static function validate_data()
{
// Sanitize and validate the data on the form
// At the same time, build the string for the email message
// Set up variables
// new lines should be (\n for UNIX, \r\n for Windows and \r for Mac)
self::$php_eol = !defined('PHP_EOL') ? ($eol = strtolower(substr(PHP_OS, 0, 3))) == 'win' ? "\r\n" : ($eol == 'mac' ? "\r" : "\n") : PHP_EOL;
self::$php_eol = !self::$php_eol ? "\n" : self::$php_eol;
self::$form_action_url = FSCF_Display::get_form_action_url();
// Go through all the form fields
// ********** First process the special fields **********
$special_slugs = array('f_name', 'm_name', 'mi_name', 'l_name', 'email2', 'mailto_id');
foreach ($special_slugs as $special) {
if (isset($_POST[$special])) {
// Check for newline injection attempts
self::forbidifnewlines($_POST[$special]);
self::$form_data[$special] = FSCF_Util::clean_input($_POST[$special]);
}
}
// Get the email-to contact
$cid = self::$form_data['mailto_id'];
if (empty($cid)) {
self::$form_errors['contact'] = self::$form_options['error_contact_select'] != '' ? self::$form_options['error_contact_select'] : __('Selecting a contact is required.', 'si-contact-form');
} else {
$frm_id = self::$form_id_num;
$contacts = FSCF_Display::get_contact_list(self::$form_id_num, self::$form_options['email_to']);
$contact = isset($contacts[$cid]) ? $contacts[$cid] : false;
if (!isset($contact['CONTACT'])) {
self::$form_errors['contact'] = __('Requested Contact not found.', 'si-contact-form');
}
}
// Setup the email and contact name for email
self::$email_fields['email_to'] = isset($contact['EMAIL']) ? FSCF_Util::clean_input($contact['EMAIL']) : '';
self::$email_fields['name_to'] = isset($contact['CONTACT']) ? FSCF_Util::clean_input($contact['CONTACT']) : '';
// some people want labels and fields inline, some want the fields on new line
$inline_or_newline = self::$php_eol;
if (self::$form_options['email_inline_label'] == 'true') {
$inline_or_newline = ' ';
}
// Start the email message
// XXX someone might want to change To: , could add a setting
self::$email_fields['name_to'] = str_replace(''', "'", self::$email_fields['name_to']);
self::$email_fields['name_to'] = str_replace('"', '"', self::$email_fields['name_to']);
self::$email_fields['name_to'] = str_replace('&', '&', self::$email_fields['name_to']);
self::$email_msg = self::make_bold(__('To:', 'si-contact-form')) . $inline_or_newline . self::$email_fields['name_to'] . self::$php_eol . self::$php_eol;
// ********* Now process the fields set up in Options **********
$fields_in_use = array();
foreach (self::$form_options['fields'] as $key => $field) {
if ('true' == $field['disable'] || 'fieldset-close' == $field['type']) {
continue;
}
$fields_in_use[$field['slug']] = 1;
if ('fieldset' == $field['type']) {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
continue;
}
// ***** Do processing that applies to all fields *****
// Check for newline injection attempts
if (in_array($field['type'], self::$text_type_fields) && $field['type'] != 'textarea') {
if (!empty($_POST[$field['slug']])) {
self::forbidifnewlines($_POST[$field['slug']]);
}
}
// Add sanitized data from POST to the form data array
if (isset($_POST[$field['slug']])) {
if ('textarea' == $field['type'] && 'true' == self::$form_options['textarea_html_allow']) {
self::$form_data[$field['slug']] = wp_kses_data(stripslashes($_POST[$field['slug']]));
} else {
self::$form_data[$field['slug']] = FSCF_Util::clean_input($_POST[$field['slug']]);
}
} else {
if ('checkbox' == $field['type'] || 'radio' == $field['type']) {
self::$form_data[$field['slug']] = '';
} else {
if ('checkbox-multiple' == $field['type']) {
self::$form_data[$field['slug']] = array();
}
}
}
// XXX changed for option to hide labels that do not have field values, like when not required.
