/** * Renders a field. * * @param Field $field A field. * * @return string (X)HTML */ protected function renderField(Field $field) { $name = 'advfrm-' . $field->getName(); $o = '<tr><td class="label">' . XH_hsc($field->getLabel()) . '</td><td class="field">'; if (isset($_POST[$name])) { if (is_array($_POST[$name])) { foreach ($_POST[$name] as $val) { $o .= '<div>' . XH_hsc(stsl($val)) . '</div>'; } } else { $o .= $this->nl2br(XH_hsc(stsl($_POST[$name]))); } } elseif (isset($_FILES[$name])) { $o .= stsl($_FILES[$name]['name']); } $o .= '</td></tr>' . PHP_EOL; return $o; }
/** * Sends the mail and returns whether that was successful. * * @param string $id A form ID. * @param bool $confirmation Whether to send the confirmation mail. * * @return bool * * @global array The paths of system files and folders. * @global string The current language. * @global array The configuration of the plugins. * @global array The localization of the plugins. * @global string The (X)HTML fragment that contains error messages. */ function Advancedform_mail($id, $confirmation) { global $pth, $sl, $plugin_cf, $plugin_tx, $e; include_once $pth['folder']['plugins'] . 'advancedform/phpmailer/class.phpmailer.php'; $pcf = $plugin_cf['advancedform']; $ptx = $plugin_tx['advancedform']; $forms = Advancedform_db(); $form = $forms[$id]; $type = strtolower($pcf['mail_type']); $from = ''; $from_name = ''; foreach ($form['fields'] as $field) { if ($field['type'] == 'from_name') { $from_name = stsl($_POST['advfrm-' . $field['field']]); } elseif ($field['type'] == 'from') { $from = stsl($_POST['advfrm-' . $field['field']]); } } if ($confirmation && empty($from)) { $e .= '<li>' . $ptx['error_missing_sender'] . '</li>' . PHP_EOL; return false; } $mail = new PHPMailer(); $mail->LE = $pcf['mail_line_ending_*nix'] ? "\n" : "\r\n"; $mail->set('CharSet', 'UTF-8'); $mail->SetLanguage($sl, $pth['folder']['plugins'] . 'advancedform/phpmailer/language/'); $mail->set('WordWrap', 72); if ($confirmation) { $mail->set('From', $form['to']); $mail->set('FromName', $form['to_name']); $mail->AddAddress($from, $from_name); } else { $mail->set('From', $from); $mail->set('FromName', $from_name); $mail->AddAddress($form['to'], $form['to_name']); foreach (explode(';', $form['cc']) as $cc) { if (trim($cc) != '') { $mail->AddCC($cc); } } foreach (explode(';', $form['bcc']) as $bcc) { if (trim($bcc) != '') { $mail->AddBCC($bcc); } } } if ($confirmation) { $mail->set('Subject', sprintf($ptx['mail_subject_confirmation'], $form['title'], $_SERVER['SERVER_NAME'])); } else { $mail->set('Subject', sprintf($ptx['mail_subject'], $form['title'], $_SERVER['SERVER_NAME'], $_SERVER['REMOTE_ADDR'])); } $mail->IsHtml($type != 'text'); if ($type == 'text') { $mail->set('Body', Advancedform_mailBody($id, !$confirmation, false)); } else { $body = Advancedform_mailBody($id, !$confirmation, true); $mail->MsgHTML($body); $mail->set('AltBody', Advancedform_mailBody($id, !$confirmation, false)); } if (!$confirmation) { foreach ($form['fields'] as $field) { if ($field['type'] == 'file') { $name = 'advfrm-' . $field['field']; $mail->AddAttachment($_FILES[$name]['tmp_name'], stsl($_FILES[$name]['name'])); } } } if (function_exists('advfrm_custom_mail')) { if (advfrm_custom_mail($id, $mail, $confirmation) === false) { return true; } } $ok = $mail->Send(); if (!$confirmation) { if (!$ok) { $message = !empty($mail->ErrorInfo) ? Advancedform_hsc($mail->ErrorInfo) : $ptx['error_mail']; $e .= '<li>' . $message . '</li>' . PHP_EOL; } if (function_exists('XH_logMessage')) { $type = $ok ? 'info' : 'error'; $message = $ok ? $ptx['log_success'] : $ptx['log_error']; $message = sprintf($message, $from); XH_logMessage($type, 'Advancedform', $id, $message); } } return $ok; }
/** * Returns the posted fields, as e.g. needed for advfrm_custom_thanks_page(). * * @return array */ public static function fields() { $fields = array(); foreach ($_POST as $key => $val) { if (strpos($key, 'advfrm-') === 0) { $fields[substr($key, 7)] = is_array($val) ? implode("¦", array_map('stsl', $val)) : stsl($val); } } return $fields; }
