Ejemplo n.º 1
namespace Fisharebest\Webtrees;

use Fisharebest\Webtrees\Controller\SimpleController;
define('WT_SCRIPT_NAME', 'message.php');
require './includes/session.php';
// Some variables are initialised from GET (so we can set initial values in URLs),
// but are submitted in POST so we can have long body text.
$subject = Filter::post('subject', null, Filter::get('subject'));
$body = Filter::post('body');
$from_name = Filter::post('from_name');
$from_email = Filter::post('from_email');
$action = Filter::post('action', 'compose|send', 'compose');
$to = Filter::post('to', null, Filter::get('to'));
$method = Filter::post('method', 'messaging|messaging2|messaging3|mailto|none', Filter::get('method', 'messaging|messaging2|messaging3|mailto|none', 'messaging2'));
$url = Filter::postUrl('url', Filter::getUrl('url'));
$to_user = User::findByUserName($to);
$controller = new SimpleController();
$controller->restrictAccess($to_user || Auth::isAdmin() && ($to === 'all' || $to === 'last_6mo' || $to === 'never_logged'))->setPageTitle(I18N::translate('webtrees message'));
$errors = '';
// Is this message from a member or a visitor?
if (Auth::check()) {
    $from = Auth::user()->getUserName();
} else {
    // Visitors must provide a valid email address
    if ($from_email && (!preg_match("/(.+)@(.+)/", $from_email, $match) || function_exists('checkdnsrr') && checkdnsrr($match[2]) === false)) {
        $errors .= '<p class="ui-state-error">' . I18N::translate('Please enter a valid email address.') . '</p>';
        $action = 'compose';
    // Do not allow anonymous visitors to include links to external sites
    if (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
  * Generate the HTML content of this block.
  * @param int      $block_id
  * @param bool     $template
  * @param string[] $cfg
  * @return string
 public function getBlock($block_id, $template = true, $cfg = array())
     global $ctype, $controller, $WT_TREE;
     $action = Filter::get('action');
     switch ($action) {
         case 'deletefav':
             $favorite_id = Filter::getInteger('favorite_id');
             if ($favorite_id) {
         case 'addfav':
             $gid = Filter::get('gid', WT_REGEX_XREF);
             $favnote = Filter::get('favnote');
             $url = Filter::getUrl('url');
             $favtitle = Filter::get('favtitle');
             if ($gid) {
                 $record = GedcomRecord::getInstance($gid, $WT_TREE);
                 if ($record && $record->canShow()) {
                     self::addFavorite(array('user_id' => $ctype === 'user' ? Auth::id() : null, 'gedcom_id' => $WT_TREE->getTreeId(), 'gid' => $record->getXref(), 'type' => $record::RECORD_TYPE, 'url' => null, 'note' => $favnote, 'title' => $favtitle));
             } elseif ($url) {
                 self::addFavorite(array('user_id' => $ctype === 'user' ? Auth::id() : null, 'gedcom_id' => $WT_TREE->getTreeId(), 'gid' => null, 'type' => 'URL', 'url' => $url, 'note' => $favnote, 'title' => $favtitle ? $favtitle : $url));
     $block = $this->getBlockSetting($block_id, 'block', '0');
     foreach (array('block') as $name) {
         if (array_key_exists($name, $cfg)) {
             ${$name} = $cfg[$name];
     $userfavs = $this->getFavorites($ctype === 'user' ? Auth::id() : $WT_TREE->getTreeId());
     if (!is_array($userfavs)) {
         $userfavs = array();
     $id = $this->getName() . $block_id;
     $class = $this->getName() . '_block';
     $title = $this->getTitle();
     if (Auth::check()) {
     $content = '';
     if ($userfavs) {
         foreach ($userfavs as $key => $favorite) {
             if (isset($favorite['id'])) {
                 $key = $favorite['id'];
             $removeFavourite = '<a class="font9" href="index.php?ctype=' . $ctype . '&amp;ged=' . $WT_TREE->getNameHtml() . '&amp;action=deletefav&amp;favorite_id=' . $key . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to remove this item from your list of favorites?') . '\');">' . I18N::translate('Remove') . '</a> ';
             if ($favorite['type'] == 'URL') {
                 $content .= '<div id="boxurl' . $key . '.0" class="person_box">';
                 if ($ctype == 'user' || Auth::isManager($WT_TREE)) {
                     $content .= $removeFavourite;
                 $content .= '<a href="' . $favorite['url'] . '"><b>' . $favorite['title'] . '</b></a>';
                 $content .= '<br>' . $favorite['note'];
                 $content .= '</div>';
