function contact_form_send_message($to, $subject, $widget) { global $post; if (!isset($_POST['contact-form-id'])) { return; } if ($widget && 'widget-' . $widget != $_POST['contact-form-id'] || !$widget && $post->ID != $_POST['contact-form-id']) { return; } if ($widget) { check_admin_referer('contact-form_widget-' . $widget); } else { check_admin_referer('contact-form_' . $post->ID); } global $contact_form_values, $contact_form_errors, $current_user, $user_identity; global $contact_form_fields, $contact_form_message; // compact the fields and values into an array of Label => Value pairs // also find values for comment_author_email and other significant fields $all_values = $extra_values = array(); foreach ($contact_form_fields as $id => $field) { if ($field['type'] == 'email' && !isset($comment_author_email)) { $comment_author_email = $contact_form_values[$id]; $comment_author_email_label = $field['label']; } elseif ($field['type'] == 'name' && !isset($comment_author)) { $comment_author = $contact_form_values[$id]; $comment_author_label = $field['label']; } elseif ($field['type'] == 'url' && !isset($comment_author_url)) { $comment_author_url = $contact_form_values[$id]; $comment_author_url_label = $field['label']; } elseif ($field['type'] == 'textarea' && !isset($comment_content)) { $comment_content = $contact_form_values[$id]; $comment_content_label = $field['label']; } else { $extra_values[$field['label']] = $contact_form_values[$id]; } $all_values[$field['label']] = $contact_form_values[$id]; } /* $contact_form_values = array(); $contact_form_errors = new WP_Error(); list($comment_author, $comment_author_email, $comment_author_url) = is_user_logged_in() ? add_magic_quotes( array( $user_identity, $current_user->data->user_email, $current_user->data->user_url ) ) : array( $_POST['comment_author'], $_POST['comment_author_email'], $_POST['comment_author_url'] ); */ $comment_author = stripslashes(apply_filters('pre_comment_author_name', $comment_author)); $comment_author_email = stripslashes(apply_filters('pre_comment_author_email', $comment_author_email)); $comment_author_url = stripslashes(apply_filters('pre_comment_author_url', $comment_author_url)); if ('http://' == $comment_author_url) { $comment_author_url = ''; } $comment_content = stripslashes($comment_content); $comment_content = trim(wp_kses($comment_content, array())); if (empty($contact_form_subject)) { $contact_form_subject = $subject; } else { $contact_form_subject = trim(wp_kses($contact_form_subject, array())); } $comment_author_IP = $_SERVER['REMOTE_ADDR']; $vars = array('comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP'); foreach ($vars as $var) { ${$var} = str_replace(array("\n", "\r"), '', ${$var}); } // I don't know if it's possible to inject this $vars[] = 'comment_content'; $contact_form_values = compact($vars); $spam = ''; $akismet_values = contact_form_prepare_for_akismet($contact_form_values); $is_spam = apply_filters('contact_form_is_spam', $akismet_values); if (is_wp_error($is_spam)) { return; } else { if ($is_spam === TRUE) { $spam = '***SPAM*** '; } } if (!$comment_author) { $comment_author = $comment_author_email; } $headers = 'From: ' . wp_kses($comment_author, array()) . ' <' . wp_kses($comment_author_email, array()) . ">\r\n" . 'Reply-To: ' . wp_kses($comment_author_email, array()) . "\r\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\""; $subject = apply_filters('contact_form_subject', $spam . $contact_form_subject); $subject = wp_kses($subject, array()); $time = date_i18n(__('l F j, Y \\a\\t g:i a', "mm"), current_time('timestamp')); $extra_content = ''; foreach ($extra_values as $label => $value) { $extra_content .= $label . ': ' . trim($value) . "\n"; $extra_content_br .= wp_kses($label, array()) . ': ' . wp_kses(trim($value), array()) . "<br />"; } $message = $comment_author_label . ": " . $comment_author . "\r\r\n" . $comment_author_email_label . ": " . $comment_author_email . "\r\r\n" . $comment_author_url_label . ": " . $comment_author_url . "\r\r\n" . $comment_content_label . ": " . $comment_content . "\r\r\n{$extra_content}\r\r\n\r\r\n" . __("Time:", "mm") . " " . $time . "\r\r\n" . __("IP Address:", "mm") . " " . $comment_author_IP . "\r\r\n" . __("Contact Form URL:", "mm") . " " . get_permalink($post->ID) . "\r\r\n\r\r\n"; // Construct message that is returned to user $contact_form_message = "<blockquote>"; if (isset($comment_author_label)) { $contact_form_message .= wp_kses($comment_author_label, array()) . ": " . wp_kses($comment_author, array()) . "<br />"; } if (isset($comment_author_email_label)) { $contact_form_message .= wp_kses($comment_author_email_label, array()) . ": " . wp_kses($comment_author_email, array()) . "<br />"; } if (isset($comment_author_url_label)) { $contact_form_message .