submission.php — Contact Form 7 4.9.1

contact-form-7 / includes / submission.php

contact-form-7 / includes Last commit date

css 9 years ago js 8 years ago capabilities.php 8 years ago config-validator.php 8 years ago contact-form-functions.php 9 years ago contact-form-template.php 8 years ago contact-form.php 8 years ago controller.php 8 years ago form-tag.php 9 years ago form-tags-manager.php 8 years ago formatting.php 8 years ago functions.php 8 years ago integration.php 9 years ago l10n.php 9 years ago mail.php 8 years ago pipe.php 9 years ago rest-api.php 8 years ago shortcodes.php 9 years ago submission.php 8 years ago upgrade.php 9 years ago validation.php 9 years ago

submission.php

343 lines

1	<?php
2
3	class WPCF7_Submission {
4
5	private static $instance;
6
7	private $contact_form;
8	private $status = 'init';
9	private $posted_data = array();
10	private $uploaded_files = array();
11	private $skip_mail = false;
12	private $response = '';
13	private $invalid_fields = array();
14	private $meta = array();
15
16	private function __construct() {}
17
18	public static function get_instance( WPCF7_ContactForm $contact_form = null, $args = '' ) {
19	$args = wp_parse_args( $args, array(
20	'skip_mail' => false,
21	) );
22
23	if ( empty( self::$instance ) ) {
24	if ( null == $contact_form ) {
25	return null;
26	}
27
28	self::$instance = new self;
29	self::$instance->contact_form = $contact_form;
30	self::$instance->skip_mail = (bool) $args['skip_mail'];
31	self::$instance->setup_posted_data();
32	self::$instance->submit();
33	} elseif ( null != $contact_form ) {
34	return null;
35	}
36
37	return self::$instance;
38	}
39
40	public static function is_restful() {
41	return defined( 'REST_REQUEST' ) && REST_REQUEST;
42	}
43
44	public function get_status() {
45	return $this->status;
46	}
47
48	public function is( $status ) {
49	return $this->status == $status;
50	}
51
52	public function get_response() {
53	return $this->response;
54	}
55
56	public function get_invalid_field( $name ) {
57	if ( isset( $this->invalid_fields[$name] ) ) {
58	return $this->invalid_fields[$name];
59	} else {
60	return false;
61	}
62	}
63
64	public function get_invalid_fields() {
65	return $this->invalid_fields;
66	}
67
68	public function get_posted_data( $name = '' ) {
69	if ( ! empty( $name ) ) {
70	if ( isset( $this->posted_data[$name] ) ) {
71	return $this->posted_data[$name];
72	} else {
73	return null;
74	}
75	}
76
77	return $this->posted_data;
78	}
79
80	private function setup_posted_data() {
81	$posted_data = (array) $_POST;
82	$posted_data = array_diff_key( $posted_data, array( '_wpnonce' => '' ) );
83	$posted_data = $this->sanitize_posted_data( $posted_data );
84
85	$tags = $this->contact_form->scan_form_tags();
86
87	foreach ( (array) $tags as $tag ) {
88	if ( empty( $tag['name'] ) ) {
89	continue;
90	}
91
92	$name = $tag['name'];
93	$value = '';
94
95	if ( isset( $posted_data[$name] ) ) {
96	$value = $posted_data[$name];
97	}
98
99	$pipes = $tag['pipes'];
100
101	if ( WPCF7_USE_PIPE
102	&& $pipes instanceof WPCF7_Pipes
103	&& ! $pipes->zero() ) {
104	if ( is_array( $value) ) {
105	$new_value = array();
106
107	foreach ( $value as $v ) {
108	$new_value[] = $pipes->do_pipe( wp_unslash( $v ) );
109	}
110
111	$value = $new_value;
112	} else {
113	$value = $pipes->do_pipe( wp_unslash( $value ) );
114	}
115	}
116
117	$posted_data[$name] = $value;
118	}
119
120	$this->posted_data = apply_filters( 'wpcf7_posted_data', $posted_data );
121
122	return $this->posted_data;
123	}
124
125	private function sanitize_posted_data( $value ) {
126	if ( is_array( $value ) ) {
127	$value = array_map( array( $this, 'sanitize_posted_data' ), $value );
128	} elseif ( is_string( $value ) ) {
129	$value = wp_check_invalid_utf8( $value );
130	$value = wp_kses_no_null( $value );
131	}
132
133	return $value;
134	}
135
136	private function submit() {
137	if ( ! $this->is( 'init' ) ) {
138	return $this->status;
139	}
140
141	$this->meta = array(
142	'remote_ip' => $this->get_remote_ip_addr(),
143	'user_agent' => isset( $_SERVER['HTTP_USER_AGENT'] )
144	? substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 ) : '',
145	'url' => $this->get_request_url(),
146	'timestamp' => current_time( 'timestamp' ),
147	'unit_tag' =>
148	isset( $_POST['_wpcf7_unit_tag'] ) ? $_POST['_wpcf7_unit_tag'] : '',
149	'container_post_id' => isset( $_POST['_wpcf7_container_post'] )
150	? (int) $_POST['_wpcf7_container_post'] : 0,
151	);
152
153	$contact_form = $this->contact_form;
154
155	if ( ! $this->validate() ) { // Validation error occured
156	$this->status = 'validation_failed';
157	$this->response = $contact_form->message( 'validation_error' );
158
159	} elseif ( ! $this->accepted() ) { // Not accepted terms
