function contact_form_send_message($to, $subject, $widget)
{
global $post;
if (!isset($_POST['contact-form-id'])) {
return;
}
if ($widget && 'widget-' . $widget != $_POST['contact-form-id'] || !$widget && $post->ID != $_POST['contact-form-id']) {
return;
}
if ($widget) {
check_admin_referer('contact-form_widget-' . $widget);
} else {
check_admin_referer('contact-form_' . $post->ID);
}
global $contact_form_values, $contact_form_errors, $current_user, $user_identity;
global $contact_form_fields, $contact_form_message;
// compact the fields and values into an array of Label => Value pairs
// also find values for comment_author_email and other significant fields
$all_values = $extra_values = array();
foreach ($contact_form_fields as $id => $field) {
if ($field['type'] == 'email' && !isset($comment_author_email)) {
$comment_author_email = $contact_form_values[$id];
$comment_author_email_label = $field['label'];
} elseif ($field['type'] == 'name' && !isset($comment_author)) {
$comment_author = $contact_form_values[$id];
$comment_author_label = $field['label'];
} elseif ($field['type'] == 'url' && !isset($comment_author_url)) {
$comment_author_url = $contact_form_values[$id];
$comment_author_url_label = $field['label'];
} elseif ($field['type'] == 'textarea' && !isset($comment_content)) {
$comment_content = $contact_form_values[$id];
$comment_content_label = $field['label'];
} else {
$extra_values[$field['label']] = $contact_form_values[$id];
}
$all_values[$field['label']] = $contact_form_values[$id];
}
/*
$contact_form_values = array();
$contact_form_errors = new WP_Error();
list($comment_author, $comment_author_email, $comment_author_url) = is_user_logged_in() ?
add_magic_quotes( array( $user_identity, $current_user->data->user_email, $current_user->data->user_url ) ) :
array( $_POST['comment_author'], $_POST['comment_author_email'], $_POST['comment_author_url'] );
*/
$comment_author = stripslashes(apply_filters('pre_comment_author_name', $comment_author));
$comment_author_email = stripslashes(apply_filters('pre_comment_author_email', $comment_author_email));
$comment_author_url = stripslashes(apply_filters('pre_comment_author_url', $comment_author_url));
if ('http://' == $comment_author_url) {
$comment_author_url = '';
}
$comment_content = stripslashes($comment_content);
$comment_content = trim(wp_kses($comment_content, array()));
if (empty($contact_form_subject)) {
$contact_form_subject = $subject;
} else {
$contact_form_subject = trim(wp_kses($contact_form_subject, array()));
}
$comment_author_IP = $_SERVER['REMOTE_ADDR'];
$vars = array('comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP');
foreach ($vars as $var) {
${$var} = str_replace(array("\n", "\r"), '', ${$var});
}
// I don't know if it's possible to inject this
$vars[] = 'comment_content';
$contact_form_values = compact($vars);
$spam = '';
$akismet_values = contact_form_prepare_for_akismet($contact_form_values);
$is_spam = apply_filters('contact_form_is_spam', $akismet_values);
if (is_wp_error($is_spam)) {
return;
} else {
if ($is_spam === TRUE) {
$spam = '***SPAM*** ';
}
}
if (!$comment_author) {
$comment_author = $comment_author_email;
}
$headers = 'From: ' . wp_kses($comment_author, array()) . ' <' . wp_kses($comment_author_email, array()) . ">\r\n" . 'Reply-To: ' . wp_kses($comment_author_email, array()) . "\r\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"";
$subject = apply_filters('contact_form_subject', $spam . $contact_form_subject);
$subject = wp_kses($subject, array());
$time = date_i18n(__('l F j, Y \\a\\t g:i a', "mm"), current_time('timestamp'));
$extra_content = '';
foreach ($extra_values as $label => $value) {
$extra_content .= $label . ': ' . trim($value) . "\n";
$extra_content_br .= wp_kses($label, array()) . ': ' . wp_kses(trim($value), array()) . "<br />";
}
$message = $comment_author_label . ": " . $comment_author . "\r\r\n" . $comment_author_email_label . ": " . $comment_author_email . "\r\r\n" . $comment_author_url_label . ": " . $comment_author_url . "\r\r\n" . $comment_content_label . ": " . $comment_content . "\r\r\n{$extra_content}\r\r\n\r\r\n" . __("Time:", "mm") . " " . $time . "\r\r\n" . __("IP Address:", "mm") . " " . $comment_author_IP . "\r\r\n" . __("Contact Form URL:", "mm") . " " . get_permalink($post->ID) . "\r\r\n\r\r\n";
// Construct message that is returned to user
$contact_form_message = "<blockquote>";
if (isset($comment_author_label)) {
$contact_form_message .= wp_kses($comment_author_label, array()) . ": " . wp_kses($comment_author, array()) . "<br />";
}
if (isset($comment_author_email_label)) {
$contact_form_message .= wp_kses($comment_author_email_label, array()) . ": " . wp_kses($comment_author_email, array()) . "<br />";
}
if (isset($comment_author_url_label)) {
$contact_form_message .= wp_kses($comment_author_url_label, array()) . ": " . wp_kses($comment_author_url, array()) . "<br />";
}
if (isset($comment_content_label)) {
$contact_form_message .= wp_kses($comment_content_label, array()) . ": " . wp_kses($comment_content, array()) . "<br />";
