf( '%s/%s', untrailingslashit( $url ), $error_code );
    27. 

  27. 		}
    28. 

  28. 

  29. 		return esc_url( $url );
    30. 

  30. 	}
    31. 

  31. 

  32. 	private $contact_form;
    33. 

  33. 	private $errors = array();
    34. 

  34. 

  35. 	public function __construct( WPCF7_ContactForm $contact_form ) {
    36. 

  36. 		$this->contact_form = $contact_form;
    37. 

  37. 	}
    38. 

  38. 

  39. 	public function contact_form() {
    40. 

  40. 		return $this->contact_form;
    41. 

  41. 	}
    42. 

  42. 

  43. 	public function is_valid() {
    44. 

  44. 		return ! $this->count_errors();
    45. 

  45. 	}
    46. 

  46. 

  47. 	public function count_errors( $args = '' ) {
    48. 

  48. 		$args = wp_parse_args( $args, array(
    49. 

  49. 			'section' => '',
    50. 

  50. 			'code' => '',
    51. 

  51. 		) );
    52. 

  52. 

  53. 		$count = 0;
    54. 

  54. 

  55. 		foreach ( $this->errors as $key => $errors ) {
    56. 

  56. 			if ( preg_match( '/^mail_[0-9]+\.(.*)$/', $key, $matches ) ) {
    57. 

  57. 				$key = sprintf( 'mail.%s', $matches[1] );
    58. 

  58. 			}
    59. 

  59. 

  60. 			if ( $args['section']
    61. 

  61. 			and $key != $args['section']
    62. 

  62. 			and preg_replace( '/\..*$/', '', $key, 1 ) != $args['section'] ) {
    63. 

  63. 				continue;
    64. 

  64. 			}
    65. 

  65. 

  66. 			foreach ( $errors as $error ) {
    67. 

  67. 				if ( empty( $error ) ) {
    68. 

  68. 					continue;
    69. 

  69. 				}
    70. 

  70. 

  71. 				if ( $args['code'] and $error['code'] != $args['code'] ) {
    72. 

  72. 					continue;
    73. 

  73. 				}
    74. 

  74. 

  75. 				$count += 1;
    76. 

  76. 			}
    77. 

  77. 		}
    78. 

  78. 

  79. 		return $count;
    80. 

  80. 	}
    81. 

  81. 

  82. 	public function collect_error_messages() {
    83. 

  83. 		$error_messages = array();
    84. 

  84. 

  85. 		foreach ( $this->errors as $section => $errors ) {
    86. 

  86. 			$error_messages[$section] = array();
    87. 

  87. 

  88. 			foreach ( $errors as $error ) {
    89. 

  89. 				if ( empty( $error['args']['message'] ) ) {
    90. 

  90. 					$message = $this->get_default_message( $error['code'] );
    91. 

  91. 				} elseif ( empty( $error['args']['params'] ) ) {
    92. 

  92. 					$message = $error['args']['message'];
    93. 

  93. 				} else {
    94. 

  94. 					$message = $this->build_message(
    95. 

  95. 						$error['args']['message'],
    96. 

  96. 						$error['args']['params'] );
    97. 

  97. 				}
    98. 

  98. 

  99. 				$link = '';
    100. 

  100. 

  101. 				if ( ! empty( $error['args']['link'] ) ) {
    102. 

  102. 					$link = $error['args']['link'];
    103. 

  103. 				}
    104. 

  104. 

  105. 				$error_messages[$section][] = array(
    106. 

  106. 					'message' => $message,
    107. 

  107. 					'link' => esc_url( $link ),
    108. 

  108. 				);
    109. 

  109. 			}
    110. 

  110. 		}
    111. 

  111. 

  112. 		return $error_messages;
    113. 

  113. 	}
    114. 

  114. 

  115. 	public function build_message( $message, $params = '' ) {
    116. 

  116. 		$params = wp_parse_args( $params, array() );
    117. 

  117. 

  118. 		foreach ( $params as $key => $val ) {
    119. 

  119. 			if ( ! preg_match( '/^[0-9A-Za-z_]+$/', $key ) ) { // invalid key
    120. 

  120. 				continue;
    121. 

  121. 			}
    122. 

  122. 