             } else {
                 $record = GedcomRecord::getInstance($favorite['gid'], $WT_TREE);
                 if ($record && $record->canShow()) {
                     if ($record instanceof Individual) {
                         $content .= '<div id="box' . $favorite["gid"] . '.0" class="person_box action_header';
                         switch ($record->getsex()) {
                             case 'M':
                             case 'F':
                                 $content .= 'F';
                                 $content .= 'NN';
                         $content .= '">';
                         if ($ctype == "user" || Auth::isManager($WT_TREE)) {
                             $content .= $removeFavourite;
                         $content .= Theme::theme()->individualBoxLarge($record);
                         $content .= $favorite['note'];
                         $content .= '</div>';
                     } else {
                         $content .= '<div id="box' . $favorite['gid'] . '.0" class="person_box">';
                         if ($ctype == 'user' || Auth::isManager($WT_TREE)) {
                             $content .= $removeFavourite;
                         $content .= $record->formatList('span');
                         $content .= '<br>' . $favorite['note'];
                         $content .= '</div>';
     if ($ctype == 'user' || Auth::isManager($WT_TREE)) {
         $uniqueID = Uuid::uuid4();
         // This block can theoretically appear multiple times, so use a unique ID.
         $content .= '<div class="add_fav_head">';
         $content .= '<a href="#" onclick="return expand_layer(\'add_fav' . $uniqueID . '\');">' . I18N::translate('Add a new favorite') . '<i id="add_fav' . $uniqueID . '_img" class="icon-plus"></i></a>';
         $content .= '</div>';
         $content .= '<div id="add_fav' . $uniqueID . '" style="display: none;">';
         $content .= '<form name="addfavform" method="get" action="index.php">';
         $content .= '<input type="hidden" name="action" value="addfav">';
         $content .= '<input type="hidden" name="ctype" value="' . $ctype . '">';
         $content .= '<input type="hidden" name="ged" value="' . $WT_TREE->getNameHtml() . '">';
         $content .= '<div class="add_fav_ref">';
         $content .= '<input type="radio" name="fav_category" value="record" checked onclick="jQuery(\'#gid' . $uniqueID . '\').removeAttr(\'disabled\'); jQuery(\'#url, #favtitle\').attr(\'disabled\',\'disabled\').val(\'\');">';
         $content .= '<label for="gid' . $uniqueID . '">' . I18N::translate('Enter an individual, family, or source ID') . '</label>';
         $content .= '<input class="pedigree_form" data-autocomplete-type="IFSRO" type="text" name="gid" id="gid' . $uniqueID . '" size="5" value="">';
         $content .= ' ' . FunctionsPrint::printFindIndividualLink('gid' . $uniqueID);
         $content .= ' ' . FunctionsPrint::printFindFamilyLink('gid' . $uniqueID);
         $content .= ' ' . FunctionsPrint::printFindSourceLink('gid' . $uniqueID);
         $content .= ' ' . FunctionsPrint::printFindRepositoryLink('gid' . $uniqueID);
         $content .= ' ' . FunctionsPrint::printFindNoteLink('gid' . $uniqueID);
         $content .= ' ' . FunctionsPrint::printFindMediaLink('gid' . $uniqueID);
         $content .= '</div>';
         $content .= '<div class="add_fav_url">';
         $content .= '<input type="radio" name="fav_category" value="url" onclick="jQuery(\'#url, #favtitle\').removeAttr(\'disabled\'); jQuery(\'#gid' . $uniqueID . '\').attr(\'disabled\',\'disabled\').val(\'\');">';
         $content .= '<input type="text" name="url" id="url" size="20" value="" placeholder="' . GedcomTag::getLabel('URL') . '" disabled> ';
         $content .= '<input type="text" name="favtitle" id="favtitle" size="20" value="" placeholder="' . I18N::translate('Title') . '" disabled>';
         $content .= '<p>' . I18N::translate('Enter an optional note about this favorite') . '</p>';
         $content .= '<textarea name="favnote" rows="6" cols="50"></textarea>';
         $content .= '</div>';
         $content .= '<input type="submit" value="' . I18N::translate('Add') . '">';
         $content .= '</form></div>';
     if ($template) {
         if ($block) {
             $class .= ' small_inner_block';
         return Theme::theme()->formatBlock($id, $title, $class, $content);
     } else {
         return $content;