/** * Determines the addresses of sender and recipients, and returns whether * that succeeded. * * @return bool * * @global array The localization of the plugins. * @global string The (X)HTML fragment with error messages. */ protected function determineAddresses() { global $plugin_tx, $e; $from = ''; $from_name = ''; foreach ($this->form->getFields() as $field) { $field = Field::make($field); if ($field->getType() == 'from_name') { $from_name = stsl($_POST['advfrm-' . $field->getName()]); } elseif ($field->getType() == 'from') { $from = stsl($_POST['advfrm-' . $field->getName()]); } } if ($this->isConfirmation && empty($from)) { $e .= '<li>' . $plugin_tx['advancedform']['error_missing_sender'] . '</li>' . PHP_EOL; return false; } if ($this->isConfirmation) { $this->mail->set('From', $this->form->getReceiver()); $this->mail->set('FromName', $this->form->getReceiverName()); $this->mail->AddAddress($from, $from_name); } else { $this->mail->set('From', $from); $this->mail->set('FromName', $from_name); $this->mail->AddAddress($this->form->getReceiver(), $this->form->getReceiverName()); foreach (explode(';', $this->form->getCC()) as $cc) { if (trim($cc) != '') { $this->mail->AddCC($cc); } } foreach (explode(';', $this->form->getBCC()) as $bcc) { if (trim($bcc) != '') { $this->mail->AddBCC($bcc); } } } return true; }
/** * Returns an article created from G/P parameters. * * @return Realblog_Article * * @global Realblog_Controller The plugin controller. */ protected function getArticleFromParameters() { global $_Realblog_controller; $article = new Realblog_Article(); $article->setId($_Realblog_controller->getPgParameter('realblog_id')); $article->setDate($_Realblog_controller->stringToTime($_Realblog_controller->getPgParameter('realblog_date'))); $article->setTitle(stsl($_Realblog_controller->getPgParameter('realblog_title'))); $article->setTeaser(stsl($_Realblog_controller->getPgParameter('realblog_headline'))); $article->setBody(stsl($_Realblog_controller->getPgParameter('realblog_story'))); $startDate = $_Realblog_controller->getPgParameter('realblog_startdate'); if (isset($startDate)) { $article->setPublishingDate($_Realblog_controller->stringToTime($startDate)); } else { $article->setPublishingDate(0); } $endDate = $_Realblog_controller->getPgParameter('realblog_enddate'); if (isset($endDate)) { $article->setArchivingDate($_Realblog_controller->stringToTime($endDate)); } else { $article->setArchivingDate(2147483647); } $article->setStatus($_Realblog_controller->getPgParameter('realblog_status')); $article->setFeedable($_Realblog_controller->getPgParameter('realblog_rssfeed')); $article->setCommentable($_Realblog_controller->getPgParameter('realblog_comments')); return $article; }
/** * Validates a filled in field wrt. custom constraints. * * @return string (X)HTML. */ protected function validateFilledInFieldCustom() { $o = ''; if (function_exists('advfrm_custom_valid_field')) { $value = $this->field->getType() == 'file' ? $_FILES[$this->name] : stsl($_POST[$this->name]); $valid = advfrm_custom_valid_field($this->formId, $this->field->getName(), $value); if ($valid !== true) { $o .= '<li>' . $valid . '</li>' . PHP_EOL; Controller::focusField($this->formId, $this->name); } } return $o; }
/** * Renders a non select field. * * @return string (X)HTML. */ protected function renderNonSelectField() { $o = ''; if (function_exists('advfrm_custom_field_default')) { $val = advfrm_custom_field_default($this->form, $this->field->getName(), null, isset($_POST['advfrm'])); } if (!isset($val)) { $val = isset($_POST[$this->name]) ? stsl($_POST[$this->name]) : $this->field->getDefaultValue(); } if ($this->field->getType() == 'textarea') { $cols = $this->field->getColumnCount() ? $this->field->getColumnCount() : 40; $rows = $this->field->getRowCount() ? $this->field->getRowCount() : 4; $o .