160	$this->status = 'acceptance_missing';
161	$this->response = $contact_form->message( 'accept_terms' );
162
163	} elseif ( $this->spam() ) { // Spam!
164	$this->status = 'spam';
165	$this->response = $contact_form->message( 'spam' );
166
167	} elseif ( $this->mail() ) {
168	$this->status = 'mail_sent';
169	$this->response = $contact_form->message( 'mail_sent_ok' );
170
171	do_action( 'wpcf7_mail_sent', $contact_form );
172
173	} else {
174	$this->status = 'mail_failed';
175	$this->response = $contact_form->message( 'mail_sent_ng' );
176
177	do_action( 'wpcf7_mail_failed', $contact_form );
178	}
179
180	$this->remove_uploaded_files();
181
182	return $this->status;
183	}
184
185	private function get_remote_ip_addr() {
186	$ip_addr = '';
187
188	if ( isset( $_SERVER['REMOTE_ADDR'] )
189	&& WP_Http::is_ip_address( $_SERVER['REMOTE_ADDR'] ) ) {
190	$ip_addr = $_SERVER['REMOTE_ADDR'];
191	}
192
193	return apply_filters( 'wpcf7_remote_ip_addr', $ip_addr );
194	}
195
196	private function get_request_url() {
197	$home_url = untrailingslashit( home_url() );
198
199	if ( self::is_restful() ) {
200	$referer = isset( $_SERVER['HTTP_REFERER'] )
201	? trim( $_SERVER['HTTP_REFERER'] ) : '';
202
203	if ( $referer && 0 === strpos( $referer, $home_url ) ) {
204	return esc_url_raw( $referer );
205	}
206	}
207
208	$url = preg_replace( '%(?<!:\|/)/.*$%', '', $home_url )
209	. wpcf7_get_request_uri();
210
211	return $url;
212	}
213
214	private function validate() {
215	if ( $this->invalid_fields ) {
216	return false;
217	}
218
219	require_once WPCF7_PLUGIN_DIR . '/includes/validation.php';
220	$result = new WPCF7_Validation();
221
222	$tags = $this->contact_form->scan_form_tags();
223
224	foreach ( $tags as $tag ) {
225	$type = $tag['type'];
226	$result = apply_filters( "wpcf7_validate_{$type}", $result, $tag );
227	}
228
229	$result = apply_filters( 'wpcf7_validate', $result, $tags );
230
231	$this->invalid_fields = $result->get_invalid_fields();
232
233	return $result->is_valid();
234	}
235
236	private function accepted() {
237	return apply_filters( 'wpcf7_acceptance', true );
238	}
239
240	private function spam() {
241	$spam = false;
242
243	if ( $this->contact_form->is_true( 'subscribers_only' )
244	&& current_user_can( 'wpcf7_submit', $this->contact_form->id() ) ) {
245	return $spam;
246	}
247
248	$user_agent = (string) $this->get_meta( 'user_agent' );
249
250	if ( strlen( $user_agent ) < 2 ) {
251	$spam = true;
252	}
253
254	if ( ! $this->verify_nonce() ) {
255	$spam = true;
256	}
257
258	if ( $this->is_blacklisted() ) {
259	$spam = true;
260	}
261
262	return apply_filters( 'wpcf7_spam', $spam );
263	}
264
265	private function verify_nonce() {
266	if ( ! $this->contact_form->nonce_is_active() ) {
267	return true;
268	}
269
270	return wpcf7_verify_nonce( $_POST['_wpnonce'] );
271	}
272
273	private function is_blacklisted() {
274	$target = wpcf7_array_flatten( $this->posted_data );
275	$target[] = $this->get_meta( 'remote_ip' );
276	$target[] = $this->get_meta( 'user_agent' );
277	$target = implode( "\n", $target );
278
279	return (bool) apply_filters( 'wpcf7_submission_is_blacklisted',
280	wpcf7_blacklist_check( $target ), $this );
281	}
282
283	/* Mail */
284
285	private function mail() {
286	$contact_form = $this->contact_form;
287
288	do_action( 'wpcf7_before_send_mail', $contact_form );
289
290	$skip_mail = apply_filters( 'wpcf7_skip_mail', $this->skip_mail, $contact_form );
291
292	if ( $skip_mail ) {
293	return true;
294	}
295
296	$result = WPCF7_Mail::send( $contact_form->prop( 'mail' ), 'mail' );
297
298	if ( $result ) {
299	$additional_mail = array();
300
301	if ( ( $mail_2 = $contact_form->prop( 'mail_2' ) ) && $mail_2['active'] ) {
302	$additional_mail['mail_2'] = $mail_2;
303	}
304
305	$additional_mail = apply_filters( 'wpcf7_additional_mail',
306	$additional_mail, $contact_form );
307
308	foreach ( $additional_mail as $name => $template ) {
309	WPCF7_Mail::send( $template, $name );
310	}
311
312	return true;
313	}
314
315	return false;
316	}
317
318	public function uploaded_files() {
319	return $this->uploaded_files;
320	}
321
322	public function add_uploaded_file( $name, $file_path ) {
323	$this->uploaded_files[$name] = $file_path;
324
325	if ( empty( $this->posted_data[$name] ) ) {
326	$this->posted_data[$name] = basename( $file_path );
327	}
328	}
329
330	public function remove_uploaded_files() {
331	foreach ( (array) $this->uploaded_files as $name => $path ) {
332	wpcf7_rmdir_p( $path );
333	@rmdir( dirname( $path ) ); // remove parent dir if it's removable (empty).
334	}
335	}
336
337	public function get_meta( $name ) {
338	if ( isset( $this->meta[$name] ) ) {
339	return $this->meta[$name];
340	}
341	}
342	}
343