  123. 			$placeholder = '%' . $key . '%';
    124. 

  124. 

  125. 			if ( false !== stripos( $message, $placeholder ) ) {
    126. 

  126. 				$message = str_ireplace( $placeholder, $val, $message );
    127. 

  127. 			}
    128. 

  128. 		}
    129. 

  129. 

  130. 		return $message;
    131. 

  131. 	}
    132. 

  132. 

  133. 	public function get_default_message( $code ) {
    134. 

  134. 		switch ( $code ) {
    135. 

  135. 			case self::error_maybe_empty:
    136. 

  136. 				return __( "There is a possible empty field.", 'contact-form-7' );
    137. 

  137. 			case self::error_invalid_mailbox_syntax:
    138. 

  138. 				return __( "Invalid mailbox syntax is used.", 'contact-form-7' );
    139. 

  139. 			case self::error_email_not_in_site_domain:
    140. 

  140. 				return __( "Sender email address does not belong to the site domain.", 'contact-form-7' );
    141. 

  141. 			case self::error_html_in_message:
    142. 

  142. 				return __( "HTML tags are used in a message.", 'contact-form-7' );
    143. 

  143. 			case self::error_multiple_controls_in_label:
    144. 

  144. 				return __( "Multiple form controls are in a single label element.", 'contact-form-7' );
    145. 

  145. 			case self::error_invalid_mail_header:
    146. 

  146. 				return __( "There are invalid mail header fields.", 'contact-form-7' );
    147. 

  147. 			case self::error_deprecated_settings:
    148. 

  148. 				return __( "Deprecated settings are used.", 'contact-form-7' );
    149. 

  149. 			default:
    150. 

  150. 				return '';
    151. 

  151. 		}
    152. 

  152. 	}
    153. 

  153. 

  154. 	public function add_error( $section, $code, $args = '' ) {
    155. 

  155. 		$args = wp_parse_args( $args, array(
    156. 

  156. 			'message' => '',
    157. 

  157. 			'params' => array(),
    158. 

  158. 		) );
    159. 

  159. 

  160. 		if ( ! isset( $this->errors[$section] ) ) {
    161. 

  161. 			$this->errors[$section] = array();
    162. 

  162. 		}
    163. 

  163. 

  164. 		$this->errors[$section][] = array( 'code' => $code, 'args' => $args );
    165. 

  165. 

  166. 		return true;
    167. 

  167. 	}
    168. 

  168. 

  169. 	public function remove_error( $section, $code ) {
    170. 

  170. 		if ( empty( $this->errors[$section] ) ) {
    171. 

  171. 			return;
    172. 

  172. 		}
    173. 

  173. 

  174. 		foreach ( (array) $this->errors[$section] as $key => $error ) {
    175. 

  175. 			if ( isset( $error['code'] )
    176. 

  176. 			and $error['code'] == $code ) {
    177. 

  177. 				unset( $this->errors[$section][$key] );
    178. 

  178. 			}
    179. 

  179. 		}
    180. 

  180. 

  181. 		if ( empty( $this->errors[$section] ) ) {
    182. 

  182. 			unset( $this->errors[$section] );
    183. 

  183. 		}
    184. 

  184. 	}
    185. 

  185. 

  186. 	public function validate() {
    187. 

  187. 		$this->errors = array();
    188. 

  188. 

  189. 		$this->validate_form();
    190. 

  190. 		$this->validate_mail( 'mail' );
    191. 

  191. 		$this->validate_mail( 'mail_2' );
    192. 

  192. 		$this->validate_messages();
    193. 

  193. 		$this->validate_additional_settings();
    194. 

  194. 

  195. 		do_action( 'wpcf7_config_validator_validate', $this );
    196. 

  196. 

  197. 		return $this->is_valid();
    198. 

  198. 	}
    199. 

  199. 

  200. 	public function save() {
    201. 

  201. 		if ( $this->contact_form->initial() ) {
    202. 

  202. 			return;
    203. 

  203. 		}
    204. 

  204. 

  205. 		delete_post_meta( $this->contact_form->id(), '_config_errors' );
    206. 

  206. 

  207. 		if ( $this->errors ) {
    208. 

  208. 			update_post_meta( $this->contact_form->id(), '_config_errors',
    209. 

