config-validator.php — Contact Form 7 5.5.5

contact-form-7 / includes / config-validator.php

contact-form-7 / includes Last commit date

block-editor 4 years ago css 4 years ago js 4 years ago capabilities.php 7 years ago config-validator.php 4 years ago contact-form-functions.php 4 years ago contact-form-template.php 5 years ago contact-form.php 4 years ago controller.php 5 years ago file.php 4 years ago form-tag.php 4 years ago form-tags-manager.php 4 years ago formatting.php 4 years ago functions.php 4 years ago integration.php 4 years ago l10n.php 5 years ago mail.php 4 years ago pipe.php 4 years ago rest-api.php 4 years ago shortcodes.php 9 years ago special-mail-tags.php 5 years ago submission.php 4 years ago upgrade.php 7 years ago validation-functions.php 4 years ago validation.php 7 years ago

config-validator.php

737 lines

1	<?php
2
3	class WPCF7_ConfigValidator {
4
5	const last_important_update = '5.5';
6
7	const error = 100;
8	const error_maybe_empty = 101;
9	const error_invalid_mailbox_syntax = 102;
10	const error_email_not_in_site_domain = 103;
11	const error_html_in_message = 104;
12	const error_multiple_controls_in_label = 105;
13	const error_file_not_found = 106;
14	const error_unavailable_names = 107;
15	const error_invalid_mail_header = 108;
16	const error_deprecated_settings = 109;
17	const error_file_not_in_content_dir = 110;
18	const error_unavailable_html_elements = 111;
19	const error_attachments_overweight = 112;
20	const error_dots_in_names = 113;
21
22	public static function get_doc_link( $error_code = '' ) {
23	$url = __( 'https://contactform7.com/configuration-errors/',
24	'contact-form-7'
25	);
26
27	if ( '' !== $error_code ) {
28	$error_code = strtr( $error_code, '_', '-' );
29
30	$url = sprintf( '%s/%s', untrailingslashit( $url ), $error_code );
31	}
32
33	return esc_url( $url );
34	}
35
36	private $contact_form;
37	private $errors = array();
38
39	public function __construct( WPCF7_ContactForm $contact_form ) {
40	$this->contact_form = $contact_form;
41	}
42
43	public function contact_form() {
44	return $this->contact_form;
45	}
46
47	public function is_valid() {
48	return ! $this->count_errors();
49	}
50
51	public function count_errors( $args = '' ) {
52	$args = wp_parse_args( $args, array(
53	'section' => '',
54	'code' => '',
55	) );
56
57	$count = 0;
58
59	foreach ( $this->errors as $key => $errors ) {
60	if ( preg_match( '/^mail_[0-9]+\.(.*)$/', $key, $matches ) ) {
61	$key = sprintf( 'mail.%s', $matches[1] );
62	}
63
64	if ( $args['section']
65	and $key != $args['section']
66	and preg_replace( '/\..*$/', '', $key, 1 ) != $args['section'] ) {
67	continue;
68	}
69
70	foreach ( $errors as $error ) {
71	if ( empty( $error ) ) {
72	continue;
73	}
74
75	if ( $args['code'] and $error['code'] != $args['code'] ) {
76	continue;
77	}
78
79	$count += 1;
80	}
81	}
82
83	return $count;
84	}
85
86	public function collect_error_messages() {
87	$error_messages = array();
88
89	foreach ( $this->errors as $section => $errors ) {
90	$error_messages[$section] = array();
91
92	foreach ( $errors as $error ) {
93	if ( empty( $error['args']['message'] ) ) {
94	$message = $this->get_default_message( $error['code'] );
95	} elseif ( empty( $error['args']['params'] ) ) {
96	$message = $error['args']['message'];
97	} else {
98	$message = $this->build_message(
99	$error['args']['message'],
100	$error['args']['params'] );
101	}
102
103	$link = '';
104
105	if ( ! empty( $error['args']['link'] ) ) {
106	$link = $error['args']['link'];
107	}
108
109	$error_messages[$section][] = array(
110	'message' => $message,
111	'link' => esc_url( $link ),
