static function validate_data() { // Sanitize and validate the data on the form // At the same time, build the string for the email message // Set up variables // new lines should be (\n for UNIX, \r\n for Windows and \r for Mac) self::$php_eol = !defined('PHP_EOL') ? ($eol = strtolower(substr(PHP_OS, 0, 3))) == 'win' ? "\r\n" : ($eol == 'mac' ? "\r" : "\n") : PHP_EOL; self::$php_eol = !self::$php_eol ? "\n" : self::$php_eol; self::$form_action_url = FSCF_Display::get_form_action_url(); // Go through all the form fields // ********** First process the special fields ********** $special_slugs = array('f_name', 'm_name', 'mi_name', 'l_name', 'email2', 'mailto_id'); foreach ($special_slugs as $special) { if (isset($_POST[$special])) { // Check for newline injection attempts self::forbidifnewlines($_POST[$special]); self::$form_data[$special] = FSCF_Util::clean_input($_POST[$special]); } } // Get the email-to contact $cid = self::$form_data['mailto_id']; if (empty($cid)) { self::$form_errors['contact'] = self::$form_options['error_contact_select'] != '' ? self::$form_options['error_contact_select'] : __('Selecting a contact is required.', 'si-contact-form'); } else { $frm_id = self::$form_id_num; $contacts = FSCF_Display::get_contact_list(self::$form_id_num, self::$form_options['email_to']); $contact = isset($contacts[$cid]) ? $contacts[$cid] : false; if (!isset($contact['CONTACT'])) { self::$form_errors['contact'] = __('Requested Contact not found.', 'si-contact-form'); } } // Setup the email and contact name for email self::$email_fields['email_to'] = isset($contact['EMAIL']) ? FSCF_Util::clean_input($contact['EMAIL']) : ''; self::$email_fields['name_to'] = isset($contact['CONTACT']) ? FSCF_Util::clean_input($contact['CONTACT']) : ''; // some people want labels and fields inline, some want the fields on new line $inline_or_newline = self::$php_eol; if (self::$form_options['email_inline_label'] == 'true') { $inline_or_newline = ' '; } // Start the email message // XXX someone might want to change To: , could add a setting self::$email_fields['name_to'] = str_replace(''', "'", self::$email_fields['name_to']); self::$email_fields['name_to'] = str_replace('"', '"', self::$email_fields['name_to']); self::$email_fields['name_to'] = str_replace('&', '&', self::$email_fields['name_to']); self::$email_msg = self::make_bold(__('To:', 'si-contact-form')) . $inline_or_newline . self::$email_fields['name_to'] . self::$php_eol . self::$php_eol; // ********* Now process the fields set up in Options ********** $fields_in_use = array(); foreach (self::$form_options['fields'] as $key => $field) { if ('true' == $field['disable'] || 'fieldset-close' == $field['type']) { continue; } $fields_in_use[$field['slug']] = 1; if ('fieldset' == $field['type']) { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; continue; } // ***** Do processing that applies to all fields ***** // Check for newline injection attempts if (in_array($field['type'], self::$text_type_fields) && $field['type'] != 'textarea') { if (!empty($_POST[$field['slug']])) { self::forbidifnewlines($_POST[$field['slug']]); } } // Add sanitized data from POST to the form data array if (isset($_POST[$field['slug']])) { if ('textarea' == $field['type'] && 'true' == self::$form_options['textarea_html_allow']) { self::$form_data[$field['slug']] = wp_kses_data(stripslashes($_POST[$field['slug']])); } else { self::$form_data[$field['slug']] = FSCF_Util::clean_input($_POST[$field['slug']]); } } else { if ('checkbox' == $field['type'] || 'radio' == $field['type']) { self::$form_data[$field['slug']] = ''; } else { if ('checkbox-multiple' == $field['type']) { self::$form_data[$field['slug']] = array(); } } } // XXX changed for option to hide labels that do not have field values, like when not required. // self::$email_msg .= self::make_bold( $field['label'] ) . $inline_or_newline; // Required validate // ..different for checkbox-multiple, select types. Not for hidden, checkbox if (in_array($field['type'], self::$select_type_fields)) { //if ( 'checkbox' != $field['type'] ) { // select, select-multiple, checkbox-multiple require at least one item to be selected if ('subject' == $field['slug'] && 'select' == $field['type']) { self::$selected_subject = self::validate_subject_select($field); } else { if ('select' == $field['type']) { self::validate_select($field['slug'], $field); } else { if ('true' == $field['req']) { if (!isset($_POST[$field['slug']])) { self::$form_errors[$field['slug']] = self::$form_options['error_select'] != '' ? self::$form_options['error_select'] : __('At least one item in this field is required.', 'si-contact-form'); } } } } //} } else { if ('hidden' != $field['type'] && 