config-validator.php — Contact Form 7 5.2.2

contact-form-7 / includes / config-validator.php

contact-form-7 / includes Last commit date

css 5 years ago js 5 years ago capabilities.php 7 years ago config-validator.php 5 years ago contact-form-functions.php 5 years ago contact-form-template.php 6 years ago contact-form.php 5 years ago controller.php 7 years ago form-tag.php 5 years ago form-tags-manager.php 6 years ago formatting.php 5 years ago functions.php 5 years ago integration.php 7 years ago l10n.php 7 years ago mail.php 5 years ago pipe.php 5 years ago rest-api.php 5 years ago shortcodes.php 9 years ago special-mail-tags.php 5 years ago submission.php 5 years ago upgrade.php 7 years ago validation.php 7 years ago

config-validator.php

707 lines

1	<?php
2
3	class WPCF7_ConfigValidator {
4
5	const error = 100;
6	const error_maybe_empty = 101;
7	const error_invalid_mailbox_syntax = 102;
8	const error_email_not_in_site_domain = 103;
9	const error_html_in_message = 104;
10	const error_multiple_controls_in_label = 105;
11	const error_file_not_found = 106;
12	const error_unavailable_names = 107;
13	const error_invalid_mail_header = 108;
14	const error_deprecated_settings = 109;
15	const error_file_not_in_content_dir = 110;
16	const error_unavailable_html_elements = 111;
17	const error_attachments_overweight = 112;
18
19	public static function get_doc_link( $error_code = '' ) {
20	$url = __( 'https://contactform7.com/configuration-errors/',
21	'contact-form-7' );
22
23	if ( '' !== $error_code ) {
24	$error_code = strtr( $error_code, '_', '-' );
25
26	$url = sprintf( '%s/%s', untrailingslashit( $url ), $error_code );
27	}
28
29	return esc_url( $url );
30	}
31
32	private $contact_form;
33	private $errors = array();
34
35	public function __construct( WPCF7_ContactForm $contact_form ) {
36	$this->contact_form = $contact_form;
37	}
38
39	public function contact_form() {
40	return $this->contact_form;
41	}
42
43	public function is_valid() {
44	return ! $this->count_errors();
45	}
46
47	public function count_errors( $args = '' ) {
48	$args = wp_parse_args( $args, array(
49	'section' => '',
50	'code' => '',
51	) );
52
53	$count = 0;
54
55	foreach ( $this->errors as $key => $errors ) {
56	if ( preg_match( '/^mail_[0-9]+\.(.*)$/', $key, $matches ) ) {
57	$key = sprintf( 'mail.%s', $matches[1] );
58	}
59
60	if ( $args['section']
61	and $key != $args['section']
62	and preg_replace( '/\..*$/', '', $key, 1 ) != $args['section'] ) {
63	continue;
64	}
65
66	foreach ( $errors as $error ) {
67	if ( empty( $error ) ) {
68	continue;
69	}
70
71	if ( $args['code'] and $error['code'] != $args['code'] ) {
72	continue;
73	}
74
75	$count += 1;
76	}
77	}
78
79	return $count;
80	}
81
82	public function collect_error_messages() {
83	$error_messages = array();
84
85	foreach ( $this->errors as $section => $errors ) {
86	$error_messages[$section] = array();
87
88	foreach ( $errors as $error ) {
89	if ( empty( $error['args']['message'] ) ) {
90	$message = $this->get_default_message( $error['code'] );
91	} elseif ( empty( $error['args']['params'] ) ) {
92	$message = $error['args']['message'];
93	} else {
94	$message = $this->build_message(
95	$error['args']['message'],
96	$error['args']['params'] );
97	}
98
99	$link = '';
100
101	if ( ! empty( $error['args']['link'] ) ) {
102	$link = $error['args']['link'];
103	}
104
105	$error_messages[$section][] = array(
106	'message' => $message,
107	'link' => esc_url( $link ),
108	);
109	}
110	}
111
