PluginProbe ʕ •ᴥ•ʔ
Contact Form 7 / 6.1
Contact Form 7 v6.1
6.1.6 5.0.2 5.0.3 5.0.4 5.0.5 5.1 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.2 5.2.1 5.2.2 5.3 5.3.1 5.3.2 5.4 5.4.1 5.4.2 5.5 5.5.1 5.5.2 5.5.3 5.5.4 5.5.5 5.5.6 5.5.6.1 5.6 5.6.1 5.6.2 5.6.3 5.6.4 5.7 5.7.1 5.7.2 5.7.3 5.7.4 5.7.5 5.7.5.1 5.7.6 5.7.7 5.8 5.8.1 5.8.2 5.8.3 5.8.4 5.8.5 5.8.6 5.8.7 5.9 5.9.2 5.9.3 5.9.4 5.9.5 5.9.6 5.9.7 5.9.8 6.0 6.0.1 6.0.2 6.0.3 6.0.4 6.0.5 6.0.6 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 trunk 1.1 1.10 1.10.0.1 1.10.1 1.2 1.3 1.3.1 1.3.2 1.4 1.4.1 1.4.2 1.4.3 1.4.4 1.5 1.6 1.6.1 1.7 1.7.1 1.7.2 1.7.4 1.7.5 1.7.6 1.7.6.1 1.7.7 1.7.7.1 1.7.8 1.8 1.8.0.1 1.8.0.2 1.8.0.3 1.8.0.4 1.8.1 1.8.1.1 1.9 1.9.1 1.9.2 1.9.2.1 1.9.2.2 1.9.3 1.9.4 1.9.5 1.9.5.1 2.0 2.0-beta 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1 2.1.1 2.1.2 2.2 2.2.1 2.3 2.3.1 2.4 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 3.0 3.0-beta 3.0.1 3.0.2 3.0.2.1 3.1 3.1.1 3.1.2 3.2 3.2.1 3.3 3.3.1 3.3.2 3.3.3 3.4 3.4.1 3.4.2 3.5 3.5.1 3.5.2 3.5.3 3.5.4 3.6 3.7 3.7.1 3.7.2 3.8 3.8.1 3.9 3.9-beta 3.9.1 3.9.2 3.9.3 4.0 4.0.1 4.0.2 4.0.3 4.1 4.1-beta 4.1.1 4.1.2 4.2 4.2-beta 4.2.1 4.2.2 4.3 4.3.1 4.4 4.4.1 4.4.2 4.5 4.5.1 4.6 4.6.1 4.7 4.8 4.8.1 4.9 4.9.1 4.9.2 5.0 5.0.1
contact-form-7 / includes / validation-functions.php
contact-form-7 / includes Last commit date
block-editor 1 year ago config-validator 11 months ago css 11 months ago js 1 year ago swv 11 months ago capabilities.php 7 years ago contact-form-functions.php 11 months ago contact-form-template.php 11 months ago contact-form.php 11 months ago controller.php 11 months ago file.php 11 months ago filesystem.php 11 months ago form-tag.php 11 months ago form-tags-manager.php 11 months ago formatting.php 11 months ago functions.php 11 months ago html-formatter.php 11 months ago integration.php 11 months ago l10n.php 11 months ago mail-tag.php 11 months ago mail.php 11 months ago pipe.php 11 months ago pocket-holder.php 3 years ago rest-api.php 11 months ago shortcodes.php 11 months ago special-mail-tags.php 1 year ago submission.php 11 months ago upgrade.php 11 months ago validation-functions.php 11 months ago validation.php 11 months ago
validation-functions.php
323 lines
1 <?php
2
3 /**
4 * Checks whether a string is a valid NAME token.
5 *
6 * ID and NAME tokens must begin with a letter ([A-Za-z])
7 * and may be followed by any number of letters, digits ([0-9]),
8 * hyphens ("-"), underscores ("_"), colons (":"), and periods (".").
9 *
10 * @link http://www.w3.org/TR/html401/types.html#h-6.2
11 *
12 * @return bool True if it is a valid name, false if not.
13 */
14 function wpcf7_is_name( $text ) {
15 return preg_match( '/^[A-Za-z][-A-Za-z0-9_:.]*$/', $text );
16 }
17
18
19 /**
20 * Checks whether the given text is a well-formed email address.
