validation-functions.php — Contact Form 7 5.9.3

contact-form-7 / includes / validation-functions.php

contact-form-7 / includes Last commit date

block-editor 2 years ago config-validator 2 years ago css 2 years ago js 2 years ago swv 2 years ago capabilities.php 7 years ago contact-form-functions.php 2 years ago contact-form-template.php 2 years ago contact-form.php 2 years ago controller.php 2 years ago file.php 2 years ago form-tag.php 2 years ago form-tags-manager.php 3 years ago formatting.php 2 years ago functions.php 2 years ago html-formatter.php 3 years ago integration.php 2 years ago l10n.php 3 years ago mail-tag.php 2 years ago mail.php 2 years ago pipe.php 2 years ago pocket-holder.php 3 years ago rest-api.php 2 years ago shortcodes.php 3 years ago special-mail-tags.php 2 years ago submission.php 2 years ago upgrade.php 2 years ago validation-functions.php 2 years ago validation.php 3 years ago

validation-functions.php

301 lines

1	<?php
2
3	/**
4	* Checks whether a string is a valid NAME token.
5	*
6	* ID and NAME tokens must begin with a letter ([A-Za-z])
7	* and may be followed by any number of letters, digits ([0-9]),
8	* hyphens ("-"), underscores ("_"), colons (":"), and periods (".").
9	*
10	* @link http://www.w3.org/TR/html401/types.html#h-6.2
11	*
12	* @return bool True if it is a valid name, false if not.
13	*/
14	function wpcf7_is_name( $text ) {
15	return preg_match( '/^[A-Za-z][-A-Za-z0-9_:.]*$/', $text );
16	}
17
18
19	/**
20	* Checks whether the given text is a well-formed email address.
21	*/
22	function wpcf7_is_email( $text ) {
23	$result = is_email( $text );
24	return apply_filters( 'wpcf7_is_email', $result, $text );
25	}
26
27
28	/**
29	* Checks whether the given text is a well-formed URL.
30	*/
31	function wpcf7_is_url( $text ) {
32	$scheme = wp_parse_url( $text, PHP_URL_SCHEME );
33	$result = $scheme && in_array( $scheme, wp_allowed_protocols(), true );
34	return apply_filters( 'wpcf7_is_url', $result, $text );
35	}
36
37
38	/**
39	* Checks whether the given text is a well-formed telephone number.
40	*/
41	function wpcf7_is_tel( $text ) {
42	$text = preg_replace( '%[()/.*#\s-]+%', '', $text );
43	$result = preg_match( '/^[+]?[0-9]+$/', $text );
44	return apply_filters( 'wpcf7_is_tel', $result, $text );
45	}
46
47
48	/**
49	* Checks whether the given text is a well-formed number.
50	*
51	* @link https://html.spec.whatwg.org/multipage/input.html#number-state-(type=number)
52	*/
53	function wpcf7_is_number( $text ) {
54	$result = false;
55
56	$patterns = array(
57	'/^[-]?[0-9]+(?:[eE][+-]?[0-9]+)?$/',
58	'/^[-]?(?:[0-9]+)?[.][0-9]+(?:[eE][+-]?[0-9]+)?$/',
59	);
60
61	foreach ( $patterns as $pattern ) {
62	if ( preg_match( $pattern, $text ) ) {
63	$result = true;
64	break;
65	}
66	}
67
68	return apply_filters( 'wpcf7_is_number', $result, $text );
69	}
70
71
72	/**
73	* Checks whether the given text is a valid date.
74	*
75	* @link https://html.spec.whatwg.org/multipage/input.html#date-state-(type=date)
76	*/
77	function wpcf7_is_date( $text ) {
78	$result = preg_match(
79	'/^([0-9]{4,})-([0-9]{2})-([0-9]{2})$/',
80	$text,
81	$matches
82	);
83
84	if ( $result ) {
85	$result = checkdate( $matches[2], $matches[3], $matches[1] );
86	}
87
88	return apply_filters( 'wpcf7_is_date', $result, $text );
89	}
90
91
92	/**
93	* Checks whether the given text is a valid time.
94	*
95	* @link https://html.spec.whatwg.org/multipage/input.html#time-state-(type=time)
96	*/
97	function wpcf7_is_time( $text ) {
98	$result = preg_match(
99	'/^([0-9]{2})\:([0-9]{2})(?:\:([0-9]{2}))?$/',
100	$text,
101	$matches
102	);
103
104	if ( $result ) {
105	$hour = (int) $matches[1];
106	$minute = (int) $matches[2];
107	$second = empty( $matches[3] ) ? 0 : (int) $matches[3];
108
109	$result = 0 <= $hour && $hour <= 23 &&
110	0 <= $minute && $minute <= 59 &&
111	0 <= $second && $second <= 59;
112	}
113
114	return apply_filters( 'wpcf7_is_time', $result, $text );
115	}
116
117
118	/**
119	* Checks whether the given text is a well-formed mailbox list.