  209. 				$this->errors );
    210. 

  210. 		}
    211. 

  211. 	}
    212. 

  212. 

  213. 	public function restore() {
    214. 

  214. 		$config_errors = get_post_meta(
    215. 

  215. 			$this->contact_form->id(), '_config_errors', true );
    216. 

  216. 

  217. 		foreach ( (array) $config_errors as $section => $errors ) {
    218. 

  218. 			if ( empty( $errors ) ) {
    219. 

  219. 				continue;
    220. 

  220. 			}
    221. 

  221. 

  222. 			if ( ! is_array( $errors ) ) { // for back-compat
    223. 

  223. 				$code = $errors;
    224. 

  224. 				$this->add_error( $section, $code );
    225. 

  225. 			} else {
    226. 

  226. 				foreach ( (array) $errors as $error ) {
    227. 

  227. 					if ( ! empty( $error['code'] ) ) {
    228. 

  228. 						$code = $error['code'];
    229. 

  229. 						$args = isset( $error['args'] ) ? $error['args'] : '';
    230. 

  230. 						$this->add_error( $section, $code, $args );
    231. 

  231. 					}
    232. 

  232. 				}
    233. 

  233. 			}
    234. 

  234. 		}
    235. 

  235. 	}
    236. 

  236. 

  237. 	public function replace_mail_tags_with_minimum_input( $matches ) {
    238. 

  238. 		// allow [[foo]] syntax for escaping a tag
    239. 

  239. 		if ( $matches[1] == '[' && $matches[4] == ']' ) {
    240. 

  240. 			return substr( $matches[0], 1, -1 );
    241. 

  241. 		}
    242. 

  242. 

  243. 		$tag = $matches[0];
    244. 

  244. 		$tagname = $matches[2];
    245. 

  245. 		$values = $matches[3];
    246. 

  246. 

  247. 		$mail_tag = new WPCF7_MailTag( $tag, $tagname, $values );
    248. 

  248. 		$field_name = $mail_tag->field_name();
    249. 

  249. 

  250. 		$example_email = 'example@example.com';
    251. 

  251. 		$example_text = 'example';
    252. 

  252. 		$example_blank = '';
    253. 

  253. 

  254. 		$form_tags = $this->contact_form->scan_form_tags(
    255. 

  255. 			array( 'name' => $field_name ) );
    256. 

  256. 

  257. 		if ( $form_tags ) {
    258. 

  258. 			$form_tag = new WPCF7_FormTag( $form_tags[0] );
    259. 

  259. 

  260. 			$is_required = ( $form_tag->is_required() || 'radio' == $form_tag->type );
    261. 

  261. 

  262. 			if ( ! $is_required ) {
    263. 

  263. 				return $example_blank;
    264. 

  264. 			}
    265. 

  265. 

  266. 			if ( wpcf7_form_tag_supports( $form_tag->type, 'selectable-values' ) ) {
    267. 

  267. 				if ( $form_tag->pipes instanceof WPCF7_Pipes ) {
    268. 

  268. 					if ( $mail_tag->get_option( 'do_not_heat' ) ) {
    269. 

  269. 						$before_pipes = $form_tag->pipes->collect_befores();
    270. 

  270. 						$last_item = array_pop( $before_pipes );
    271. 

  271. 					} else {
    272. 

  272. 						$after_pipes = $form_tag->pipes->collect_afters();
    273. 

  273. 						$last_item = array_pop( $after_pipes );
    274. 

  274. 					}
    275. 

  275. 				} else {
    276. 

  276. 					$last_item = array_pop( $form_tag->values );
    277. 

  277. 				}
    278. 

  278. 

  279. 				if ( $last_item and wpcf7_is_mailbox_list( $last_item ) ) {
    280. 

  280. 					return $example_email;
    281. 

  281. 				} else {
    282. 

  282. 					return $example_text;
    283. 

  283. 				}
    284. 

  284. 			}
    285. 

  285. 

  286. 			if ( 'email' == $form_tag->basetype ) {
    287. 

  287. 				return $example_email;
    288. 

  288. 			} else {
    289. 

  289. 				return $example_text;
    290. 

  290. 			}
    291. 

  291. 

  292. 		} else { // maybe special mail tag
    293. 