= wp_kses($comment_author_url_label, array()) . ": " . wp_kses($comment_author_url, array()) . "<br />"; } if (isset($comment_content_label)) { $contact_form_message .= wp_kses($comment_content_label, array()) . ": " . wp_kses($comment_content, array()) . "<br />"; } if (isset($extra_content_br)) { $contact_form_message .= $extra_content_br; } $contact_form_message .= "</blockquote><br /><br />"; if (is_user_logged_in()) { $message .= sprintf(__("\nSent by a verified %s user.", "mm"), isset($GLOBALS['current_site']->site_name) && $GLOBALS['current_site']->site_name ? $GLOBALS['current_site']->site_name : '"' . get_option('blogname') . '"'); } else { $message .= __("Sent by an unverified visitor to your site.", "mm"); } $message = apply_filters('contact_form_message', $message); $message = wp_kses($message, array()); $to = apply_filters('contact_form_to', $to); foreach ((array) $to as $to_key => $to_value) { $to[$to_key] = wp_kses($to_value, array()); } // keep a copy of the feedback as a custom post type $feedback_mysql_time = current_time('mysql'); $feedback_title = "{$comment_author} - {$feedback_mysql_time}"; $feedback_status = 'publish'; if ($is_spam === TRUE) { $feedback_status = 'spam'; } foreach ((array) $akismet_values as $av_key => $av_value) { $akismet_values[$av_key] = wp_kses($av_value, array()); } foreach ((array) $all_values as $all_key => $all_value) { $all_values[$all_key] = wp_kses($all_value, array()); } foreach ((array) $extra_values as $ev_key => $ev_value) { $ev_values[$ev_key] = wp_kses($ev_value, array()); } # We need to make sure that the post author is always zero for contact # form submissions. This prevents export/import from trying to create # new users based on form submissions from people who were logged in # at the time. # # Unfortunately wp_insert_post() tries very hard to make sure the post # author gets the currently logged in user id. That is how we ended up # with this work around. global $do_grunion_insert; $do_grunion_insert = TRUE; add_filter('wp_insert_post_data', 'grunion_insert_filter', 10, 2); $post_id = wp_insert_post(array('post_date' => $feedback_mysql_time, 'post_type' => 'feedback', 'post_status' => $feedback_status, 'post_parent' => $post->ID, 'post_title' => wp_kses($feedback_title, array()), 'post_content' => wp_kses($comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$contact_form_subject}\nIP: {$comment_author_IP}\n" . print_r($all_values, TRUE), array()), 'post_name' => md5($feedback_title))); # once insert has finished we don't need this filter any more remove_filter('wp_insert_post_data', 'grunion_insert_filter'); $do_grunion_insert = FALSE; update_post_meta($post_id, '_feedback_author', wp_kses($comment_author, array())); update_post_meta($post_id, '_feedback_author_email', wp_kses($comment_author_email, array())); update_post_meta($post_id, '_feedback_author_url', wp_kses($comment_author_url, array())); update_post_meta($post_id, '_feedback_subject', wp_kses($contact_form_subject, array())); update_post_meta($post_id, '_feedback_ip', wp_kses($comment_author_IP, array())); update_post_meta($post_id, '_feedback_contact_form_url', wp_kses(get_permalink($post->ID), array())); update_post_meta($post_id, '_feedback_all_fields', $all_values); update_post_meta($post_id, '_feedback_extra_fields', $extra_values); update_post_meta($post_id, '_feedback_akismet_values', $akismet_values); update_post_meta($post_id, '_feedback_email', array('to' => $to, 'subject' => $subject, 'message' => $message, 'headers' => $headers)); do_action('grunion_pre_message_sent', $post_id, $all_values, $extra_values); if ($is_spam !== TRUE) { return wp_mail($to, $subject, $message, $headers); } elseif (apply_filters('grunion_still_email_spam', FALSE) == TRUE) { return wp_mail($to, $subject, $message, $headers); } return true; }
function contact_form_send_message($to, $subject, $widget) { global $post; if (!isset($_POST['contact-form-id'])) { return; } if ($widget && 'widget-' . $widget != $_POST['contact-form-id'] || !