112	return $error_messages;
113	}
114
115	public function build_message( $message, $params = '' ) {
116	$params = wp_parse_args( $params, array() );
117
118	foreach ( $params as $key => $val ) {
119	if ( ! preg_match( '/^[0-9A-Za-z_]+$/', $key ) ) { // invalid key
120	continue;
121	}
122
123	$placeholder = '%' . $key . '%';
124
125	if ( false !== stripos( $message, $placeholder ) ) {
126	$message = str_ireplace( $placeholder, $val, $message );
127	}
128	}
129
130	return $message;
131	}
132
133	public function get_default_message( $code ) {
134	switch ( $code ) {
135	case self::error_maybe_empty:
136	return __( "There is a possible empty field.", 'contact-form-7' );
137	case self::error_invalid_mailbox_syntax:
138	return __( "Invalid mailbox syntax is used.", 'contact-form-7' );
139	case self::error_email_not_in_site_domain:
140	return __( "Sender email address does not belong to the site domain.", 'contact-form-7' );
141	case self::error_html_in_message:
142	return __( "HTML tags are used in a message.", 'contact-form-7' );
143	case self::error_multiple_controls_in_label:
144	return __( "Multiple form controls are in a single label element.", 'contact-form-7' );
145	case self::error_invalid_mail_header:
146	return __( "There are invalid mail header fields.", 'contact-form-7' );
147	case self::error_deprecated_settings:
148	return __( "Deprecated settings are used.", 'contact-form-7' );
149	default:
150	return '';
151	}
152	}
153
154	public function add_error( $section, $code, $args = '' ) {
155	$args = wp_parse_args( $args, array(
156	'message' => '',
157	'params' => array(),
158	) );
159
160	if ( ! isset( $this->errors[$section] ) ) {
161	$this->errors[$section] = array();
162	}
163
164	$this->errors[$section][] = array( 'code' => $code, 'args' => $args );
165
166	return true;
167	}
168
169	public function remove_error( $section, $code ) {
170	if ( empty( $this->errors[$section] ) ) {
171	return;
172	}
173
174	foreach ( (array) $this->errors[$section] as $key => $error ) {
175	if ( isset( $error['code'] )
176	and $error['code'] == $code ) {
177	unset( $this->errors[$section][$key] );
178	}
179	}
180
181	if ( empty( $this->errors[$section] ) ) {
182	unset( $this->errors[$section] );
183	}
184	}
185
186	public function validate() {
187	$this->errors = array();
188
189	$this->validate_form();
190	$this->validate_mail( 'mail' );
191	$this->validate_mail( 'mail_2' );
192	$this->validate_messages();
193	$this->validate_additional_settings();
194
195	do_action( 'wpcf7_config_validator_validate', $this );
196
197	return $this->is_valid();
198	}
199
200	public function save() {
201	if ( $this->contact_form->initial() ) {
202	return;
203	}
204
205	delete_post_meta( $this->contact_form->id(), '_config_errors' );
206
207	if ( $this->errors ) {
208	update_post_meta( $this->contact_form->id(), '_config_errors',
209	$this->errors );
210	}
211	}
212
213	public function restore() {
214	$config_errors = get_post_meta(
215	$this->contact_form->id(), '_config_errors', true );
216
217	foreach ( (array) $config_errors as $section => $errors ) {
218	if ( empty( $errors ) ) {
219	continue;
220	}
221
222	if ( ! is_array( $errors ) ) { // for back-compat
223	$code = $errors;
224	$this->add_error( $section, $code );
225	} else {
226	foreach ( (array) $errors as $error ) {
227	if ( ! empty( $error['code'] ) ) {
228	$code = $error['code'];
229	$args = isset( $error['args'] ) ? $error['args'] : '';
230	$this->add_error( $section, $code, $args );
231	}