112	);
113	}
114	}
115
116	return $error_messages;
117	}
118
119	public function build_message( $message, $params = '' ) {
120	$params = wp_parse_args( $params, array() );
121
122	foreach ( $params as $key => $val ) {
123	if ( ! preg_match( '/^[0-9A-Za-z_]+$/', $key ) ) { // invalid key
124	continue;
125	}
126
127	$placeholder = '%' . $key . '%';
128
129	if ( false !== stripos( $message, $placeholder ) ) {
130	$message = str_ireplace( $placeholder, $val, $message );
131	}
132	}
133
134	return $message;
135	}
136
137	public function get_default_message( $code ) {
138	switch ( $code ) {
139	case self::error_maybe_empty:
140	return __( "There is a possible empty field.", 'contact-form-7' );
141	case self::error_invalid_mailbox_syntax:
142	return __( "Invalid mailbox syntax is used.", 'contact-form-7' );
143	case self::error_email_not_in_site_domain:
144	return __( "Sender email address does not belong to the site domain.", 'contact-form-7' );
145	case self::error_html_in_message:
146	return __( "HTML tags are used in a message.", 'contact-form-7' );
147	case self::error_multiple_controls_in_label:
148	return __( "Multiple form controls are in a single label element.", 'contact-form-7' );
149	case self::error_invalid_mail_header:
150	return __( "There are invalid mail header fields.", 'contact-form-7' );
151	case self::error_deprecated_settings:
152	return __( "Deprecated settings are used.", 'contact-form-7' );
153	default:
154	return '';
155	}
156	}
157
158	public function add_error( $section, $code, $args = '' ) {
159	$args = wp_parse_args( $args, array(
160	'message' => '',
161	'params' => array(),
162	) );
163
164	if ( ! isset( $this->errors[$section] ) ) {
165	$this->errors[$section] = array();
166	}
167
168	$this->errors[$section][] = array( 'code' => $code, 'args' => $args );
169
170	return true;
171	}
172
173	public function remove_error( $section, $code ) {
174	if ( empty( $this->errors[$section] ) ) {
175	return;
176	}
177
178	foreach ( (array) $this->errors[$section] as $key => $error ) {
179	if ( isset( $error['code'] )
180	and $error['code'] == $code ) {
181	unset( $this->errors[$section][$key] );
182	}
183	}
184
185	if ( empty( $this->errors[$section] ) ) {
186	unset( $this->errors[$section] );
187	}
188	}
189
190	public function validate() {
191	$this->errors = array();
192
193	$this->validate_form();
194	$this->validate_mail( 'mail' );
195	$this->validate_mail( 'mail_2' );
196	$this->validate_messages();
197	$this->validate_additional_settings();
198
199	do_action( 'wpcf7_config_validator_validate', $this );
200
201	return $this->is_valid();
202	}
203
204	public function save() {
205	if ( $this->contact_form->initial() ) {
206	return;
207	}
208
209	delete_post_meta( $this->contact_form->id(), '_config_errors' );
210
211	if ( $this->errors ) {
212	update_post_meta( $this->contact_form->id(), '_config_errors',
213	$this->errors );
214	}
215	}
216
217	public function restore() {
218	$config_errors = get_post_meta(
219	$this->contact_form->id(), '_config_errors', true );
220
221	foreach ( (array) $config_errors as $section => $errors ) {
222	if ( empty( $errors ) ) {
223	continue;
224	}
225
226	if ( ! is_array( $errors ) ) { // for back-compat
227	$code = $errors;
228	$this->add_error( $section, $code );
229	} else {
230	foreach ( (array) $errors as $error ) {
231	if ( ! empty( $error['code'] ) ) {
232	$code = $error['code'];
233	$args = isset( $error['args'] ) ? $error['args'] : '';
234	$this->add_error( $section, $code, $args );
235	}
236	}
237	}
238	}
239	}
240
241	public function replace_mail_tags_with_minimum_input( $matches ) {