  293. 			// for back-compat
    294. 

  294. 			$field_name = preg_replace( '/^wpcf7\./', '_', $field_name );
    295. 

  295. 

  296. 			if ( '_site_admin_email' == $field_name ) {
    297. 

  297. 				return get_bloginfo( 'admin_email', 'raw' );
    298. 

  298. 

  299. 			} elseif ( '_user_agent' == $field_name ) {
    300. 

  300. 				return $example_text;
    301. 

  301. 

  302. 			} elseif ( '_user_email' == $field_name ) {
    303. 

  303. 				return $this->contact_form->is_true( 'subscribers_only' )
    304. 

  304. 					? $example_email
    305. 

  305. 					: $example_blank;
    306. 

  306. 

  307. 			} elseif ( '_user_' == substr( $field_name, 0, 6 ) ) {
    308. 

  308. 				return $this->contact_form->is_true( 'subscribers_only' )
    309. 

  309. 					? $example_text
    310. 

  310. 					: $example_blank;
    311. 

  311. 

  312. 			} elseif ( '_' == substr( $field_name, 0, 1 ) ) {
    313. 

  313. 				return '_email' == substr( $field_name, -6 )
    314. 

  314. 					? $example_email
    315. 

  315. 					: $example_text;
    316. 

  316. 

  317. 			}
    318. 

  318. 		}
    319. 

  319. 

  320. 		return $tag;
    321. 

  321. 	}
    322. 

  322. 

  323. 	public function validate_form() {
    324. 

  324. 		$section = 'form.body';
    325. 

  325. 		$form = $this->contact_form->prop( 'form' );
    326. 

  326. 		$this->detect_multiple_controls_in_label( $section, $form );
    327. 

  327. 		$this->detect_unavailable_names( $section, $form );
    328. 

  328. 		$this->detect_unavailable_html_elements( $section, $form );
    329. 

  329. 	}
    330. 

  330. 

  331. 	public function detect_multiple_controls_in_label( $section, $content ) {
    332. 

  332. 		$pattern = '%<label(?:[ \t\n]+.*?)?>(.+?)</label>%s';
    333. 

  333. 

  334. 		if ( preg_match_all( $pattern, $content, $matches ) ) {
    335. 

  335. 			$form_tags_manager = WPCF7_FormTagsManager::get_instance();
    336. 

  336. 

  337. 			foreach ( $matches[1] as $insidelabel ) {
    338. 

  338. 				$tags = $form_tags_manager->scan( $insidelabel );
    339. 

  339. 				$fields_count = 0;
    340. 

  340. 

  341. 				foreach ( $tags as $tag ) {
    342. 

  342. 					$is_multiple_controls_container = wpcf7_form_tag_supports(
    343. 

  343. 						$tag->type, 'multiple-controls-container' );
    344. 

  344. 					$is_zero_controls_container = wpcf7_form_tag_supports(
    345. 

  345. 						$tag->type, 'zero-controls-container' );
    346. 

  346. 

  347. 					if ( $is_multiple_controls_container ) {
    348. 

  348. 						$fields_count += count( $tag->values );
    349. 

  349. 

  350. 						if ( $tag->has_option( 'free_text' ) ) {
    351. 

  351. 							$fields_count += 1;
    352. 

  352. 						}
    353. 

  353. 					} elseif ( $is_zero_controls_container ) {
    354. 

  354. 						$fields_count += 0;
    355. 

  355. 					} elseif ( ! empty( $tag->name ) ) {
    356. 

  356. 						$fields_count += 1;
    357. 

  357. 					}
    358. 

  358. 

  359. 					if ( 1 < $fields_count ) {
    360. 

  360. 						return $this->add_error( $section,
    361. 

  361. 							self::error_multiple_controls_in_label, array(
    362. 

  362. 								'link' => self::get_doc_link( 'multiple_controls_in_label' ),
    363. 

  363. 							)
    364. 

  364. 						);
    365. 

  365. 					}
    366. 

  366. 				}
    367. 

  367. 			}
    368. 

  368. 		}
    369. 

  369. 

  370. 		return false;
    371. 

  371. 	}
    372. 

  372. 

  373. 	public function detect_unavailable_names( $section, $content ) {
    374. 

  374. 		$public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat',
    375. 