232	}
233	}
234	}
235	}
236
237	public function replace_mail_tags_with_minimum_input( $matches ) {
238	// allow [[foo]] syntax for escaping a tag
239	if ( $matches[1] == '[' && $matches[4] == ']' ) {
240	return substr( $matches[0], 1, -1 );
241	}
242
243	$tag = $matches[0];
244	$tagname = $matches[2];
245	$values = $matches[3];
246
247	$mail_tag = new WPCF7_MailTag( $tag, $tagname, $values );
248	$field_name = $mail_tag->field_name();
249
250	$example_email = 'example@example.com';
251	$example_text = 'example';
252	$example_blank = '';
253
254	$form_tags = $this->contact_form->scan_form_tags(
255	array( 'name' => $field_name ) );
256
257	if ( $form_tags ) {
258	$form_tag = new WPCF7_FormTag( $form_tags[0] );
259
260	$is_required = ( $form_tag->is_required() \|\| 'radio' == $form_tag->type );
261
262	if ( ! $is_required ) {
263	return $example_blank;
264	}
265
266	if ( wpcf7_form_tag_supports( $form_tag->type, 'selectable-values' ) ) {
267	if ( $form_tag->pipes instanceof WPCF7_Pipes ) {
268	if ( $mail_tag->get_option( 'do_not_heat' ) ) {
269	$before_pipes = $form_tag->pipes->collect_befores();
270	$last_item = array_pop( $before_pipes );
271	} else {
272	$after_pipes = $form_tag->pipes->collect_afters();
273	$last_item = array_pop( $after_pipes );
274	}
275	} else {
276	$last_item = array_pop( $form_tag->values );
277	}
278
279	if ( $last_item and wpcf7_is_mailbox_list( $last_item ) ) {
280	return $example_email;
281	} else {
282	return $example_text;
283	}
284	}
285
286	if ( 'email' == $form_tag->basetype ) {
287	return $example_email;
288	} else {
289	return $example_text;
290	}
291
292	} else { // maybe special mail tag
293	// for back-compat
294	$field_name = preg_replace( '/^wpcf7\./', '_', $field_name );
295
296	if ( '_site_admin_email' == $field_name ) {
297	return get_bloginfo( 'admin_email', 'raw' );
298
299	} elseif ( '_user_agent' == $field_name ) {
300	return $example_text;
301
302	} elseif ( '_user_email' == $field_name ) {
303	return $this->contact_form->is_true( 'subscribers_only' )
304	? $example_email
305	: $example_blank;
306
307	} elseif ( '_user_' == substr( $field_name, 0, 6 ) ) {
308	return $this->contact_form->is_true( 'subscribers_only' )
309	? $example_text
310	: $example_blank;
311
312	} elseif ( '_' == substr( $field_name, 0, 1 ) ) {
313	return '_email' == substr( $field_name, -6 )
314	? $example_email
315	: $example_text;
316
317	}
318	}
319
320	return $tag;
321	}
322
323	public function validate_form() {
324	$section = 'form.body';
325	$form = $this->contact_form->prop( 'form' );
326	$this->detect_multiple_controls_in_label( $section, $form );
327	$this->detect_unavailable_names( $section, $form );
328	$this->detect_unavailable_html_elements( $section, $form );
329	}
330
331	public function detect_multiple_controls_in_label( $section, $content ) {
332	$pattern = '%<label(?:[ \t\n]+.*?)?>(.+?)</label>%s';
333
334	if ( preg_match_all( $pattern, $content, $matches ) ) {
335	$form_tags_manager = WPCF7_FormTagsManager::get_instance();
336
337	foreach ( $matches[1] as $insidelabel ) {
338	$tags = $form_tags_manager->scan( $insidelabel );
339	$fields_count = 0;
340
341	foreach ( $tags as $tag ) {
342	$is_multiple_controls_container = wpcf7_form_tag_supports(
343	$tag->type, 'multiple-controls-container' );
344	$is_zero_controls_container = wpcf7_form_tag_supports(
345	$tag->type, 'zero-controls-container' );
346
347	if ( $is_multiple_controls_container ) {
348	$fields_count += count( $tag->values );