242	// allow [[foo]] syntax for escaping a tag
243	if ( $matches[1] == '[' && $matches[4] == ']' ) {
244	return substr( $matches[0], 1, -1 );
245	}
246
247	$tag = $matches[0];
248	$tagname = $matches[2];
249	$values = $matches[3];
250
251	$mail_tag = new WPCF7_MailTag( $tag, $tagname, $values );
252	$field_name = $mail_tag->field_name();
253
254	$example_email = 'example@example.com';
255	$example_text = 'example';
256	$example_blank = '';
257
258	$form_tags = $this->contact_form->scan_form_tags(
259	array( 'name' => $field_name ) );
260
261	if ( $form_tags ) {
262	$form_tag = new WPCF7_FormTag( $form_tags[0] );
263
264	$is_required = ( $form_tag->is_required() \|\| 'radio' == $form_tag->type );
265
266	if ( ! $is_required ) {
267	return $example_blank;
268	}
269
270	if ( wpcf7_form_tag_supports( $form_tag->type, 'selectable-values' ) ) {
271	if ( $form_tag->pipes instanceof WPCF7_Pipes ) {
272	if ( $mail_tag->get_option( 'do_not_heat' ) ) {
273	$before_pipes = $form_tag->pipes->collect_befores();
274	$last_item = array_pop( $before_pipes );
275	} else {
276	$after_pipes = $form_tag->pipes->collect_afters();
277	$last_item = array_pop( $after_pipes );
278	}
279	} else {
280	$last_item = array_pop( $form_tag->values );
281	}
282
283	if ( $last_item and wpcf7_is_mailbox_list( $last_item ) ) {
284	return $example_email;
285	} else {
286	return $example_text;
287	}
288	}
289
290	if ( 'email' == $form_tag->basetype ) {
291	return $example_email;
292	} else {
293	return $example_text;
294	}
295
296	} else { // maybe special mail tag
297	// for back-compat
298	$field_name = preg_replace( '/^wpcf7\./', '_', $field_name );
299
300	if ( '_site_admin_email' == $field_name ) {
301	return get_bloginfo( 'admin_email', 'raw' );
302
303	} elseif ( '_user_agent' == $field_name ) {
304	return $example_text;
305
306	} elseif ( '_user_email' == $field_name ) {
307	return $this->contact_form->is_true( 'subscribers_only' )
308	? $example_email
309	: $example_blank;
310
311	} elseif ( '_user_' == substr( $field_name, 0, 6 ) ) {
312	return $this->contact_form->is_true( 'subscribers_only' )
313	? $example_text
314	: $example_blank;
315
316	} elseif ( '_' == substr( $field_name, 0, 1 ) ) {
317	return '_email' == substr( $field_name, -6 )
318	? $example_email
319	: $example_text;
320
321	}
322	}
323
324	return $tag;
325	}
326
327	public function validate_form() {
328	$section = 'form.body';
329	$form = $this->contact_form->prop( 'form' );
330	$this->detect_multiple_controls_in_label( $section, $form );
331	$this->detect_unavailable_names( $section, $form );
332	$this->detect_unavailable_html_elements( $section, $form );
333	$this->detect_dots_in_names( $section, $form );
334	}
335
336	public function detect_multiple_controls_in_label( $section, $content ) {
337	$pattern = '%<label(?:[ \t\n]+.*?)?>(.+?)</label>%s';
338
339	if ( preg_match_all( $pattern, $content, $matches ) ) {
340	$form_tags_manager = WPCF7_FormTagsManager::get_instance();
341
342	foreach ( $matches[1] as $insidelabel ) {
343	$tags = $form_tags_manager->scan( $insidelabel );
344	$fields_count = 0;
345
346	foreach ( $tags as $tag ) {
347	$is_multiple_controls_container = wpcf7_form_tag_supports(
348	$tag->type, 'multiple-controls-container' );
349	$is_zero_controls_container = wpcf7_form_tag_supports(
350	$tag->type, 'zero-controls-container' );
351
352	if ( $is_multiple_controls_container ) {
353	$fields_count += count( $tag->values );
354
355	if ( $tag->has_option( 'free_text' ) ) {
356	$fields_count += 1;
357	}
358	} elseif ( $is_zero_controls_container ) {
359	$fields_count += 0;
360	} elseif ( ! empty( $tag->name ) ) {