'attachment' != $field['type']) { if ('true' == $field['placeholder'] && $field['default'] != '' && isset($_POST[$field['slug']])) { // strip out the placeholder they posted with $examine_placeholder_input = ''; $examine_placeholder_input = stripslashes($_POST[$field['slug']]); if ($field['default'] == $examine_placeholder_input) { $_POST[$field['slug']] = ''; } } // Check for required fields // The name and email fields are validated separately if ('full_name' == $field['slug']) { self::validate_name($field, $inline_or_newline); } else { if ('email' == $field['slug']) { self::validate_email($field['req'], $inline_or_newline); } else { if ('email' == $field['type']) { // extra field email type self::validate_email_type($field['slug'], $field['req']); } else { if ('url' == $field['type']) { // extra field email type self::validate_url_type($field['slug'], $field['req']); } else { if ('true' == $field['req'] && $_POST[$field['slug']] == '') { self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form'); } } } } } } } // Max len validate (text type fields, and date?) if (in_array($field['type'], self::$text_type_fields) && $field['max_len'] != '' && strlen($_POST[$field['slug']]) > $field['max_len']) { self::$form_errors[$field['slug']] = sprintf(self::$form_options['error_maxlen'] != '' ? self::$form_options['error_maxlen'] : __('Maximum of %d characters exceeded.', 'si-contact-form'), $field['max_len']); } // Regex validate (not for hidden, checkbox/m, select/m, radio) if (!in_array($field['type'], self::$select_type_fields) && 'hidden' != $field['type'] && 'checkbox' != $field['type'] && $field['regex'] != '') { if ('true' == $field['req'] && empty($_POST[$field['slug']])) { self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form'); } else { if (!empty($_POST[$field['slug']]) && !preg_match($field['regex'], $_POST[$field['slug']])) { self::$form_errors[$field['slug']] = $field['regex_error'] != '' ? $field['regex_error'] : __('Invalid input.', 'si-contact-form'); } } } // filter hook for form input validation self::$form_errors = apply_filters('si_contact_form_validate', self::$form_errors, self::$form_id_num); // ***** Now do processing based on field type ***** switch ($field['type']) { case 'text': case 'email': case 'hidden': case 'textarea': case 'password': case 'url': if ('full_name' != $field['slug'] && 'email' != $field['slug']) { if (self::$form_data[$field['slug']] == '' && self::$form_options['email_hide_empty'] == 'true') { } else { if ('subject' == $field['slug']) { $this_label = self::$form_options['title_subj'] != '' ? self::$form_options['title_subj'] : __('Subject:', 'si-contact-form'); self::$email_msg .= self::make_bold($this_label) . $inline_or_newline; } elseif ('message' == $field['slug']) { $this_label = self::$form_options['title_mess'] != '' ? self::$form_options['title_mess'] : __('Message:', 'si-contact-form'); self::$email_msg .= self::make_bold($this_label) . $inline_or_newline; } else { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; } self::$email_fields[$field['slug']] = self::$form_data[$field['slug']]; self::$email_msg .= self::$form_data[$field['slug']] . self::$php_eol . self::$php_eol; } } break; case 'checkbox': if (empty(self::$form_data[$field['slug']]) && self::$form_options['email_hide_empty'] == 'true') { } else { if ('1' == self::$form_data[$field['slug']]) { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; //self::$email_fields[$field['slug']] = '* '.__('selected', 'si-contact-form'); self::$email_fields[$field['slug']] = __('selected', 'si-contact-form'); self::$email_msg .= self::$email_fields[$field['slug']] . self::$php_eol . self::$php_eol; } } break; case 'radio': // the response is the number of a single option // Get the options list $opts_array = explode("\n", $field['options']); if ('' == $opts_array[0] && 'checkbox' == $field['type']) { $opts_array[0] = $field['label']; } // use the field name as the option name if (!isset($opts_array[self::$form_data[$field['slug']] - 1]) && self::$form_options['email_hide_empty'] == 'true') { } else { if (isset($opts_array[self::$form_data[$field['slug']] - 1])) { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; //self::$email_fields[$field['slug']] = ' * ' . $opts_array[self::$form_data[$field['slug']]-1]; self::$email_fields[$field['slug']] = $opts_array[self::$form_data[$field['slug']] - 1]; // is this key==value set? use the key if (preg_match('/^(.*)(==)(.*)$/', self::$email_fields[$field['slug']], $matches)) { self::$email_fields[$field['slug']] = $matches[1]; } self::$email_msg .