349
350	if ( $tag->has_option( 'free_text' ) ) {
351	$fields_count += 1;
352	}
353	} elseif ( $is_zero_controls_container ) {
354	$fields_count += 0;
355	} elseif ( ! empty( $tag->name ) ) {
356	$fields_count += 1;
357	}
358
359	if ( 1 < $fields_count ) {
360	return $this->add_error( $section,
361	self::error_multiple_controls_in_label, array(
362	'link' => self::get_doc_link( 'multiple_controls_in_label' ),
363	)
364	);
365	}
366	}
367	}
368	}
369
370	return false;
371	}
372
373	public function detect_unavailable_names( $section, $content ) {
374	$public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat',
375	'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence',
376	'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order',
377	'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second',
378	'name', 'category_name', 'tag', 'feed', 'author_name', 'static',
379	'pagename', 'page_id', 'error', 'attachment', 'attachment_id',
380	'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term',
381	'cpage', 'post_type', 'embed' );
382
383	$form_tags_manager = WPCF7_FormTagsManager::get_instance();
384	$ng_named_tags = $form_tags_manager->filter( $content,
385	array( 'name' => $public_query_vars ) );
386
387	$ng_names = array();
388
389	foreach ( $ng_named_tags as $tag ) {
390	$ng_names[] = sprintf( '"%s"', $tag->name );
391	}
392
393	if ( $ng_names ) {
394	$ng_names = array_unique( $ng_names );
395
396	return $this->add_error( $section,
397	self::error_unavailable_names,
398	array(
399	'message' =>
400	/* translators: %names%: a list of form control names */
401	__( "Unavailable names (%names%) are used for form controls.", 'contact-form-7' ),
402	'params' => array( 'names' => implode( ', ', $ng_names ) ),
403	'link' => self::get_doc_link( 'unavailable_names' ),
404	)
405	);
406	}
407
408	return false;
409	}
410
411	public function detect_unavailable_html_elements( $section, $content ) {
412	$pattern = '%(?:<form[\s\t>]\|</form>)%i';
413
414	if ( preg_match( $pattern, $content ) ) {
415	return $this->add_error( $section,
416	self::error_unavailable_html_elements,
417	array(
418	'message' => __( "Unavailable HTML elements are used in the form template.", 'contact-form-7' ),
419	'link' => self::get_doc_link( 'unavailable_html_elements' ),
420	)
421	);
422	}
423
424	return false;
425	}
426
427	public function validate_mail( $template = 'mail' ) {
428	$components = (array) $this->contact_form->prop( $template );
429
430	if ( ! $components ) {
431	return;
432	}
433
434	if ( 'mail' != $template
435	and empty( $components['active'] ) ) {
436	return;
437	}
438
439	$components = wp_parse_args( $components, array(
440	'subject' => '',
441	'sender' => '',
442	'recipient' => '',
443	'additional_headers' => '',
444	'body' => '',
445	'attachments' => '',
446	) );
447
448	$callback = array( $this, 'replace_mail_tags_with_minimum_input' );
449
450	$subject = $components['subject'];
451	$subject = new WPCF7_MailTaggedText( $subject,
452	array( 'callback' => $callback ) );
453	$subject = $subject->replace_tags();
454	$subject = wpcf7_strip_newline( $subject );
455	$this->detect_maybe_empty( sprintf( '%s.subject', $template ), $subject );
456
457	$sender = $components['sender'];
458	$sender = new WPCF7_MailTaggedText( $sender,
459	array( 'callback' => $callback ) );
460	$sender = $sender->replace_tags();
461	$sender = wpcf7_strip_newline( $sender );
462
463	if ( ! $this->detect_invalid_mailbox_syntax( sprintf( '%s.sender', $template ), $sender )
