function formbuilder_options_strings() { global $wpdb, $formbuilder_admin_nav_options; if (!formbuilder_user_can('manage')) { formbuilder_admin_alert('You do not have permission to access this area.'); return; } $formBuilderTextStrings = formbuilder_load_strings(); if (isset($_POST['formbuilder_reset_all_text_strings']) and $_POST['formbuilder_reset_all_text_strings'] == 'yes') { delete_option('formbuilder_text_strings'); $formBuilderTextStrings = formbuilder_load_strings(); } elseif ($_POST) { foreach ($formBuilderTextStrings as $key => $value) { if ($_POST[$key]) { $formBuilderTextStrings[$key] = htmlentities(stripslashes($_POST[$key]), ENT_QUOTES, get_option('blog_charset')); } update_option('formbuilder_text_strings', $formBuilderTextStrings); } } $relative_path = FORMBUILDER_PLUGIN_URL; include FORMBUILDER_PLUGIN_PATH . "html/options_strings.inc.php"; }
function formbuilder_send_email($to, $subject, $message, $headers = "") { // Allow for other applications to handle mail if needed. $send_data = array('to' => $to, 'subject' => $subject, 'message' => $message, 'headers' => $headers); $send_result = apply_filters('formbuilder_send_email', $send_data); // If a result is returned, we should not proceed with the // built-in mailing process. if ($send_result == '1') { return false; } elseif ($send_result != $send_data) { return $send_result; } else { // Continue with normal sending functions. } // Continue with normal sending. $formBuilderTextStrings = formbuilder_load_strings(); // Check to and subject for header injections $badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); foreach ($badStrings as $v2) { if (strpos(strtolower($to), strtolower($v2)) !== false) { $error = $formBuilderTextStrings['hack_to']; } if (strpos(strtolower($subject), strtolower($v2)) !== false) { $error = $formBuilderTextStrings['hack_subject']; } } // If no errors are detected, send the message and return the response of the mail command. if (!isset($error)) { $headers = trim(trim($headers) . "\nContent-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"); if (get_option('formbuilder_alternate_email_handling') != 'Enabled') { if (mail($to, $subject, $message, $headers)) { return false; } else { return $formBuilderTextStrings['mail_error_default']; } } else { if (wp_mail($to, $subject, $message, '')) { return false; } else { return $formBuilderTextStrings['mail_error_alternate']; } } } else { return $error; } }
function formbuilder_send_email($to, $subject, $message, $headers = "") { $formBuilderTextStrings = formbuilder_load_strings(); // Check to and subject for header injections $badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); foreach ($badStrings as $v2) { if (strpos(strtolower($to), strtolower($v2)) !== false) { $error = $formBuilderTextStrings['hack_to']; } if (strpos(strtolower($subject), strtolower($v2)) !== false) { $error = $formBuilderTextStrings['hack_subject']; } } // If no errors are detected, send the message and return the response of the mail command. if (!isset($error)) { $headers = trim(trim($headers) . "\nContent-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"); if (get_option('formbuilder_alternate_email_handling') != 'Enabled') { if (mail($to, $subject, $message, $headers)) { return false; } else { return $formBuilderTextStrings['mail_error_default']; } } else { if (wp_mail($to, $subject, $message, '')) { return false; } else { return $formBuilderTextStrings['mail_error_alternate']; } } } else { return $error; } }