$widget && $post->ID != $_POST['contact-form-id']) { return; } if ($widget) { check_admin_referer('contact-form_widget-' . $widget); } else { check_admin_referer('contact-form_' . $post->ID); } global $contact_form_values, $contact_form_errors, $current_user, $user_identity; global $contact_form_fields; // compact the fields and values into an array of Label => Value pairs // also find values for comment_author_email and other significant fields $all_values = $extra_values = array(); foreach ($contact_form_fields as $id => $field) { if ($field['type'] == 'email' && empty($comment_author_email)) { $comment_author_email = $contact_form_values[$id]; } elseif ($field['type'] == 'name' && empty($comment_author)) { $comment_author = $contact_form_values[$id]; } elseif ($field['type'] == 'url' && empty($comment_author_url)) { $comment_author_url = $contact_form_values[$id]; } elseif ($field['type'] == 'textarea' && empty($comment_content)) { $comment_content = $contact_form_values[$id]; } else { $extra_values[$field['label']] = $contact_form_values[$id]; } $all_values[$field['label']] = $contact_form_values[$id]; } /* $contact_form_values = array(); $contact_form_errors = new WP_Error(); list($comment_author, $comment_author_email, $comment_author_url) = is_user_logged_in() ? add_magic_quotes( array( $user_identity, $current_user->data->user_email, $current_user->data->user_url ) ) : array( $_POST['comment_author'], $_POST['comment_author_email'], $_POST['comment_author_url'] ); */ $comment_author = stripslashes(apply_filters('pre_comment_author_name', $comment_author)); $comment_author_email = stripslashes(apply_filters('pre_comment_author_email', $comment_author_email)); $comment_author_url = stripslashes(apply_filters('pre_comment_author_url', $comment_author_url)); if ('http://' == $comment_author_url) { $comment_author_url = ''; } $comment_content = stripslashes($comment_content); $comment_content = trim(wp_kses($comment_content, array())); if (empty($contact_form_subject)) { $contact_form_subject = $subject; } else { $contact_form_subject = trim(wp_kses($contact_form_subject, array())); } $comment_author_IP = $_SERVER['REMOTE_ADDR']; $vars = array('comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP'); foreach ($vars as $var) { ${$var} = str_replace(array("\n", "\r"), '', ${$var}); } // I don't know if it's possible to inject this $vars[] = 'comment_content'; $contact_form_values = compact($vars); $spam = ''; $akismet_values = contact_form_prepare_for_akismet($contact_form_values); $is_spam = contact_form_is_spam_akismet($akismet_values); if (is_wp_error($is_spam)) { return; } else { if ($is_spam) { $spam = '***SPAM*** '; } } if (!$comment_author) { $comment_author = $comment_author_email; } $headers = "From: {$comment_author} <{$comment_author_email}>\n" . "Reply-To: {$comment_author_email}\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $subject = apply_filters('contact_form_subject', $spam . $contact_form_subject); $time = date_i18n(__('l F j, Y \\a\\t g:i a'), current_time('timestamp')); $extra_content = ''; foreach ($extra_values as $label => $value) { $extra_content = $label . ': ' . trim($value) . "\n"; } $message = __("Name:") . " " . $comment_author . "\n" . __("Email:") . " " . $comment_author_email . "\n" . __("Website:") . " " . $comment_author_url . "\n\n{$comment_content}\n{$extra_content}\n\n" . __("Time:") . " " . $time . "\n" . __("IP Address:") . " " . $comment_author_IP . "\n\n"; if (is_user_logged_in()) { $message .= sprintf(__("Sent by a verified %s user."), isset($GLOBALS['current_site']->site_name) && $GLOBALS['current_site']->site_name ? $GLOBALS['current_site']->site_name : '"' . get_option('blogname') . '"'); } else { $message .= __("Sent by an unverified visitor to your site."); } $message = apply_filters('contact_form_message', $message); $to = apply_filters('contact_form_to', $to); // keep a copy of the feedback as a custom post type $feedback_mysql_time = current_time('mysql'); $feedback_title = "{$comment_author} - {$feedback_mysql_time}"; $feedback_status = 'publish'; if ($is_spam) { $feedback_status = 'spam'; } $post_id = wp_insert_post(array('post_date' => $feedback_mysql_time, 'post_type' => 'feedback', 'post_status' => $feedback_status, 'post_parent' => $post->ID, 'post_title' => $feedback_title, 'post_content' => $comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$contact_form_subject}\nIP: {$comment_author_IP}\n" . print_r($all_values, TRUE), 'post_name' => md5($feedback_title))); update_post_meta($post_id, '_feedback_author', $comment_author); update_post_meta($post_id, '_feedback_author_email', $comment_author_email); update_post_meta($post_id, '_feedback_author_url', $comment_author_url); update_post_meta($post_id, '_feedback_subject', $contact_form_subject); update_post_meta($post_id, '_feedback_ip', $comment_author_IP); update_post_meta($post_id, '_feedback_all_fields', $all_values); update_post_meta($post_id, '_feedback_extra_fields', $extra_values); update_post_meta($post_id, '_feedback_akismet_values', $akismet_values); update_post_meta($post_id, '_feedback_email', array('to' => $to, 'subject' => $subject, 'message' => $message, 'headers' => $headers)); // Only send the email if it's not spam if (!$is_spam) { return wp_mail($to, $subject, $message, $headers); } return true; }