}
if (isset($extra_content_br)) {
$contact_form_message .= $extra_content_br;
}
$contact_form_message .= "</blockquote><br /><br />";
if (is_user_logged_in()) {
$message .= sprintf(__("\nSent by a verified %s user.", "mm"), isset($GLOBALS['current_site']->site_name) && $GLOBALS['current_site']->site_name ? $GLOBALS['current_site']->site_name : '"' . get_option('blogname') . '"');
} else {
$message .= __("Sent by an unverified visitor to your site.", "mm");
}
$message = apply_filters('contact_form_message', $message);
$message = wp_kses($message, array());
$to = apply_filters('contact_form_to', $to);
foreach ((array) $to as $to_key => $to_value) {
$to[$to_key] = wp_kses($to_value, array());
}
// keep a copy of the feedback as a custom post type
$feedback_mysql_time = current_time('mysql');
$feedback_title = "{$comment_author} - {$feedback_mysql_time}";
$feedback_status = 'publish';
if ($is_spam === TRUE) {
$feedback_status = 'spam';
}
foreach ((array) $akismet_values as $av_key => $av_value) {
$akismet_values[$av_key] = wp_kses($av_value, array());
}
foreach ((array) $all_values as $all_key => $all_value) {
$all_values[$all_key] = wp_kses($all_value, array());
}
foreach ((array) $extra_values as $ev_key => $ev_value) {
$ev_values[$ev_key] = wp_kses($ev_value, array());
}
# We need to make sure that the post author is always zero for contact
# form submissions. This prevents export/import from trying to create
# new users based on form submissions from people who were logged in
# at the time.
#
# Unfortunately wp_insert_post() tries very hard to make sure the post
# author gets the currently logged in user id. That is how we ended up
# with this work around.
global $do_grunion_insert;
$do_grunion_insert = TRUE;
add_filter('wp_insert_post_data', 'grunion_insert_filter', 10, 2);
$post_id = wp_insert_post(array('post_date' => $feedback_mysql_time, 'post_type' => 'feedback', 'post_status' => $feedback_status, 'post_parent' => $post->ID, 'post_title' => wp_kses($feedback_title, array()), 'post_content' => wp_kses($comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$contact_form_subject}\nIP: {$comment_author_IP}\n" . print_r($all_values, TRUE), array()), 'post_name' => md5($feedback_title)));
# once insert has finished we don't need this filter any more
remove_filter('wp_insert_post_data', 'grunion_insert_filter');
$do_grunion_insert = FALSE;
update_post_meta($post_id, '_feedback_author', wp_kses($comment_author, array()));
update_post_meta($post_id, '_feedback_author_email', wp_kses($comment_author_email, array()));
update_post_meta($post_id, '_feedback_author_url', wp_kses($comment_author_url, array()));
update_post_meta($post_id, '_feedback_subject', wp_kses($contact_form_subject, array()));
update_post_meta($post_id, '_feedback_ip', wp_kses($comment_author_IP, array()));
update_post_meta($post_id, '_feedback_contact_form_url', wp_kses(get_permalink($post->ID), array()));
update_post_meta($post_id, '_feedback_all_fields', $all_values);
update_post_meta($post_id, '_feedback_extra_fields', $extra_values);
update_post_meta($post_id, '_feedback_akismet_values', $akismet_values);
update_post_meta($post_id, '_feedback_email', array('to' => $to, 'subject' => $subject, 'message' => $message, 'headers' => $headers));
do_action('grunion_pre_message_sent', $post_id, $all_values, $extra_values);
if ($is_spam !== TRUE) {
return wp_mail($to, $subject, $message, $headers);
} elseif (apply_filters('grunion_still_email_spam', FALSE) == TRUE) {
return wp_mail($to, $subject, $message, $headers);
}
return true;
}
function contact_form_send_message($to, $subject, $widget)
{
global $post;
if (!isset($_POST['contact-form-id'])) {
return;
}
if ($widget && 'widget-' . $widget != $_POST['contact-form-id'] || !$widget && $post->ID != $_POST['contact-form-id']) {
return;
}
if ($widget) {
check_admin_referer('contact-form_widget-' . $widget);
} else {
check_admin_referer('contact-form_' . $post->ID);
}
global $contact_form_values, $contact_form_errors, $current_user, $user_identity;
global $contact_form_fields;
// compact the fields and values into an array of Label => Value pairs
// also find values for comment_author_email and other significant fields
$all_values = $extra_values = array();
foreach ($contact_form_fields as $id => $field) {
if ($field['type'] == 'email' && empty($comment_author_email)) {
$comment_author_email = $contact_form_values[$id];
} elseif ($field['type'] == 'name' && empty($comment_author)) {
$comment_author = $contact_form_values[$id];
} elseif ($field['type'] == 'url' && empty($comment_author_url)) {
$comment_author_url = $contact_form_values[$id];
} elseif ($field['type'] == 'textarea' && empty($comment_content)) {
$comment_content = $contact_form_values[$id];
} else {
$extra_values[$field['label']] = $contact_form_values[$id];
}
$all_values[$field['label']] = $contact_form_values[$id];
}
/*
$contact_form_values = array();
$contact_form_errors = new WP_Error();
list($comment_author, $comment_author_email, $comment_author_url) = is_user_logged_in() ?