120	*
121	* @param string\|array $mailbox_list The subject to be checked.
122	* Comma-separated string or an array of mailboxes.
123	* @return array\|bool Array of email addresses if all items are well-formed
124	* mailbox, false if not.
125	*/
126	function wpcf7_is_mailbox_list( $mailbox_list ) {
127	if ( ! is_array( $mailbox_list ) ) {
128	$mailbox_text = (string) $mailbox_list;
129
130	$mailbox_text = preg_replace(
131	'/\\\\(?:\"\|\')/',
132	'esc-quote',
133	$mailbox_text
134	);
135
136	$mailbox_text = preg_replace(
137	'/(?:\".?\"\|\'.?\')/',
138	'quoted-string',
139	$mailbox_text
140	);
141
142	$mailbox_list = explode( ',', $mailbox_text );
143	}
144
145	$addresses = array();
146
147	foreach ( $mailbox_list as $mailbox ) {
148	if ( ! is_string( $mailbox ) ) {
149	return false;
150	}
151
152	$mailbox = trim( $mailbox );
153
154	if ( '' === $mailbox ) {
155	continue;
156	}
157
158	if ( preg_match( '/<(.+)>$/', $mailbox, $matches ) ) {
159	$addr_spec = $matches[1];
160	} else {
161	$addr_spec = $mailbox;
162	}
163
164	if ( ! wpcf7_is_email( $addr_spec ) ) {
165	return false;
166	}
167
168	$addresses[] = $addr_spec;
169	}
170
171	return $addresses;
172	}
173
174
175	/**
176	* Checks whether an email address belongs to a domain.
177	*
178	* @param string $email A mailbox or a comma-separated list of mailboxes.
179	* @param string $domain Internet domain name.
180	* @return bool True if all of the email addresses belong to the domain,
181	* false if not.
182	*/
183	function wpcf7_is_email_in_domain( $email, $domain ) {
184	$email_list = wpcf7_is_mailbox_list( $email );
185
186	if ( false === $email_list ) {
187	return false;
188	}
189
190	$domain = strtolower( $domain );
191
192	foreach ( $email_list as $email ) {
193	$email_domain = substr( $email, strrpos( $email, '@' ) + 1 );
194	$email_domain = strtolower( $email_domain );
195	$domain_parts = explode( '.', $domain );
196
197	do {
198	$site_domain = implode( '.', $domain_parts );
199
200	if ( $site_domain == $email_domain ) {
201	continue 2;
202	}
203
204	array_shift( $domain_parts );
205	} while ( $domain_parts );
206
207	return false;
208	}
209
210	return true;
211	}
212
213
214	/**
215	* Checks whether an email address belongs to the site domain.
216	*/
217	function wpcf7_is_email_in_site_domain( $email ) {
218	if ( wpcf7_is_localhost() ) {
219	return true;
220	}
221
222	$homes = array(
223	home_url(),
224	network_home_url(),
225	);
226
227	$homes = array_unique( $homes );
228
229	foreach ( $homes as $home ) {
230	$sitename = wp_parse_url( $home, PHP_URL_HOST );
231
232	if ( WP_Http::is_ip_address( $sitename ) ) {
233	return true;
234	}
235
236	if ( wpcf7_is_email_in_domain( $email, $sitename ) ) {
237	return true;
238	}
239	}
240
241	return false;
242	}
243
244
245	/**
246	* Verifies that a given file path is under the directories that WordPress
247	* manages for user contents.
248	*
249	* Returns false if the file at the given path does not exist yet.
250	*
251	* @param string $path A file path.
252	* @return bool True if the path is under the content directories,
253	* false otherwise.
254	*/
255	function wpcf7_is_file_path_in_content_dir( $path ) {
256	if ( ! is_string( $path ) or '' === $path ) {
257	return false;
258	}
259
260	$callback = static function ( $path, $dir ) {
261	if ( $real_path = realpath( $path ) ) {
262	$path = $real_path;
263	} else {
264	return false;
265	}
266
267	if ( $real_dir = realpath( $dir ) ) {
268	$dir = trailingslashit( $real_dir );
269	} else {
270	return false;
271	}
272
273	return str_starts_with(
274	wp_normalize_path( $path ),
275	wp_normalize_path( $dir )
276	);
277	};
278
279	if (
280	call_user_func( $callback, $path, WP_CONTENT_DIR )
281	) {
282	return true;
283	}
284
285	if (
286	defined( 'UPLOADS' ) and
287	call_user_func( $callback, $path, ABSPATH . UPLOADS )
288	) {
289	return true;
290	}
291
292	if (
293	defined( 'WP_TEMP_DIR' ) and
294	call_user_func( $callback, $path, WP_TEMP_DIR )
295	) {
296	return true;
297	}
298
299	return false;
300	}
301