= self::$email_fields[$field['slug']] . self::$php_eol . self::$php_eol; } } break; case 'select': $chosen = ''; if ('subject' == $field['slug'] && 'select' == $field['type']) { $chosen = self::$selected_subject; } else { // response(s) are in an array // was anything selected? if (!empty(self::$form_data[$field['slug']])) { $opts_array = explode("\n", $field['options']); if (preg_match('/^\\[.*]$/', trim($opts_array[0]))) { // "[Please select]" unset($opts_array[0]); } else { $opts_array = array_combine(range(1, count($opts_array)), array_values($opts_array)); } foreach ($opts_array as $k => $v) { if (in_array($k, self::$form_data[$field['slug']])) { // is this key==value set? use the key if (preg_match('/^(.*)(==)(.*)$/', $v, $matches)) { $v = $matches[1]; } $chosen .= $v; // only one should be selected } } } } if ($chosen == '' && self::$form_options['email_hide_empty'] == 'true') { } else { if ('subject' == $field['slug'] && 'select' == $field['type']) { $this_label = self::$form_options['title_subj'] != '' ? self::$form_options['title_subj'] : __('Subject:', 'si-contact-form'); self::$email_msg .= self::make_bold($this_label) . $inline_or_newline; } else { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; } self::$email_fields[$field['slug']] = $chosen; self::$email_msg .= $chosen . self::$php_eol . self::$php_eol; } break; case 'select-multiple': case 'checkbox-multiple': // response(s) are in an array $chosen = ''; // was anything selected? if (!empty(self::$form_data[$field['slug']])) { $opts_array = explode("\n", $field['options']); if (count(self::$form_data[$field['slug']]) > 1) { // prefix with ' * ' for multiple selections foreach ($opts_array as $k => $v) { if (in_array($k + 1, self::$form_data[$field['slug']])) { // is this key==value set? use the key if (preg_match('/^(.*)(==)(.*)$/', $v, $matches)) { $v = $matches[1]; } $chosen .= ' * ' . $v; } } } else { foreach ($opts_array as $k => $v) { // no prefix ' * ' on single selections if (in_array($k + 1, self::$form_data[$field['slug']])) { // is this key==value set? use the key if (preg_match('/^(.*)(==)(.*)$/', $v, $matches)) { $v = $matches[1]; } $chosen .= $v; } } } } if ($chosen == '' && self::$form_options['email_hide_empty'] == 'true') { } else { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; self::$email_fields[$field['slug']] = $chosen; self::$email_msg .= $chosen . self::$php_eol . self::$php_eol; } break; case 'date': $cal_date_array = array('mm/dd/yyyy' => esc_html(__('mm/dd/yyyy', 'si-contact-form')), 'dd/mm/yyyy' => esc_html(__('dd/mm/yyyy', 'si-contact-form')), 'mm-dd-yyyy' => esc_html(__('mm-dd-yyyy', 'si-contact-form')), 'dd-mm-yyyy' => esc_html(__('dd-mm-yyyy', 'si-contact-form')), 'mm.dd.yyyy' => esc_html(__('mm.dd.yyyy', 'si-contact-form')), 'dd.mm.yyyy' => esc_html(__('dd.mm.yyyy', 'si-contact-form')), 'yyyy/mm/dd' => esc_html(__('yyyy/mm/dd', 'si-contact-form')), 'yyyy-mm-dd' => esc_html(__('yyyy-mm-dd', 'si-contact-form')), 'yyyy.mm.dd' => esc_html(__('yyyy.mm.dd', 'si-contact-form'))); $not_chosen = 0; if ('true' != $field['req'] && ($cal_date_array[self::$form_options['date_format']] == $_POST[$field['slug']] || empty($_POST[$field['slug']]))) { // not required, no date picked // this field wasn't set to required, no date picked, skip it $not_chosen = 1; } else { if (!self::validate_date(self::$form_data[$field['slug']], self::$form_id_num)) { // picked a date self::$form_errors[$field['slug']] = sprintf(self::$form_options['error_date'] != '' ? self::$form_options['error_date'] : __('Please select a valid date in this format: %s.', 'si-contact-form'), $cal_date_array[self::$form_options['date_format']]); } else { if ($not_chosen && self::$form_options['email_hide_empty'] == 'true') { } else { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; self::$email_fields[$field['slug']] = self::$form_data[$field['slug']]; self::$email_msg .= self::$form_data[$field['slug']] . self::$php_eol . self::$php_eol; } } } break; case 'time': $not_chosen = 0; if (self::$form_options['time_format'] == '12') { $concat_time = self::$form_data[$field['slug']]['h'] . ':' . self::$form_data[$field['slug']]['m'] . ' ' . self::$form_data[$field['slug']]['ap']; if ('true' != $field['req'] && (empty(self::$form_data[$field['slug']]['h']) && empty(self::$form_data[$field['slug']]['m']) && empty(self::$form_data[$field['slug']]['ap']))) { // not required, no time picked // this field wasn't set to required, no times picked, skip it $not_chosen = 1; $concat_time = ''; } else { if ('true' != $field['req'] && !self::validate_time_ap(self::$form_data[$field['slug']]['h'], self::$form_data[$field['slug']]['m'], self::$form_data[$field['slug']]['ap'])) { // selection is incomplete self::$form_errors[$field['slug']] = self::$form_options['error_time'] != '' ? self::$form_options['error_time'] : __('The