static function process_form()
{
// Invoked at init via add_action
// Do we process one of our forms now?
if (isset($_POST['si_contact_action']) && 'send' == $_POST['si_contact_action'] && isset($_POST['form_id']) && is_numeric($_POST['form_id'])) {
self::$form_id_num = (int) $_POST['form_id'];
} else {
// Error: no form id in $_POST
return;
}
// prevent double action
if (self::$form_processed) {
return;
}
// begin logic that redirects on forged form token.
$token = 'ok';
if (!isset($_POST['fs_postonce_' . self::$form_id_num]) || empty($_POST['fs_postonce_' . self::$form_id_num]) || strpos($_POST['fs_postonce_' . self::$form_id_num], ',') === false) {
$token = 'bad';
}
$vars = explode(',', $_POST['fs_postonce_' . self::$form_id_num]);
if (empty($vars[0]) || empty($vars[1]) || !preg_match("/^[0-9]+\$/", $vars[1])) {
$token = 'bad';
}
if (wp_hash($vars[1]) != $vars[0]) {
$token = 'bad';
}
if ($token == 'bad') {
// forgery token was no good, so redirect and blank the form
self::$form_action_url = FSCF_Display::get_form_action_url();
wp_redirect(self::$form_action_url);
exit;
}
self::$global_options = FSCF_Util::get_global_options();
self::$form_options = FSCF_Util::get_form_options(self::$form_id_num, $use_defauilts = true);
// Do some security checks
self::check_security();
self::validate_data();
self::$form_processed = true;
if (empty(self::$form_errors)) {
// Send the email, cleanup attachments, redirect.
self::prepare_email();
if (self::$form_options['email_keep_attachments'] != 'true') {
self::email_sent_cleanup_attachments();
}
self::email_sent_redirect();
}
if (!empty(self::$uploaded_files)) {
// unlink (delete) attachment temp files
foreach ((array) self::$uploaded_files as $path) {
@unlink($path);
}
}
}