add_magic_quotes( array( $user_identity, $current_user->data->user_email, $current_user->data->user_url ) ) :
array( $_POST['comment_author'], $_POST['comment_author_email'], $_POST['comment_author_url'] );
*/
$comment_author = stripslashes(apply_filters('pre_comment_author_name', $comment_author));
$comment_author_email = stripslashes(apply_filters('pre_comment_author_email', $comment_author_email));
$comment_author_url = stripslashes(apply_filters('pre_comment_author_url', $comment_author_url));
if ('http://' == $comment_author_url) {
$comment_author_url = '';
}
$comment_content = stripslashes($comment_content);
$comment_content = trim(wp_kses($comment_content, array()));
if (empty($contact_form_subject)) {
$contact_form_subject = $subject;
} else {
$contact_form_subject = trim(wp_kses($contact_form_subject, array()));
}
$comment_author_IP = $_SERVER['REMOTE_ADDR'];
$vars = array('comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP');
foreach ($vars as $var) {
${$var} = str_replace(array("\n", "\r"), '', ${$var});
}
// I don't know if it's possible to inject this
$vars[] = 'comment_content';
$contact_form_values = compact($vars);
$spam = '';
$akismet_values = contact_form_prepare_for_akismet($contact_form_values);
$is_spam = contact_form_is_spam_akismet($akismet_values);
if (is_wp_error($is_spam)) {
return;
} else {
if ($is_spam) {
$spam = '***SPAM*** ';
}
}
if (!$comment_author) {
$comment_author = $comment_author_email;
}
$headers = "From: {$comment_author} <{$comment_author_email}>\n" . "Reply-To: {$comment_author_email}\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
$subject = apply_filters('contact_form_subject', $spam . $contact_form_subject);
$time = date_i18n(__('l F j, Y \\a\\t g:i a'), current_time('timestamp'));
$extra_content = '';
foreach ($extra_values as $label => $value) {
$extra_content = $label . ': ' . trim($value) . "\n";
}
$message = __("Name:") . " " . $comment_author . "\n" . __("Email:") . " " . $comment_author_email . "\n" . __("Website:") . " " . $comment_author_url . "\n\n{$comment_content}\n{$extra_content}\n\n" . __("Time:") . " " . $time . "\n" . __("IP Address:") . " " . $comment_author_IP . "\n\n";
if (is_user_logged_in()) {
$message .= sprintf(__("Sent by a verified %s user."), isset($GLOBALS['current_site']->site_name) && $GLOBALS['current_site']->site_name ? $GLOBALS['current_site']->site_name : '"' . get_option('blogname') . '"');
} else {
$message .= __("Sent by an unverified visitor to your site.");
}
$message = apply_filters('contact_form_message', $message);
$to = apply_filters('contact_form_to', $to);
// keep a copy of the feedback as a custom post type
$feedback_mysql_time = current_time('mysql');
$feedback_title = "{$comment_author} - {$feedback_mysql_time}";
$feedback_status = 'publish';
if ($is_spam) {
$feedback_status = 'spam';
}
$post_id = wp_insert_post(array('post_date' => $feedback_mysql_time, 'post_type' => 'feedback', 'post_status' => $feedback_status, 'post_parent' => $post->ID, 'post_title' => $feedback_title, 'post_content' => $comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$contact_form_subject}\nIP: {$comment_author_IP}\n" . print_r($all_values, TRUE), 'post_name' => md5($feedback_title)));
update_post_meta($post_id, '_feedback_author', $comment_author);
update_post_meta($post_id, '_feedback_author_email', $comment_author_email);
update_post_meta($post_id, '_feedback_author_url', $comment_author_url);
update_post_meta($post_id, '_feedback_subject', $contact_form_subject);
update_post_meta($post_id, '_feedback_ip', $comment_author_IP);
update_post_meta($post_id, '_feedback_all_fields', $all_values);
update_post_meta($post_id, '_feedback_extra_fields', $extra_values);
update_post_meta($post_id, '_feedback_akismet_values', $akismet_values);
update_post_meta($post_id, '_feedback_email', array('to' => $to, 'subject' => $subject, 'message' => $message, 'headers' => $headers));
// Only send the email if it's not spam
if (!$is_spam) {
return wp_mail($to, $subject, $message, $headers);
}
return true;
}