  375. 			'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence',
    376. 

  376. 			'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order',
    377. 

  377. 			'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second',
    378. 

  378. 			'name', 'category_name', 'tag', 'feed', 'author_name', 'static',
    379. 

  379. 			'pagename', 'page_id', 'error', 'attachment', 'attachment_id',
    380. 

  380. 			'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term',
    381. 

  381. 			'cpage', 'post_type', 'embed' );
    382. 

  382. 

  383. 		$form_tags_manager = WPCF7_FormTagsManager::get_instance();
    384. 

  384. 		$ng_named_tags = $form_tags_manager->filter( $content,
    385. 

  385. 			array( 'name' => $public_query_vars ) );
    386. 

  386. 

  387. 		$ng_names = array();
    388. 

  388. 

  389. 		foreach ( $ng_named_tags as $tag ) {
    390. 

  390. 			$ng_names[] = sprintf( '"%s"', $tag->name );
    391. 

  391. 		}
    392. 

  392. 

  393. 		if ( $ng_names ) {
    394. 

  394. 			$ng_names = array_unique( $ng_names );
    395. 

  395. 

  396. 			return $this->add_error( $section,
    397. 

  397. 				self::error_unavailable_names,
    398. 

  398. 				array(
    399. 

  399. 					'message' =>
    400. 

  400. 						/* translators: %names%: a list of form control names */
    401. 

  401. 						__( "Unavailable names (%names%) are used for form controls.", 'contact-form-7' ),
    402. 

  402. 					'params' => array( 'names' => implode( ', ', $ng_names ) ),
    403. 

  403. 					'link' => self::get_doc_link( 'unavailable_names' ),
    404. 

  404. 				)
    405. 

  405. 			);
    406. 

  406. 		}
    407. 

  407. 

  408. 		return false;
    409. 

  409. 	}
    410. 

  410. 

  411. 	public function detect_unavailable_html_elements( $section, $content ) {
    412. 

  412. 		$pattern = '%(?:<form[\s\t>]|</form>)%i';
    413. 

  413. 

  414. 		if ( preg_match( $pattern, $content ) ) {
    415. 

  415. 			return $this->add_error( $section,
    416. 

  416. 				self::error_unavailable_html_elements,
    417. 

  417. 				array(
    418. 

  418. 					'message' => __( "Unavailable HTML elements are used in the form template.", 'contact-form-7' ),
    419. 

  419. 					'link' => self::get_doc_link( 'unavailable_html_elements' ),
    420. 

  420. 				)
    421. 

  421. 			);
    422. 

  422. 		}
    423. 

  423. 

  424. 		return false;
    425. 

  425. 	}
    426. 

  426. 

  427. 	public function validate_mail( $template = 'mail' ) {
    428. 

  428. 		$components = (array) $this->contact_form->prop( $template );
    429. 

  429. 

  430. 		if ( ! $components ) {
    431. 

  431. 			return;
    432. 

  432. 		}
    433. 

  433. 

  434. 		if ( 'mail' != $template
    435. 

  435. 		and empty( $components['active'] ) ) {
    436. 

  436. 			return;
    437. 

  437. 		}
    438. 

  438. 

  439. 		$components = wp_parse_args( $components, array(
    440. 

  440. 			'subject' => '',
    441. 

  441. 			'sender' => '',
    442. 

  442. 			'recipient' => '',
    443. 

  443. 			'additional_headers' => '',
    444. 

  444. 			'body' => '',
    445. 

  445. 			'attachments' => '',
    446. 

  446. 		) );
    447. 

  447. 

  448. 		$callback = array( $this, 'replace_mail_tags_with_minimum_input' );
    449. 

  449. 

  450. 		$subject = $components['subject'];
    451. 

  451. 		$subject = new WPCF7_MailTaggedText( $subject,
    452. 

  452. 			array( 'callback' => $callback ) );
    453. 

  453. 		$subject = $subject->replace_tags();
    454. 

  454. 		$subject = wpcf7_strip_newline( $subject );
    455. 

  455. 		$this->detect_maybe_empty( sprintf( '%s.subject', $template ), $subject );
    456. 

  456. 

  457. 		$sender = $components['sender'];
    458. 