21 */
22 function wpcf7_is_email( $text ) {
23 $result = is_email( $text );
24 return apply_filters( 'wpcf7_is_email', $result, $text );
25 }
26
27
28 /**
29 * Checks whether the given text is a well-formed URL.
30 */
31 function wpcf7_is_url( $text ) {
32 $scheme = wp_parse_url( $text, PHP_URL_SCHEME );
33 $result = $scheme && in_array( $scheme, wp_allowed_protocols(), true );
34 return apply_filters( 'wpcf7_is_url', $result, $text );
35 }
36
37
38 /**
39 * Checks whether the given text is a well-formed telephone number.
40 */
41 function wpcf7_is_tel( $text ) {
42 $text = preg_replace( '/[#*].*$/', '', $text ); // Remove extension
43 $text = preg_replace( '%[()/.*#\s-]+%', '', $text );
44
45 $is_international = (
46 str_starts_with( $text, '+' ) ||
47 str_starts_with( $text, '00' )
48 );
49
50 if ( $is_international ) {
51 $text = '+' . preg_replace( '/^[+0]+/', '', $text );
52 }
53
54 $result = true;
55
56 if ( ! preg_match( '/^[+]?[0-9]+$/', $text ) ) {
57 $result = false;
58 }
59
60 if ( ! ( 5 < strlen( $text ) and strlen( $text ) < 16 ) ) {
61 $result = false;
62 }
63
64 return apply_filters( 'wpcf7_is_tel', $result, $text );
65 }
66
67
68 /**
69 * Checks whether the given text is a well-formed number.
70 *
71 * @link https://html.spec.whatwg.org/multipage/input.html#number-state-(type=number)
72 */
73 function wpcf7_is_number( $text ) {
74 $result = false;
75
76 $patterns = array(
77 '/^[-]?[0-9]+(?:[eE][+-]?[0-9]+)?$/',
78 '/^[-]?(?:[0-9]+)?[.][0-9]+(?:[eE][+-]?[0-9]+)?$/',
79 );
80
81 foreach ( $patterns as $pattern ) {
82 if ( preg_match( $pattern, $text ) ) {
83 $result = true;
84 break;
85 }
86 }
87
88 return apply_filters( 'wpcf7_is_number', $result, $text );
89 }
90
91
92 /**
93 * Checks whether the given text is a valid date.
94 *
95 * @link https://html.spec.whatwg.org/multipage/input.html#date-state-(type=date)
96 */
97 function wpcf7_is_date( $text ) {
98 $result = preg_match(
99 '/^([0-9]{4,})-([0-9]{2})-([0-9]{2})$/',
100 $text,
101 $matches
102 );
103
104 if ( $result ) {
105 $result = checkdate( $matches[2], $matches[3], $matches[1] );
106 }
107
108 return apply_filters( 'wpcf7_is_date', $result, $text );
109 }
110
111
112 /**
113 * Checks whether the given text is a valid time.
114 *
115 * @link https://html.spec.whatwg.org/multipage/input.html#time-state-(type=time)
116 */
117 function wpcf7_is_time( $text ) {
118 $result = preg_match(
119 '/^([0-9]{2})\:([0-9]{2})(?:\:([0-9]{2}))?$/',
120 $text,
121 $matches
122 );
123
124 if ( $result ) {
125 $hour = (int) $matches[1];
126 $minute = (int) $matches[2];
127 $second = empty( $matches[3] ) ? 0 : (int) $matches[3];
128
129 $result = (
130 0 <= $hour && $hour <= 23 &&
131 0 <= $minute && $minute <= 59 &&
132 0 <= $second && $second <= 59
133 );
134 }
135
136 return apply_filters( 'wpcf7_is_time', $result, $text );
137 }
138
139
140 /**
141 * Checks whether the given text is a well-formed mailbox list.
142 *
143 * @param string|array $mailbox_list The subject to be checked.
144 * Comma-separated string or an array of mailboxes.
145 * @return array|bool Array of email addresses if all items are well-formed
146 * mailbox, false if not.