// self::$email_msg .= self::make_bold( $field['label'] ) . $inline_or_newline;
// Required validate
// ..different for checkbox-multiple, select types. Not for hidden, checkbox
if (in_array($field['type'], self::$select_type_fields)) {
//if ( 'checkbox' != $field['type'] ) {
// select, select-multiple, checkbox-multiple require at least one item to be selected
if ('subject' == $field['slug'] && 'select' == $field['type']) {
self::$selected_subject = self::validate_subject_select($field);
} else {
if ('select' == $field['type']) {
self::validate_select($field['slug'], $field);
} else {
if ('true' == $field['req']) {
if (!isset($_POST[$field['slug']])) {
self::$form_errors[$field['slug']] = self::$form_options['error_select'] != '' ? self::$form_options['error_select'] : __('At least one item in this field is required.', 'si-contact-form');
}
}
}
}
//}
} else {
if ('hidden' != $field['type'] && 'attachment' != $field['type']) {
if ('true' == $field['placeholder'] && $field['default'] != '' && isset($_POST[$field['slug']])) {
// strip out the placeholder they posted with
$examine_placeholder_input = '';
$examine_placeholder_input = stripslashes($_POST[$field['slug']]);
if ($field['default'] == $examine_placeholder_input) {
$_POST[$field['slug']] = '';
}
}
// Check for required fields
// The name and email fields are validated separately
if ('full_name' == $field['slug']) {
self::validate_name($field, $inline_or_newline);
} else {
if ('email' == $field['slug']) {
self::validate_email($field['req'], $inline_or_newline);
} else {
if ('email' == $field['type']) {
// extra field email type
self::validate_email_type($field['slug'], $field['req']);
} else {
if ('url' == $field['type']) {
// extra field email type
self::validate_url_type($field['slug'], $field['req']);
} else {
if ('true' == $field['req'] && $_POST[$field['slug']] == '') {
self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form');
}
}
}
}
}
}
}
// Max len validate (text type fields, and date?)
if (in_array($field['type'], self::$text_type_fields) && $field['max_len'] != '' && strlen($_POST[$field['slug']]) > $field['max_len']) {
self::$form_errors[$field['slug']] = sprintf(self::$form_options['error_maxlen'] != '' ? self::$form_options['error_maxlen'] : __('Maximum of %d characters exceeded.', 'si-contact-form'), $field['max_len']);
}
// Regex validate (not for hidden, checkbox/m, select/m, radio)
if (!in_array($field['type'], self::$select_type_fields) && 'hidden' != $field['type'] && 'checkbox' != $field['type'] && $field['regex'] != '') {
if ('true' == $field['req'] && empty($_POST[$field['slug']])) {
self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form');
} else {
if (!empty($_POST[$field['slug']]) && !preg_match($field['regex'], $_POST[$field['slug']])) {
self::$form_errors[$field['slug']] = $field['regex_error'] != '' ? $field['regex_error'] : __('Invalid input.', 'si-contact-form');
}
}
}
// filter hook for form input validation
self::$form_errors = apply_filters('si_contact_form_validate', self::$form_errors, self::$form_id_num);
// ***** Now do processing based on field type *****
switch ($field['type']) {
case 'text':
case 'email':
case 'hidden':
case 'textarea':
case 'password':
case 'url':
if ('full_name' != $field['slug'] && 'email' != $field['slug']) {
if (self::$form_data[$field['slug']] == '' && self::$form_options['email_hide_empty'] == 'true') {
} else {
if ('subject' == $field['slug']) {