  458. 		$sender = new WPCF7_MailTaggedText( $sender,
    459. 

  459. 			array( 'callback' => $callback ) );
    460. 

  460. 		$sender = $sender->replace_tags();
    461. 

  461. 		$sender = wpcf7_strip_newline( $sender );
    462. 

  462. 

  463. 		if ( ! $this->detect_invalid_mailbox_syntax( sprintf( '%s.sender', $template ), $sender )
    464. 

  464. 		and ! wpcf7_is_email_in_site_domain( $sender ) ) {
    465. 

  465. 			$this->add_error( sprintf( '%s.sender', $template ),
    466. 

  466. 				self::error_email_not_in_site_domain, array(
    467. 

  467. 					'link' => self::get_doc_link( 'email_not_in_site_domain' ),
    468. 

  468. 				)
    469. 

  469. 			);
    470. 

  470. 		}
    471. 

  471. 

  472. 		$recipient = $components['recipient'];
    473. 

  473. 		$recipient = new WPCF7_MailTaggedText( $recipient,
    474. 

  474. 			array( 'callback' => $callback ) );
    475. 

  475. 		$recipient = $recipient->replace_tags();
    476. 

  476. 		$recipient = wpcf7_strip_newline( $recipient );
    477. 

  477. 

  478. 		$this->detect_invalid_mailbox_syntax(
    479. 

  479. 			sprintf( '%s.recipient', $template ), $recipient );
    480. 

  480. 

  481. 		$additional_headers = $components['additional_headers'];
    482. 

  482. 		$additional_headers = new WPCF7_MailTaggedText( $additional_headers,
    483. 

  483. 			array( 'callback' => $callback ) );
    484. 

  484. 		$additional_headers = $additional_headers->replace_tags();
    485. 

  485. 		$additional_headers = explode( "\n", $additional_headers );
    486. 

  486. 		$mailbox_header_types = array( 'reply-to', 'cc', 'bcc' );
    487. 

  487. 		$invalid_mail_header_exists = false;
    488. 

  488. 

  489. 		foreach ( $additional_headers as $header ) {
    490. 

  490. 			$header = trim( $header );
    491. 

  491. 

  492. 			if ( '' === $header ) {
    493. 

  493. 				continue;
    494. 

  494. 			}
    495. 

  495. 

  496. 			if ( ! preg_match( '/^([0-9A-Za-z-]+):(.*)$/', $header, $matches ) ) {
    497. 

  497. 				$invalid_mail_header_exists = true;
    498. 

  498. 			} else {
    499. 

  499. 				$header_name = $matches[1];
    500. 

  500. 				$header_value = trim( $matches[2] );
    501. 

  501. 

  502. 				if ( in_array( strtolower( $header_name ), $mailbox_header_types ) ) {
    503. 

  503. 					$this->detect_invalid_mailbox_syntax(
    504. 

  504. 						sprintf( '%s.additional_headers', $template ),
    505. 

  505. 						$header_value, array(
    506. 

  506. 							'message' =>
    507. 

  507. 								__( "Invalid mailbox syntax is used in the %name% field.", 'contact-form-7' ),
    508. 

  508. 							'params' => array( 'name' => $header_name ) ) );
    509. 

  509. 				} elseif ( empty( $header_value ) ) {
    510. 

  510. 					$invalid_mail_header_exists = true;
    511. 

  511. 				}
    512. 

  512. 			}
    513. 

  513. 		}
    514. 

  514. 

  515. 		if ( $invalid_mail_header_exists ) {
    516. 

  516. 			$this->add_error( sprintf( '%s.additional_headers', $template ),
    517. 

  517. 				self::error_invalid_mail_header, array(
    518. 

  518. 					'link' => self::get_doc_link( 'invalid_mail_header' ),
    519. 

  519. 				)
    520. 

  520. 			);
    521. 

  521. 		}
    522. 

  522. 

  523. 		$body = $components['body'];
    524. 

  524. 		$body = new WPCF7_MailTaggedText( $body,
    525. 

  525. 			array( 'callback' => $callback ) );
    526. 

  526. 		$body = $body->replace_tags();
    527. 

  527. 		$this->detect_maybe_empty( sprintf( '%s.body', $template ), $body );
    528. 

  528. 