464	and ! wpcf7_is_email_in_site_domain( $sender ) ) {
465	$this->add_error( sprintf( '%s.sender', $template ),
466	self::error_email_not_in_site_domain, array(
467	'link' => self::get_doc_link( 'email_not_in_site_domain' ),
468	)
469	);
470	}
471
472	$recipient = $components['recipient'];
473	$recipient = new WPCF7_MailTaggedText( $recipient,
474	array( 'callback' => $callback ) );
475	$recipient = $recipient->replace_tags();
476	$recipient = wpcf7_strip_newline( $recipient );
477
478	$this->detect_invalid_mailbox_syntax(
479	sprintf( '%s.recipient', $template ), $recipient );
480
481	$additional_headers = $components['additional_headers'];
482	$additional_headers = new WPCF7_MailTaggedText( $additional_headers,
483	array( 'callback' => $callback ) );
484	$additional_headers = $additional_headers->replace_tags();
485	$additional_headers = explode( "\n", $additional_headers );
486	$mailbox_header_types = array( 'reply-to', 'cc', 'bcc' );
487	$invalid_mail_header_exists = false;
488
489	foreach ( $additional_headers as $header ) {
490	$header = trim( $header );
491
492	if ( '' === $header ) {
493	continue;
494	}
495
496	if ( ! preg_match( '/^([0-9A-Za-z-]+):(.*)$/', $header, $matches ) ) {
497	$invalid_mail_header_exists = true;
498	} else {
499	$header_name = $matches[1];
500	$header_value = trim( $matches[2] );
501
502	if ( in_array( strtolower( $header_name ), $mailbox_header_types ) ) {
503	$this->detect_invalid_mailbox_syntax(
504	sprintf( '%s.additional_headers', $template ),
505	$header_value, array(
506	'message' =>
507	__( "Invalid mailbox syntax is used in the %name% field.", 'contact-form-7' ),
508	'params' => array( 'name' => $header_name ) ) );
509	} elseif ( empty( $header_value ) ) {
510	$invalid_mail_header_exists = true;
511	}
512	}
513	}
514
515	if ( $invalid_mail_header_exists ) {
516	$this->add_error( sprintf( '%s.additional_headers', $template ),
517	self::error_invalid_mail_header, array(
518	'link' => self::get_doc_link( 'invalid_mail_header' ),
519	)
520	);
521	}
522
523	$body = $components['body'];
524	$body = new WPCF7_MailTaggedText( $body,
525	array( 'callback' => $callback ) );
526	$body = $body->replace_tags();
527	$this->detect_maybe_empty( sprintf( '%s.body', $template ), $body );
528
529	if ( '' !== $components['attachments'] ) {
530	$attachables = array();
531
532	$tags = $this->contact_form->scan_form_tags(
533	array( 'type' => array( 'file', 'file*' ) )
534	);
535
536	foreach ( $tags as $tag ) {
537	$name = $tag->name;
538
539	if ( false === strpos( $components['attachments'], "[{$name}]" ) ) {
540	continue;
541	}
542
543	$limit = (int) $tag->get_limit_option();
544
545	if ( empty( $attachables[$name] )
546	or $attachables[$name] < $limit ) {
547	$attachables[$name] = $limit;
548	}
549	}
550
551	$total_size = array_sum( $attachables );
552
553	$has_file_not_found = false;
554	$has_file_not_in_content_dir = false;
555
556	foreach ( explode( "\n", $components['attachments'] ) as $line ) {
557	$line = trim( $line );
558
559	if ( '' === $line
560	or '[' == substr( $line, 0, 1 ) ) {
561	continue;
562	}
563
564	$has_file_not_found = $this->detect_file_not_found(
565	sprintf( '%s.attachments', $template ), $line
566	);
567
568	if ( ! $has_file_not_found
569	and ! $has_file_not_in_content_dir ) {
570	$has_file_not_in_content_dir = $this->detect_file_not_in_content_dir(
571	sprintf( '%s.attachments', $template ), $line
572	);
573	}
574
575	if ( ! $has_file_not_found ) {