$this_label = self::$form_options['title_subj'] != '' ? self::$form_options['title_subj'] : __('Subject:', 'si-contact-form');
self::$email_msg .= self::make_bold($this_label) . $inline_or_newline;
} elseif ('message' == $field['slug']) {
$this_label = self::$form_options['title_mess'] != '' ? self::$form_options['title_mess'] : __('Message:', 'si-contact-form');
self::$email_msg .= self::make_bold($this_label) . $inline_or_newline;
} else {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
}
self::$email_fields[$field['slug']] = self::$form_data[$field['slug']];
self::$email_msg .= self::$form_data[$field['slug']] . self::$php_eol . self::$php_eol;
}
}
break;
case 'checkbox':
if (empty(self::$form_data[$field['slug']]) && self::$form_options['email_hide_empty'] == 'true') {
} else {
if ('1' == self::$form_data[$field['slug']]) {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
//self::$email_fields[$field['slug']] = '* '.__('selected', 'si-contact-form');
self::$email_fields[$field['slug']] = __('selected', 'si-contact-form');
self::$email_msg .= self::$email_fields[$field['slug']] . self::$php_eol . self::$php_eol;
}
}
break;
case 'radio':
// the response is the number of a single option
// Get the options list
$opts_array = explode("\n", $field['options']);
if ('' == $opts_array[0] && 'checkbox' == $field['type']) {
$opts_array[0] = $field['label'];
}
// use the field name as the option name
if (!isset($opts_array[self::$form_data[$field['slug']] - 1]) && self::$form_options['email_hide_empty'] == 'true') {
} else {
if (isset($opts_array[self::$form_data[$field['slug']] - 1])) {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
//self::$email_fields[$field['slug']] = ' * ' . $opts_array[self::$form_data[$field['slug']]-1];
self::$email_fields[$field['slug']] = $opts_array[self::$form_data[$field['slug']] - 1];
// is this key==value set? use the key
if (preg_match('/^(.*)(==)(.*)$/', self::$email_fields[$field['slug']], $matches)) {
self::$email_fields[$field['slug']] = $matches[1];
}
self::$email_msg .= self::$email_fields[$field['slug']] . self::$php_eol . self::$php_eol;
}
}
break;
case 'select':
$chosen = '';
if ('subject' == $field['slug'] && 'select' == $field['type']) {
$chosen = self::$selected_subject;
} else {
// response(s) are in an array
// was anything selected?
if (!empty(self::$form_data[$field['slug']])) {
$opts_array = explode("\n", $field['options']);
if (preg_match('/^\\[.*]$/', trim($opts_array[0]))) {
// "[Please select]"
unset($opts_array[0]);
} else {
$opts_array = array_combine(range(1, count($opts_array)), array_values($opts_array));
}
foreach ($opts_array as $k => $v) {
if (in_array($k, self::$form_data[$field['slug']])) {
// is this key==value set? use the key
if (preg_match('/^(.*)(==)(.*)$/', $v, $matches)) {
$v = $matches[1];
}
$chosen .= $v;
// only one should be selected
}
}
}
}
if ($chosen == '' && self::$form_options['email_hide_empty'] == 'true') {
} else {
if ('subject' == $field['slug'] && 'select' == $field['type']) {
$this_label = self::$form_options['title_subj'] != '' ? self::$form_options['title_subj'] : __('Subject:', 'si-contact-form');
self::$email_msg .= self::make_bold($this_label) . $inline_or_newline;
} else {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
}
self::$email_fields[$field['slug']] = $chosen;
self::$email_msg .= $chosen . self::$php_eol . self::$php_eol;
}
break;
case 'select-multiple':
case 'checkbox-multiple':
// response(s) are in an array
$chosen = '';
// was anything selected?