= '<textarea id="' . $this->id . '" name="' . $this->name . '" cols="' . $cols . '" rows="' . $rows . '">' . XH_hsc($val) . '</textarea>'; } elseif ($this->field->getType() == 'output') { $o .= $val; } else { if ($this->field->getType() == 'date') { $this->initDatePicker(); } $size = $this->field->getType() == 'hidden' || $this->field->getSize() ? ' size="' . $this->field->getSize() . '"' : ''; $maxlen = in_array($this->field->getType(), array('hidden', 'file')) || !$this->field->getMaxLength() ? '' : ' maxlength="' . $this->field->getMaxLength() . '"'; if ($this->field->getType() == 'file' && $this->field->getMaxLength()) { $o .= tag('input type="hidden" name="MAX_FILE_SIZE" value="' . $this->field->getMaxLength() . '"'); } if ($this->field->getType() == 'file') { $value = ''; $accept = ' accept="' . XH_hsc($this->prefixFileExtensionList($val)) . '"'; } else { $value = ' value="' . XH_hsc($val) . '"'; $accept = ''; } $o .= tag('input type="' . $this->getInputElementType() . '" id="' . $this->id . '" name="' . $this->name . '"' . $value . $accept . $size . $maxlen); } return $o; }
/** * Returns whether the correct captcha code was entered * after the form containing the captcha was posted. * * @return bool */ function Advancedform_Captcha_check() { $ok = isset($_SESSION['advfrm_captcha'][$_POST['advancedform-captcha_id']]) && stsl($_POST['advancedform-captcha']) == $_SESSION['advfrm_captcha'][$_POST['advancedform-captcha_id']]; unset($_SESSION['advfrm_captcha'][$_POST['advancedform-captcha_id']]); return $ok; }
/** * Saves the modified mail form definition. Returns the the mail form list on * success, or the mail form editor on failure. * * @param string $id A form ID. * * @return string (X)HTML. * * @global string The (X)HTML fragments containing error messages. * @global array The localization of the plugins. * @global object The CSRF protector. */ function Advancedform_saveForm($id) { global $e, $plugin_tx, $_XH_csrfProtection; $ptx = $plugin_tx['advancedform']; if ($_SERVER['REQUEST_METHOD'] != 'POST') { return Advancedform_formsAdministration(); } if (isset($_XH_csrfProtection)) { $_XH_csrfProtection->check(); } $forms = Advancedform_db(); if (!isset($forms[$id])) { $e .= '<li><b>' . sprintf($ptx['error_form_missing'], $id) . '</b></li>'; return Advancedform_formsAdministration(); } unset($forms[$id]); if (!isset($forms[$_POST['advfrm-name']])) { $id = $_POST['advfrm-name']; $ok = true; } else { $_POST['advfrm-name'] = $id; $e .= '<li>' . $ptx['error_form_exists'] . '</li>'; $ok = false; } $forms[$id]['captcha'] = false; $forms[$id]['store'] = false; foreach ($_POST as $key => $val) { $keys = explode('-', $key); if ($keys[0] == 'advfrm') { if (!is_array($val)) { if (in_array($keys[1], array('captcha', 'store'))) { $forms[$id][$keys[1]] = true; } else { $forms[$id][$keys[1]] = stsl($val); } } else { foreach ($val as $num => $fieldval) { $forms[$id]['fields'][$num][$keys[1]] = stsl($fieldval); } } } } Advancedform_db($forms); return $ok ? Advancedform_formsAdministration() : Advancedform_editForm($id); }
/** * Returns the comment preview. * * @return string (X)HTML. * * @global array The paths of system files and folders. */ public function commentPreview() { global $pth; $comment = $this->getBbcode()->convert(stsl($_POST['data'])); $templateStylesheet = $pth['file']['stylesheet']; $forumStylesheet = $pth['folder']['plugins'] . 'forum/css/stylesheet.css'; $bag = compact('comment', 'templateStylesheet', 'forumStylesheet'); return $this->render('preview', $bag); }
/** * Renders a field. * * @param Field $field A field. * * @return string */ protected function renderField(Field $field) { $name = 'advfrm-' . $field->getName(); $o = $field->getLabel() . PHP_EOL; if (isset($_POST[$name])) { if (is_array($_POST[$name])) { foreach ($_POST[$name] as $val) { $o .= ' ' . stsl($val) . PHP_EOL; } } else { $o .= ' ' . $this->indent(stsl($_POST[$name])) . PHP_EOL; } } elseif (isset($_FILES[$name])) { $o .= ' ' . stsl($_FILES[$name]['name']) . PHP_EOL; } return $o; }