361	$fields_count += 1;
362	}
363
364	if ( 1 < $fields_count ) {
365	return $this->add_error( $section,
366	self::error_multiple_controls_in_label, array(
367	'link' => self::get_doc_link( 'multiple_controls_in_label' ),
368	)
369	);
370	}
371	}
372	}
373	}
374
375	return false;
376	}
377
378	public function detect_unavailable_names( $section, $content ) {
379	$public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat',
380	'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence',
381	'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order',
382	'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second',
383	'name', 'category_name', 'tag', 'feed', 'author_name', 'static',
384	'pagename', 'page_id', 'error', 'attachment', 'attachment_id',
385	'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term',
386	'cpage', 'post_type', 'embed',
387	);
388
389	$form_tags_manager = WPCF7_FormTagsManager::get_instance();
390
391	$ng_named_tags = $form_tags_manager->filter( $content, array(
392	'name' => $public_query_vars,
393	) );
394
395	$ng_names = array();
396
397	foreach ( $ng_named_tags as $tag ) {
398	$ng_names[] = sprintf( '"%s"', $tag->name );
399	}
400
401	if ( $ng_names ) {
402	$ng_names = array_unique( $ng_names );
403
404	return $this->add_error( $section,
405	self::error_unavailable_names,
406	array(
407	'message' =>
408	/* translators: %names%: a list of form control names */
409	__( "Unavailable names (%names%) are used for form controls.", 'contact-form-7' ),
410	'params' => array( 'names' => implode( ', ', $ng_names ) ),
411	'link' => self::get_doc_link( 'unavailable_names' ),
412	)
413	);
414	}
415
416	return false;
417	}
418
419	public function detect_unavailable_html_elements( $section, $content ) {
420	$pattern = '%(?:<form[\s\t>]\|</form>)%i';
421
422	if ( preg_match( $pattern, $content ) ) {
423	return $this->add_error( $section,
424	self::error_unavailable_html_elements,
425	array(
426	'message' => __( "Unavailable HTML elements are used in the form template.", 'contact-form-7' ),
427	'link' => self::get_doc_link( 'unavailable_html_elements' ),
428	)
429	);
430	}
431
432	return false;
433	}
434
435	public function detect_dots_in_names( $section, $content ) {
436	$form_tags_manager = WPCF7_FormTagsManager::get_instance();
437
438	$tags = $form_tags_manager->filter( $content, array(
439	'feature' => 'name-attr',
440	) );
441
442	foreach ( $tags as $tag ) {
443	if ( false !== strpos( $tag->raw_name, '.' ) ) {
444	return $this->add_error( $section,
445	self::error_dots_in_names,
446	array(
447	'message' => __( "Dots are used in form-tag names.", 'contact-form-7' ),
448	'link' => self::get_doc_link( 'dots_in_names' ),
449	)
450	);
451	}
452	}
453
454	return false;
455	}
456
457	public function validate_mail( $template = 'mail' ) {
458	$components = (array) $this->contact_form->prop( $template );
459
460	if ( ! $components ) {
461	return;
462	}
463
464	if ( 'mail' != $template
465	and empty( $components['active'] ) ) {
466	return;
467	}
468
469	$components = wp_parse_args( $components, array(
470	'subject' => '',
471	'sender' => '',
472	'recipient' => '',
473	'additional_headers' => '',
474	'body' => '',
475	'attachments' => '',
476	) );
477
478	$callback = array( $this, 'replace_mail_tags_with_minimum_input' );
479
480	$subject = $components['subject'];
481	$subject = new WPCF7_MailTaggedText( $subject,
482	array( 'callback' => $callback ) );
483	$subject = $subject->replace_tags();
484	$subject = wpcf7_strip_newline( $subject );
485	$this->detect_maybe_empty( sprintf( '%s.subject', $template ), $subject );
486