  529. 		if ( '' !== $components['attachments'] ) {
    530. 

  530. 			$attachables = array();
    531. 

  531. 

  532. 			$tags = $this->contact_form->scan_form_tags(
    533. 

  533. 				array( 'type' => array( 'file', 'file*' ) )
    534. 

  534. 			);
    535. 

  535. 

  536. 			foreach ( $tags as $tag ) {
    537. 

  537. 				$name = $tag->name;
    538. 

  538. 

  539. 				if ( false === strpos( $components['attachments'], "[{$name}]" ) ) {
    540. 

  540. 					continue;
    541. 

  541. 				}
    542. 

  542. 

  543. 				$limit = (int) $tag->get_limit_option();
    544. 

  544. 

  545. 				if ( empty( $attachables[$name] )
    546. 

  546. 				or $attachables[$name] < $limit ) {
    547. 

  547. 					$attachables[$name] = $limit;
    548. 

  548. 				}
    549. 

  549. 			}
    550. 

  550. 

  551. 			$total_size = array_sum( $attachables );
    552. 

  552. 

  553. 			$has_file_not_found = false;
    554. 

  554. 			$has_file_not_in_content_dir = false;
    555. 

  555. 

  556. 			foreach ( explode( "\n", $components['attachments'] ) as $line ) {
    557. 

  557. 				$line = trim( $line );
    558. 

  558. 

  559. 				if ( '' === $line
    560. 

  560. 				or '[' == substr( $line, 0, 1 ) ) {
    561. 

  561. 					continue;
    562. 

  562. 				}
    563. 

  563. 

  564. 				$has_file_not_found = $this->detect_file_not_found(
    565. 

  565. 					sprintf( '%s.attachments', $template ), $line
    566. 

  566. 				);
    567. 

  567. 

  568. 				if ( ! $has_file_not_found
    569. 

  569. 				and ! $has_file_not_in_content_dir ) {
    570. 

  570. 					$has_file_not_in_content_dir = $this->detect_file_not_in_content_dir(
    571. 

  571. 						sprintf( '%s.attachments', $template ), $line
    572. 

  572. 					);
    573. 

  573. 				}
    574. 

  574. 

  575. 				if ( ! $has_file_not_found ) {
    576. 

  576. 					$path = path_join( WP_CONTENT_DIR, $line );
    577. 

  577. 					$total_size += (int) @filesize( $path );
    578. 

  578. 				}
    579. 

  579. 			}
    580. 

  580. 

  581. 			$max = 25 * 1024 * 1024; // 25 MB
    582. 

  582. 

  583. 			if ( $max < $total_size ) {
    584. 

  584. 				$this->add_error( sprintf( '%s.attachments', $template ),
    585. 

  585. 					self::error_attachments_overweight,
    586. 

  586. 					array(
    587. 

  587. 						'message' => __( "The total size of attachment files is too large.", 'contact-form-7' ),
    588. 

  588. 						'link' => self::get_doc_link( 'attachments_overweight' ),
    589. 

  589. 					)
    590. 

  590. 				);
    591. 

  591. 			}
    592. 

  592. 		}
    593. 

  593. 	}
    594. 

  594. 

  595. 	public function detect_invalid_mailbox_syntax( $section, $content, $args = '' ) {
    596. 

  596. 		$args = wp_parse_args( $args, array(
    597. 

  597. 			'link' => self::get_doc_link( 'invalid_mailbox_syntax' ),
    598. 

  598. 			'message' => '',
    599. 

  599. 			'params' => array(),
    600. 

  600. 		) );
    601. 

  601. 

  602. 		if ( ! wpcf7_is_mailbox_list( $content ) ) {
    603. 

  603. 			return $this->add_error( $section,
    604. 

  604. 				self::error_invalid_mailbox_syntax, $args );
    605. 

  605. 		}
    606. 

  606. 

  607. 		return false;
    608. 

  608. 	}
    609. 

  609. 

  610. 	public function detect_maybe_empty( $section, $content ) {
    611. 

  611. 		if ( '' === $content ) {
    612. 

  612. 			return $this->add_error( $section,
    613. 

  613. 				self::error_maybe_empty, array(
    614. 

  614. 					'link' => self::get_doc_link( 'maybe_empty' ),
    615. 

