/** * Sends the emails from the formmail content object. * * @return void * @access private * @see checkDataSubmission() * @todo Define visibility */ public function sendFormmail() { $formmail = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('t3lib_formmail'); $EMAIL_VARS = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST(); $locationData = $EMAIL_VARS['locationData']; unset($EMAIL_VARS['locationData']); unset($EMAIL_VARS['formtype_mail'], $EMAIL_VARS['formtype_mail_x'], $EMAIL_VARS['formtype_mail_y']); $integrityCheck = $this->TYPO3_CONF_VARS['FE']['strictFormmail']; if (!$this->TYPO3_CONF_VARS['FE']['secureFormmail']) { // Check recipient field: // These two fields are the ones which contain recipient addresses that can be misused to send mail from foreign servers. $encodedFields = explode(',', 'recipient, recipient_copy'); foreach ($encodedFields as $fieldKey) { if (strlen($EMAIL_VARS[$fieldKey])) { // Decode... if ($res = $this->codeString($EMAIL_VARS[$fieldKey], TRUE)) { $EMAIL_VARS[$fieldKey] = $res; } elseif ($integrityCheck) { // Otherwise abort: $GLOBALS['TT']->setTSlogMessage('"Formmail" discovered a field (' . $fieldKey . ') which could not be decoded to a valid string. Sending formmail aborted due to security reasons!', 3); return FALSE; } else { $GLOBALS['TT']->setTSlogMessage('"Formmail" discovered a field (' . $fieldKey . ') which could not be decoded to a valid string. The security level accepts this, but you should consider a correct coding though!', 2); } } } } else { $locData = explode(':', $locationData); $record = $this->sys_page->checkRecord($locData[1], $locData[2], 1); $EMAIL_VARS['recipient'] = $record['subheader']; $EMAIL_VARS['recipient_copy'] = $this->extractRecipientCopy($record['bodytext']); } // Hook for preprocessing of the content for formmails: if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['sendFormmail-PreProcClass'])) { foreach ($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['sendFormmail-PreProcClass'] as $_classRef) { $_procObj = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($_classRef); $EMAIL_VARS = $_procObj->sendFormmail_preProcessVariables($EMAIL_VARS, $this); } } $formmail->start($EMAIL_VARS); $formmail->sendtheMail(); $GLOBALS['TT']->setTSlogMessage('"Formmail" invoked, sending mail to ' . $EMAIL_VARS['recipient'], 0); }
/** * Checks if a formmail submission can be sent as email, also used for JumpURLs * should be removed once JumpURL is handled outside TypoScriptFrontendController * * @param string $locationData The input from $_POST['locationData'] * @return void|int */ protected function locDataCheck($locationData) { $locData = explode(':', $locationData); if (!$locData[1] || $this->sys_page->checkRecord($locData[1], $locData[2], 1)) { // $locData[1] -check means that a record is checked only if the locationData has a value for a record else than the page. if (!empty($this->sys_page->getPage($locData[0]))) { return 1; } else { $GLOBALS['TT']->setTSlogMessage('LocationData Error: The page pointed to by location data (' . $locationData . ') was not accessible.', 2); } } else { $GLOBALS['TT']->setTSlogMessage('LocationData Error: Location data (' . $locationData . ') record pointed to was not accessible.', 2); } }