if (!empty(self::$form_data[$field['slug']])) {
$opts_array = explode("\n", $field['options']);
if (count(self::$form_data[$field['slug']]) > 1) {
// prefix with ' * ' for multiple selections
foreach ($opts_array as $k => $v) {
if (in_array($k + 1, self::$form_data[$field['slug']])) {
// is this key==value set? use the key
if (preg_match('/^(.*)(==)(.*)$/', $v, $matches)) {
$v = $matches[1];
}
$chosen .= ' * ' . $v;
}
}
} else {
foreach ($opts_array as $k => $v) {
// no prefix ' * ' on single selections
if (in_array($k + 1, self::$form_data[$field['slug']])) {
// is this key==value set? use the key
if (preg_match('/^(.*)(==)(.*)$/', $v, $matches)) {
$v = $matches[1];
}
$chosen .= $v;
}
}
}
}
if ($chosen == '' && self::$form_options['email_hide_empty'] == 'true') {
} else {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
self::$email_fields[$field['slug']] = $chosen;
self::$email_msg .= $chosen . self::$php_eol . self::$php_eol;
}
break;
case 'date':
$cal_date_array = array('mm/dd/yyyy' => esc_html(__('mm/dd/yyyy', 'si-contact-form')), 'dd/mm/yyyy' => esc_html(__('dd/mm/yyyy', 'si-contact-form')), 'mm-dd-yyyy' => esc_html(__('mm-dd-yyyy', 'si-contact-form')), 'dd-mm-yyyy' => esc_html(__('dd-mm-yyyy', 'si-contact-form')), 'mm.dd.yyyy' => esc_html(__('mm.dd.yyyy', 'si-contact-form')), 'dd.mm.yyyy' => esc_html(__('dd.mm.yyyy', 'si-contact-form')), 'yyyy/mm/dd' => esc_html(__('yyyy/mm/dd', 'si-contact-form')), 'yyyy-mm-dd' => esc_html(__('yyyy-mm-dd', 'si-contact-form')), 'yyyy.mm.dd' => esc_html(__('yyyy.mm.dd', 'si-contact-form')));
$not_chosen = 0;
if ('true' != $field['req'] && ($cal_date_array[self::$form_options['date_format']] == $_POST[$field['slug']] || empty($_POST[$field['slug']]))) {
// not required, no date picked
// this field wasn't set to required, no date picked, skip it
$not_chosen = 1;
} else {
if (!self::validate_date(self::$form_data[$field['slug']], self::$form_id_num)) {
// picked a date
self::$form_errors[$field['slug']] = sprintf(self::$form_options['error_date'] != '' ? self::$form_options['error_date'] : __('Please select a valid date in this format: %s.', 'si-contact-form'), $cal_date_array[self::$form_options['date_format']]);
} else {
if ($not_chosen && self::$form_options['email_hide_empty'] == 'true') {
} else {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
self::$email_fields[$field['slug']] = self::$form_data[$field['slug']];
self::$email_msg .= self::$form_data[$field['slug']] . self::$php_eol . self::$php_eol;
}
}
}
break;
case 'time':
$not_chosen = 0;
if (self::$form_options['time_format'] == '12') {
$concat_time = self::$form_data[$field['slug']]['h'] . ':' . self::$form_data[$field['slug']]['m'] . ' ' . self::$form_data[$field['slug']]['ap'];
if ('true' != $field['req'] && (empty(self::$form_data[$field['slug']]['h']) && empty(self::$form_data[$field['slug']]['m']) && empty(self::$form_data[$field['slug']]['ap']))) {
// not required, no time picked
// this field wasn't set to required, no times picked, skip it
$not_chosen = 1;
$concat_time = '';
} else {
if ('true' != $field['req'] && !self::validate_time_ap(self::$form_data[$field['slug']]['h'], self::$form_data[$field['slug']]['m'], self::$form_data[$field['slug']]['ap'])) {
// selection is incomplete
self::$form_errors[$field['slug']] = self::$form_options['error_time'] != '' ? self::$form_options['error_time'] : __('The time selections are incomplete, select all or none.', 'si-contact-form');
} else {
if ('true' == $field['req'] && (!preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['h']) || !preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['m']) || empty(self::$form_data[$field['slug']]['ap']))) {
// not picked a time
self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form');
}
}
}
} else {
// 24 hour format with no am/pm select field
$concat_time = self::$form_data[$field['slug']]['h'] . ':' . self::$form_data[$field['slug']]['m'];