487	$sender = $components['sender'];
488	$sender = new WPCF7_MailTaggedText( $sender,
489	array( 'callback' => $callback ) );
490	$sender = $sender->replace_tags();
491	$sender = wpcf7_strip_newline( $sender );
492
493	if ( ! $this->detect_invalid_mailbox_syntax( sprintf( '%s.sender', $template ), $sender )
494	and ! wpcf7_is_email_in_site_domain( $sender ) ) {
495	$this->add_error( sprintf( '%s.sender', $template ),
496	self::error_email_not_in_site_domain, array(
497	'link' => self::get_doc_link( 'email_not_in_site_domain' ),
498	)
499	);
500	}
501
502	$recipient = $components['recipient'];
503	$recipient = new WPCF7_MailTaggedText( $recipient,
504	array( 'callback' => $callback ) );
505	$recipient = $recipient->replace_tags();
506	$recipient = wpcf7_strip_newline( $recipient );
507
508	$this->detect_invalid_mailbox_syntax(
509	sprintf( '%s.recipient', $template ), $recipient );
510
511	$additional_headers = $components['additional_headers'];
512	$additional_headers = new WPCF7_MailTaggedText( $additional_headers,
513	array( 'callback' => $callback ) );
514	$additional_headers = $additional_headers->replace_tags();
515	$additional_headers = explode( "\n", $additional_headers );
516	$mailbox_header_types = array( 'reply-to', 'cc', 'bcc' );
517	$invalid_mail_header_exists = false;
518
519	foreach ( $additional_headers as $header ) {
520	$header = trim( $header );
521
522	if ( '' === $header ) {
523	continue;
524	}
525
526	if ( ! preg_match( '/^([0-9A-Za-z-]+):(.*)$/', $header, $matches ) ) {
527	$invalid_mail_header_exists = true;
528	} else {
529	$header_name = $matches[1];
530	$header_value = trim( $matches[2] );
531
532	if ( in_array( strtolower( $header_name ), $mailbox_header_types ) ) {
533	$this->detect_invalid_mailbox_syntax(
534	sprintf( '%s.additional_headers', $template ),
535	$header_value, array(
536	'message' =>
537	__( "Invalid mailbox syntax is used in the %name% field.", 'contact-form-7' ),
538	'params' => array( 'name' => $header_name ) ) );
539	} elseif ( empty( $header_value ) ) {
540	$invalid_mail_header_exists = true;
541	}
542	}
543	}
544
545	if ( $invalid_mail_header_exists ) {
546	$this->add_error( sprintf( '%s.additional_headers', $template ),
547	self::error_invalid_mail_header, array(
548	'link' => self::get_doc_link( 'invalid_mail_header' ),
549	)
550	);
551	}
552
553	$body = $components['body'];
554	$body = new WPCF7_MailTaggedText( $body,
555	array( 'callback' => $callback ) );
556	$body = $body->replace_tags();
557	$this->detect_maybe_empty( sprintf( '%s.body', $template ), $body );
558
559	if ( '' !== $components['attachments'] ) {
560	$attachables = array();
561
562	$tags = $this->contact_form->scan_form_tags(
563	array( 'type' => array( 'file', 'file*' ) )
564	);
565
566	foreach ( $tags as $tag ) {
567	$name = $tag->name;
568
569	if ( false === strpos( $components['attachments'], "[{$name}]" ) ) {
570	continue;
571	}
572
573	$limit = (int) $tag->get_limit_option();
574
575	if ( empty( $attachables[$name] )
576	or $attachables[$name] < $limit ) {
577	$attachables[$name] = $limit;
578	}
579	}
580
581	$total_size = array_sum( $attachables );
582
583	$has_file_not_found = false;
584	$has_file_not_in_content_dir = false;
585
586	foreach ( explode( "\n", $components['attachments'] ) as $line ) {
587	$line = trim( $line );
588
589	if ( '' === $line
590	or '[' == substr( $line, 0, 1 ) ) {
591	continue;
592	}
593
594	$has_file_not_found = $this->detect_file_not_found(
595	sprintf( '%s.attachments', $template ), $line
596	);
597
598	if ( ! $has_file_not_found
599	and ! $has_file_not_in_content_dir ) {