  615. 				)
    616. 

  616. 			);
    617. 

  617. 		}
    618. 

  618. 

  619. 		return false;
    620. 

  620. 	}
    621. 

  621. 

  622. 	public function detect_file_not_found( $section, $content ) {
    623. 

  623. 		$path = path_join( WP_CONTENT_DIR, $content );
    624. 

  624. 

  625. 		if ( ! is_readable( $path )
    626. 

  626. 		or ! is_file( $path ) ) {
    627. 

  627. 			return $this->add_error( $section,
    628. 

  628. 				self::error_file_not_found,
    629. 

  629. 				array(
    630. 

  630. 					'message' =>
    631. 

  631. 						__( "Attachment file does not exist at %path%.", 'contact-form-7' ),
    632. 

  632. 					'params' => array( 'path' => $content ),
    633. 

  633. 					'link' => self::get_doc_link( 'file_not_found' ),
    634. 

  634. 				)
    635. 

  635. 			);
    636. 

  636. 		}
    637. 

  637. 

  638. 		return false;
    639. 

  639. 	}
    640. 

  640. 

  641. 	public function detect_file_not_in_content_dir( $section, $content ) {
    642. 

  642. 		$path = path_join( WP_CONTENT_DIR, $content );
    643. 

  643. 

  644. 		if ( ! wpcf7_is_file_path_in_content_dir( $path ) ) {
    645. 

  645. 			return $this->add_error( $section,
    646. 

  646. 				self::error_file_not_in_content_dir,
    647. 

  647. 				array(
    648. 

  648. 					'message' =>
    649. 

  649. 						__( "It is not allowed to use files outside the wp-content directory.", 'contact-form-7' ),
    650. 

  650. 					'link' => self::get_doc_link( 'file_not_in_content_dir' ),
    651. 

  651. 				)
    652. 

  652. 			);
    653. 

  653. 		}
    654. 

  654. 

  655. 		return false;
    656. 

  656. 	}
    657. 

  657. 

  658. 	public function validate_messages() {
    659. 

  659. 		$messages = (array) $this->contact_form->prop( 'messages' );
    660. 

  660. 

  661. 		if ( ! $messages ) {
    662. 

  662. 			return;
    663. 

  663. 		}
    664. 

  664. 

  665. 		if ( isset( $messages['captcha_not_match'] )
    666. 

  666. 		and ! wpcf7_use_really_simple_captcha() ) {
    667. 

  667. 			unset( $messages['captcha_not_match'] );
    668. 

  668. 		}
    669. 

  669. 

  670. 		foreach ( $messages as $key => $message ) {
    671. 

  671. 			$section = sprintf( 'messages.%s', $key );
    672. 

  672. 			$this->detect_html_in_message( $section, $message );
    673. 

  673. 		}
    674. 

  674. 	}
    675. 

  675. 

  676. 	public function detect_html_in_message( $section, $content ) {
    677. 

  677. 		$stripped = wp_strip_all_tags( $content );
    678. 

  678. 

  679. 		if ( $stripped != $content ) {
    680. 

  680. 			return $this->add_error( $section,
    681. 

  681. 				self::error_html_in_message,
    682. 

  682. 				array(
    683. 

  683. 					'link' => self::get_doc_link( 'html_in_message' ),
    684. 

  684. 				)
    685. 

  685. 			);
    686. 

  686. 		}
    687. 

  687. 

  688. 		return false;
    689. 

  689. 	}
    690. 

  690. 

  691. 	public function validate_additional_settings() {
    692. 

  692. 		$deprecated_settings_used =
    693. 

  693. 			$this->contact_form->additional_setting( 'on_sent_ok' ) ||
    694. 

  694. 			$this->contact_form->additional_setting( 'on_submit' );
    695. 

  695. 

  696. 		if ( $deprecated_settings_used ) {
    697. 

  697. 			return $this->add_error( 'additional_settings.body',
    698. 

  698. 				self::error_deprecated_settings,
    699. 

  699. 				array(
    700. 

  700. 					'link' => self::get_doc_link( 'deprecated_settings' ),
    701. 

  701. 				)
    702. 

  702. 			);
    703. 

  703. 		}
    704. 

  704. 	}
    705. 

  705. 

  706. }
    707.