576	$path = path_join( WP_CONTENT_DIR, $line );
577	$total_size += (int) @filesize( $path );
578	}
579	}
580
581	$max = 25 * MB_IN_BYTES; // 25 MB
582
583	if ( $max < $total_size ) {
584	$this->add_error( sprintf( '%s.attachments', $template ),
585	self::error_attachments_overweight,
586	array(
587	'message' => __( "The total size of attachment files is too large.", 'contact-form-7' ),
588	'link' => self::get_doc_link( 'attachments_overweight' ),
589	)
590	);
591	}
592	}
593	}
594
595	public function detect_invalid_mailbox_syntax( $section, $content, $args = '' ) {
596	$args = wp_parse_args( $args, array(
597	'link' => self::get_doc_link( 'invalid_mailbox_syntax' ),
598	'message' => '',
599	'params' => array(),
600	) );
601
602	if ( ! wpcf7_is_mailbox_list( $content ) ) {
603	return $this->add_error( $section,
604	self::error_invalid_mailbox_syntax, $args );
605	}
606
607	return false;
608	}
609
610	public function detect_maybe_empty( $section, $content ) {
611	if ( '' === $content ) {
612	return $this->add_error( $section,
613	self::error_maybe_empty, array(
614	'link' => self::get_doc_link( 'maybe_empty' ),
615	)
616	);
617	}
618
619	return false;
620	}
621
622	public function detect_file_not_found( $section, $content ) {
623	$path = path_join( WP_CONTENT_DIR, $content );
624
625	if ( ! is_readable( $path )
626	or ! is_file( $path ) ) {
627	return $this->add_error( $section,
628	self::error_file_not_found,
629	array(
630	'message' =>
631	__( "Attachment file does not exist at %path%.", 'contact-form-7' ),
632	'params' => array( 'path' => $content ),
633	'link' => self::get_doc_link( 'file_not_found' ),
634	)
635	);
636	}
637
638	return false;
639	}
640
641	public function detect_file_not_in_content_dir( $section, $content ) {
642	$path = path_join( WP_CONTENT_DIR, $content );
643
644	if ( ! wpcf7_is_file_path_in_content_dir( $path ) ) {
645	return $this->add_error( $section,
646	self::error_file_not_in_content_dir,
647	array(
648	'message' =>
649	__( "It is not allowed to use files outside the wp-content directory.", 'contact-form-7' ),
650	'link' => self::get_doc_link( 'file_not_in_content_dir' ),
651	)
652	);
653	}
654
655	return false;
656	}
657
658	public function validate_messages() {
659	$messages = (array) $this->contact_form->prop( 'messages' );
660
661	if ( ! $messages ) {
662	return;
663	}
664
665	if ( isset( $messages['captcha_not_match'] )
666	and ! wpcf7_use_really_simple_captcha() ) {
667	unset( $messages['captcha_not_match'] );
668	}
669
670	foreach ( $messages as $key => $message ) {
671	$section = sprintf( 'messages.%s', $key );
672	$this->detect_html_in_message( $section, $message );
673	}
674	}
675
676	public function detect_html_in_message( $section, $content ) {
677	$stripped = wp_strip_all_tags( $content );
678
679	if ( $stripped != $content ) {
680	return $this->add_error( $section,
681	self::error_html_in_message,
682	array(
683	'link' => self::get_doc_link( 'html_in_message' ),
684	)
685	);
686	}
687
688	return false;
689	}
690
691	public function validate_additional_settings() {
692	$deprecated_settings_used =
693	$this->contact_form->additional_setting( 'on_sent_ok' ) \|\|
694	$this->contact_form->additional_setting( 'on_submit' );
695
696	if ( $deprecated_settings_used ) {
697	return $this->add_error( 'additional_settings.body',
698	self::error_deprecated_settings,
699	array(
700	'link' => self::get_doc_link( 'deprecated_settings' ),
701	)
702	);
703	}
704	}
705
706	}
707