600	$has_file_not_in_content_dir = $this->detect_file_not_in_content_dir(
601	sprintf( '%s.attachments', $template ), $line
602	);
603	}
604
605	if ( ! $has_file_not_found ) {
606	$path = path_join( WP_CONTENT_DIR, $line );
607	$total_size += (int) @filesize( $path );
608	}
609	}
610
611	$max = 25 * MB_IN_BYTES; // 25 MB
612
613	if ( $max < $total_size ) {
614	$this->add_error( sprintf( '%s.attachments', $template ),
615	self::error_attachments_overweight,
616	array(
617	'message' => __( "The total size of attachment files is too large.", 'contact-form-7' ),
618	'link' => self::get_doc_link( 'attachments_overweight' ),
619	)
620	);
621	}
622	}
623	}
624
625	public function detect_invalid_mailbox_syntax( $section, $content, $args = '' ) {
626	$args = wp_parse_args( $args, array(
627	'link' => self::get_doc_link( 'invalid_mailbox_syntax' ),
628	'message' => '',
629	'params' => array(),
630	) );
631
632	if ( ! wpcf7_is_mailbox_list( $content ) ) {
633	return $this->add_error( $section,
634	self::error_invalid_mailbox_syntax, $args );
635	}
636
637	return false;
638	}
639
640	public function detect_maybe_empty( $section, $content ) {
641	if ( '' === $content ) {
642	return $this->add_error( $section,
643	self::error_maybe_empty, array(
644	'link' => self::get_doc_link( 'maybe_empty' ),
645	)
646	);
647	}
648
649	return false;
650	}
651
652	public function detect_file_not_found( $section, $content ) {
653	$path = path_join( WP_CONTENT_DIR, $content );
654
655	if ( ! is_readable( $path )
656	or ! is_file( $path ) ) {
657	return $this->add_error( $section,
658	self::error_file_not_found,
659	array(
660	'message' =>
661	__( "Attachment file does not exist at %path%.", 'contact-form-7' ),
662	'params' => array( 'path' => $content ),
663	'link' => self::get_doc_link( 'file_not_found' ),
664	)
665	);
666	}
667
668	return false;
669	}
670
671	public function detect_file_not_in_content_dir( $section, $content ) {
672	$path = path_join( WP_CONTENT_DIR, $content );
673
674	if ( ! wpcf7_is_file_path_in_content_dir( $path ) ) {
675	return $this->add_error( $section,
676	self::error_file_not_in_content_dir,
677	array(
678	'message' =>
679	__( "It is not allowed to use files outside the wp-content directory.", 'contact-form-7' ),
680	'link' => self::get_doc_link( 'file_not_in_content_dir' ),
681	)
682	);
683	}
684
685	return false;
686	}
687
688	public function validate_messages() {
689	$messages = (array) $this->contact_form->prop( 'messages' );
690
691	if ( ! $messages ) {
692	return;
693	}
694
695	if ( isset( $messages['captcha_not_match'] )
696	and ! wpcf7_use_really_simple_captcha() ) {
697	unset( $messages['captcha_not_match'] );
698	}
699
700	foreach ( $messages as $key => $message ) {
701	$section = sprintf( 'messages.%s', $key );
702	$this->detect_html_in_message( $section, $message );
703	}
704	}
705
706	public function detect_html_in_message( $section, $content ) {
707	$stripped = wp_strip_all_tags( $content );
708
709	if ( $stripped != $content ) {
710	return $this->add_error( $section,
711	self::error_html_in_message,
712	array(
713	'link' => self::get_doc_link( 'html_in_message' ),
714	)
715	);
716	}
717
718	return false;
719	}
720
721	public function validate_additional_settings() {
722	$deprecated_settings_used =
723	$this->contact_form->additional_setting( 'on_sent_ok' ) \|\|
724	$this->contact_form->additional_setting( 'on_submit' );
725
726	if ( $deprecated_settings_used ) {
727	return $this->add_error( 'additional_settings.body',
728	self::error_deprecated_settings,
729	array(
730	'link' => self::get_doc_link( 'deprecated_settings' ),
731	)
732	);
733	}
734	}
735
736	}
737