if ('true' != $field['req'] && (empty(self::$form_data[$field['slug']]['h']) && empty(self::$form_data[$field['slug']]['m']))) {
// not required, no time picked
// this field wasn't set to required, no times picked, skip it
$not_chosen = 1;
$concat_time = '';
} else {
if ('true' != $field['req'] && !self::validate_time(self::$form_data[$field['slug']]['h'], self::$form_data[$field['slug']]['m'])) {
// selection is incomplete
self::$form_errors[$field['slug']] = self::$form_options['error_time'] != '' ? self::$form_options['error_time'] : __('The time selections are incomplete, select all or none.', 'si-contact-form');
} else {
if ('true' == $field['req'] && (!preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['h']) || !preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['m']))) {
// not picked a time
self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form');
}
}
}
}
if ($not_chosen && self::$form_options['email_hide_empty'] == 'true') {
} else {
self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline;
self::$email_fields[$field['slug']] = $concat_time;
self::$email_msg .= $concat_time . self::$php_eol . self::$php_eol;
}
break;
case 'attachment':
self::validate_attach($field['slug'], $field['req'], $field['label'], $inline_or_newline);
break;
default:
}
// end switch
}
// end foreach
// Add any hidden fields added by shortcodes
// This is used only for sending email. If the form is redrawn, the hidden fields will be added from
// the shortcode.
$frm_id = self::$form_id_num;
if (self::$global_options['enable_php_sessions'] == 'true' && !empty($_SESSION["fsc_shortcode_hidden_{$frm_id}"])) {
$hidden_fields = $_SESSION["fsc_shortcode_hidden_{$frm_id}"];
foreach ($hidden_fields as $key => $value) {
if ($key != '' && $value != '') {
if ($key == 'form_page') {
// page url
self::$email_msg .= self::make_bold(__('Form Page', 'si-contact-form')) . $inline_or_newline . esc_url(self::$form_action_url) . self::$php_eol . self::$php_eol;
self::$email_fields['form_page'] = esc_url(self::$form_action_url);
} else {
self::$email_msg .= self::make_bold($key) . $inline_or_newline . stripslashes($value) . self::$php_eol . self::$php_eol;
self::$email_fields[$key] = $value;
}
}
}
}
// filter hook to add any custom fields to email_fields array (not validated)
self::$email_fields = apply_filters('si_contact_email_fields', self::$email_fields, self::$form_id_num);
// filter hook to add any custom fields to email message (not validated)
self::$email_msg = apply_filters('si_contact_email_msg', self::$email_msg, $inline_or_newline, self::$php_eol, self::$form_id_num);
if (self::$form_options['print_form_enable'] == 'true') {
self::$email_msg_print = self::$email_msg;
//self::$email_msg_print .= self::make_bold( 'Time:' ) . $inline_or_newline;
//self::$email_msg_print .= date_i18n(get_option('date_format').' '.get_option('time_format'), current_time('timestamp') );
}
self::$email_fields['date_time'] = date_i18n(get_option('date_format') . ' ' . get_option('time_format'), current_time('timestamp'));
self::$email_fields['ip_address'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'n/a';
self::check_captcha();
// check honeypot, if enabled
if (self::$form_options['honeypot_enable'] == 'true' && !isset(self::$form_errors['captcha'])) {
$honeypot_slug = FSCF_Display::get_todays_honeypot_slug($fields_in_use);
if (!empty($_POST[$honeypot_slug])) {
self::$form_errors[$honeypot_slug] = self::$form_options['error_spambot'] != '' ? self::$form_options['error_spambot'] : __('Possible spam bot. Try again.', 'si-contact-form');
}
}
self::$email_msg .= self::check_akismet();
if (self::$form_options['sender_info_enable'] == 'true') {
self::$email_msg .= self::get_user_info();
}
// adds sender info to email
// filter hook for modifying the complete email message
self::$email_msg = apply_filters('si_contact_email_message', self::$email_msg, self::$email_fields, $inline_or_newline, self::$php_eol, self::$form_id_num);
return;
}