time selections are incomplete, select all or none.', 'si-contact-form'); } else { if ('true' == $field['req'] && (!preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['h']) || !preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['m']) || empty(self::$form_data[$field['slug']]['ap']))) { // not picked a time self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form'); } } } } else { // 24 hour format with no am/pm select field $concat_time = self::$form_data[$field['slug']]['h'] . ':' . self::$form_data[$field['slug']]['m']; if ('true' != $field['req'] && (empty(self::$form_data[$field['slug']]['h']) && empty(self::$form_data[$field['slug']]['m']))) { // not required, no time picked // this field wasn't set to required, no times picked, skip it $not_chosen = 1; $concat_time = ''; } else { if ('true' != $field['req'] && !self::validate_time(self::$form_data[$field['slug']]['h'], self::$form_data[$field['slug']]['m'])) { // selection is incomplete self::$form_errors[$field['slug']] = self::$form_options['error_time'] != '' ? self::$form_options['error_time'] : __('The time selections are incomplete, select all or none.', 'si-contact-form'); } else { if ('true' == $field['req'] && (!preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['h']) || !preg_match("/^[0-9]{2}\$/", self::$form_data[$field['slug']]['m']))) { // not picked a time self::$form_errors[$field['slug']] = self::$form_options['error_field'] != '' ? self::$form_options['error_field'] : __('This field is required.', 'si-contact-form'); } } } } if ($not_chosen && self::$form_options['email_hide_empty'] == 'true') { } else { self::$email_msg .= self::make_bold($field['label']) . $inline_or_newline; self::$email_fields[$field['slug']] = $concat_time; self::$email_msg .= $concat_time . self::$php_eol . self::$php_eol; } break; case 'attachment': self::validate_attach($field['slug'], $field['req'], $field['label'], $inline_or_newline); break; default: } // end switch } // end foreach // Add any hidden fields added by shortcodes // This is used only for sending email. If the form is redrawn, the hidden fields will be added from // the shortcode. $frm_id = self::$form_id_num; if (self::$global_options['enable_php_sessions'] == 'true' && !empty($_SESSION["fsc_shortcode_hidden_{$frm_id}"])) { $hidden_fields = $_SESSION["fsc_shortcode_hidden_{$frm_id}"]; foreach ($hidden_fields as $key => $value) { if ($key != '' && $value != '') { if ($key == 'form_page') { // page url self::$email_msg .= self::make_bold(__('Form Page', 'si-contact-form')) . $inline_or_newline . esc_url(self::$form_action_url) . self::$php_eol . self::$php_eol; self::$email_fields['form_page'] = esc_url(self::$form_action_url); } else { self::$email_msg .= self::make_bold($key) . $inline_or_newline . stripslashes($value) . self::$php_eol . self::$php_eol; self::$email_fields[$key] = $value; } } } } // filter hook to add any custom fields to email_fields array (not validated) self::$email_fields = apply_filters('si_contact_email_fields', self::$email_fields, self::$form_id_num); // filter hook to add any custom fields to email message (not validated) self::$email_msg = apply_filters('si_contact_email_msg', self::$email_msg, $inline_or_newline, self::$php_eol, self::$form_id_num); if (self::$form_options['print_form_enable'] == 'true') { self::$email_msg_print = self::$email_msg; //self::$email_msg_print .= self::make_bold( 'Time:' ) . $inline_or_newline; //self::$email_msg_print .= date_i18n(get_option('date_format').' '.get_option('time_format'), current_time('timestamp') ); } self::$email_fields['date_time'] = date_i18n(get_option('date_format') . ' ' . get_option('time_format'), current_time('timestamp')); self::$email_fields['ip_address'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'n/a'; self::check_captcha(); // check honeypot, if enabled if (self::$form_options['honeypot_enable'] == 'true' && !isset(self::$form_errors['captcha'])) { $honeypot_slug = FSCF_Display::get_todays_honeypot_slug($fields_in_use); if (!empty($_POST[$honeypot_slug])) { self::$form_errors[$honeypot_slug] = self::$form_options['error_spambot'] != '' ? self::$form_options['error_spambot'] : __('Possible spam bot. Try again.', 'si-contact-form'); } } self::$email_msg .= self::check_akismet(); if (self::$form_options['sender_info_enable'] == 'true') { self::$email_msg .= self::get_user_info(); } // adds sender info to email // filter hook for modifying the complete email message self::$email_msg = apply_filters('si_contact_email_message', self::$email_msg, self::$email_fields, $inline_or_newline, self::$php_eol, self::$form_id_num); return; }