147 */
148 function wpcf7_is_mailbox_list( $mailbox_list ) {
149 if ( ! is_array( $mailbox_list ) ) {
150 $mailbox_text = (string) $mailbox_list;
151
152 $mailbox_text = preg_replace(
153 '/\\\\(?:\"|\')/',
154 'esc-quote',
155 $mailbox_text
156 );
157
158 $mailbox_text = preg_replace(
159 '/(?:\".*?\"|\'.*?\')/',
160 'quoted-string',
161 $mailbox_text
162 );
163
164 $mailbox_list = explode( ',', $mailbox_text );
165 }
166
167 $addresses = array();
168
169 foreach ( $mailbox_list as $mailbox ) {
170 if ( ! is_string( $mailbox ) ) {
171 return false;
172 }
173
174 $mailbox = trim( $mailbox );
175
176 if ( '' === $mailbox ) {
177 continue;
178 }
179
180 if ( preg_match( '/<(.+)>$/', $mailbox, $matches ) ) {
181 $addr_spec = $matches[1];
182 } else {
183 $addr_spec = $mailbox;
184 }
185
186 if ( ! wpcf7_is_email( $addr_spec ) ) {
187 return false;
188 }
189
190 $addresses[] = $addr_spec;
191 }
192
193 return $addresses;
194 }
195
196
197 /**
198 * Checks whether an email address belongs to a domain.
199 *
200 * @param string $email A mailbox or a comma-separated list of mailboxes.
201 * @param string $domain Internet domain name.
202 * @return bool True if all of the email addresses belong to the domain,
203 * false if not.
204 */
205 function wpcf7_is_email_in_domain( $email, $domain ) {
206 $email_list = wpcf7_is_mailbox_list( $email );
207
208 if ( false === $email_list ) {
209 return false;
210 }
211
212 $domain = strtolower( $domain );
213
214 foreach ( $email_list as $email ) {
215 $email_domain = substr( $email, strrpos( $email, '@' ) + 1 );
216 $email_domain = strtolower( $email_domain );
217 $domain_parts = explode( '.', $domain );
218
219 do {
220 $site_domain = implode( '.', $domain_parts );
221
222 if ( $site_domain === $email_domain ) {
223 continue 2;
224 }
225
226 array_shift( $domain_parts );
227 } while ( $domain_parts );
228
229 return false;
230 }
231
232 return true;
233 }
234
235
236 /**
237 * Checks whether an email address belongs to the site domain.
238 */
239 function wpcf7_is_email_in_site_domain( $email ) {
240 if ( wpcf7_is_localhost() ) {
241 return true;
242 }
243
244 $homes = array(
245 home_url(),
246 network_home_url(),
247 );
248
249 $homes = array_unique( $homes );
250
251 foreach ( $homes as $home ) {
252 $sitename = wp_parse_url( $home, PHP_URL_HOST );
253
254 if ( WP_Http::is_ip_address( $sitename ) ) {
255 return true;
256 }
257
258 if ( wpcf7_is_email_in_domain( $email, $sitename ) ) {
259 return true;
260 }
261 }
262
263 return false;
264 }
265
266
267 /**
268 * Verifies that a given file path is under the directories that WordPress
269 * manages for user contents.
270 *
271 * Returns false if the file at the given path does not exist yet.
272 *
273 * @param string $path A file path.
274 * @return bool True if the path is under the content directories,
275 * false otherwise.
276 */
277 function wpcf7_is_file_path_in_content_dir( $path ) {
278 if ( ! is_string( $path ) or '' === $path ) {
279 return false;
280 }
281
282 $callback = static function ( $path, $dir ) {
283 if ( $real_path = realpath( $path ) ) {
284 $path = $real_path;
285 } else {
286 return false;
287 }
288
289 if ( $real_dir = realpath( $dir ) ) {
290 $dir = trailingslashit( $real_dir );
291 } else {
292 return false;
293 }
294
295 return str_starts_with(
296 wp_normalize_path( $path ),
297 wp_normalize_path( $dir )
298 );
299 };
300
301 if (
302 call_user_func( $callback, $path, WP_CONTENT_DIR )
303 ) {
304 return true;
305 }
306
307 if (
308 defined( 'UPLOADS' ) and
309 call_user_func( $callback, $path, ABSPATH . UPLOADS )
310 ) {
311 return true;
312 }
313
314 if (
315 defined( 'WP_TEMP_DIR' ) and
316 call_user_func( $callback, $path, WP_TEMP_DIR )
317 ) {
318 return true;
319 }
320
321 return false;
322 }
323