/** * Returns true if the file is safe to upload. * * Will use fileinfo if available for determining mime type of the uploaded file. * @param array $file */ public function checkFilename($filename) { if (preg_match(self::EXT_BLACKLIST, $filename, $match)) { AuxLib::debugLog('Throwing exception for array: ' . var_export($_FILES, 1)); throw new CHttpException(403, Yii::t('app', 'Forbidden file type: {ext}', array('{ext}' => $match['ext']))); } }
$attributes = array(); if ($model->type === 'email') { foreach (X2Model::model('Contacts')->getAttributeLabels() as $fieldName => $label) { $attributes[$label] = '{' . $fieldName . '}'; } } else { $accountAttributes = array(); $contactAttributes = array(); $quoteAttributes = array(); foreach (Contacts::model()->getAttributeLabels() as $fieldName => $label) { AuxLib::debugLog('Iterating over contact attributes ' . $fieldName . '=>' . $label); $index = Yii::t('contacts', "{contact}", array('{contact}' => $modTitles['contact'])) . ": {$label}"; $contactAttributes[$index] = "{associatedContacts.{$fieldName}}"; } foreach (Accounts::model()->getAttributeLabels() as $fieldName => $label) { AuxLib::debugLog('Iterating over account attributes ' . $fieldName . '=>' . $label); $index = Yii::t('accounts', "{account}", array('{account}' => $modTitles['account'])) . ": {$label}"; $accountAttributes[$index] = "{accountName.{$fieldName}}"; } $Quote = Yii::t('quotes', "{quote}: ", array('{quote}' => $modTitles['quote'])); $quoteAttributes[$Quote . Yii::t('quotes', "Item Table")] = '{lineItems}'; $quoteAttributes[$Quote . Yii::t('quotes', "Date printed/emailed")] = '{dateNow}'; $quoteAttributes[$Quote . Yii::t('quotes', '{quote} or Invoice', array('{quote}' => $modTitles['quote']))] = '{quoteOrInvoice}'; foreach (Quote::model()->getAttributeLabels() as $fieldName => $label) { $index = $Quote . "{$label}"; $quoteAttributes[$index] = "{" . $fieldName . "}"; } } if ($model->type === 'email') { $js = 'x2.insertableAttributes = ' . CJSON::encode(array(Yii::t('contacts', '{contact} Attributes', array('{contact}' => $modTitles['contact'])) => $attributes)) . ';'; } else {
* these Appropriate Legal Notices must retain the display of the "Powered by * X2Engine" logo. If the display of the logo is not reasonably feasible for * technical reasons, the Appropriate Legal Notices must display the words * "Powered by X2Engine". *****************************************************************************************/ /* View file for weblead and service web form desginer (both pro and open source). Parameters: webFormType - string ('weblead' | 'service' | 'weblist') used to specify whether this view file is for the weblead form designer or for the service web form designer forms - Saved forms which will be sent to the client and cached with JS id - the list id (defaults to null) */ if (YII_DEBUG && (!isset($webFormType) || $webFormType !== 'service' && $webFormType !== 'weblead')) { /**/ AuxLib::debugLog('Error: _createWebForm.php: invalid $webFormType type ' . $webFormType); } $height = 325; if ($webFormType === 'weblead') { $url = '/contacts/contacts/weblead'; } else { if ($webFormType === 'service') { $url = '/services/services/webForm'; } } $iframeSource = Yii::app()->createExternalUrl($url); $externalAbsoluteBaseUrl = Yii::app()->getExternalAbsoluteBaseUrl(); //get form attributes only for generating json $formAttrs = array(); foreach ($forms as $form) { $formAttrs[] = $form->attributes;
/** * Perform the email delivery with PHPMailer. * * Any special authentication and security should take place in here. * * @param array $addresses This array must contain "to", "cc" and/or "bcc" * keys, and values must be arrays of recipients. Each recipient is expressed * as a 2-element array with the first element being the name, and the second * the email address. * @throws Exception * @return array */ public function deliverEmail($addresses, $subject, $message, $attachments = array(), $unsubLink = null) { if (YII_UNIT_TESTING && defined('X2_DEBUG_EMAIL') && X2_DEBUG_EMAIL) { // Fake a successful send /**/ AuxLib::debugLog('Faking an email delivery to address(es): ' . var_export($addresses, 1)); return $this->status = $this->getDebugStatus(); } try { $phpMail = $this->mailer; } catch (phpmailerException $e) { // escalate error to force campaigns to halt $escalated = new phpmailerException($e->getMessage(), PHPMailer::STOP_CRITICAL); $this->status['code'] = '500'; $this->status['exception'] = $escalated; $this->status['message'] = $e->getMessage(); return $this->status; } // attempt smpt connect before attempting to send so that we can escalate exception // severity if connection fails. Ideally we would be able to detect exactly the type of // exception that PHPMailer throws but unfortunately the only way at the time of this // writing would be to use its translated exception messages (brittle). if ($this->credentials) { try { $phpMail->smtpConnect(); } catch (phpmailerException $e) { $escalated = new phpmailerException($e->getMessage(), PHPMailer::STOP_CRITICAL); $this->status['code'] = '500'; $this->status['exception'] = $escalated; $this->status['message'] = $phpMail->ErrorInfo . " " . $e->getFile() . " L" . $e->getLine(); return $this->status; } } try { $this->addEmailAddresses($phpMail, $addresses); $phpMail->Subject = $subject; // $phpMail->AltBody = $message; $phpMail->MsgHTML($message); // $phpMail->Body = $message; // add attachments, if any if ($attachments) { foreach ($attachments as $attachment) { $type = $attachment['type']; switch ($type) { case 'temp': // stored as a temp file? $file = 'uploads/protected/media/temp/' . $attachment['folder'] . '/' . $attachment['filename']; if (file_exists($file)) { // check file exists if ($this->validateFileSize(filesize($file))) { $phpMail->AddAttachment($file); } } break; case 'media': // stored in media library $file = 'uploads/protected/media/' . $attachment['folder'] . '/' . $attachment['filename']; if (file_exists($file)) { // check file exists if ($this->validateFileSize(filesize($file))) { $phpMail->AddAttachment($file); } } break; default: throw new CException('Invalid attachment type'); } } } // Add the List-Unsubscribe header if enabled and an unsubscribe link is provided if (Yii::app()->settings->enableUnsubscribeHeader && !empty($unsubLink)) { $phpMail->AddCustomHeader('List-Unsubscribe:<' . $unsubLink . '>'); } $phpMail->Send(); $this->status['code'] = '200'; $this->status['exception'] = null; $this->status['message'] = Yii::t('app', 'Email Sent!'); } catch (phpmailerException $e) { // Catch PHPMailer specific exceptions for pretty error printing $this->status['code'] = '500'; $this->status['exception'] = $e; $this->status['message'] = $phpMail->ErrorInfo . " " . $e->getFile() . " L" . $e->getLine(); } catch (Exception $e) { $this->status['code'] = '500'; $this->status['exception'] = $e; $this->status['message'] = $e->getMessage() . " " . $e->getFile() . " L" . $e->getLine(); } return $this->status; }
private function handleServiceFormSubmission($model, $extractedParams) { if (isset($_POST['Services'])) { // web form submitted if (isset($_POST['Services']['firstName'])) { $firstName = $_POST['Services']['firstName']; $fullName = $firstName; } if (isset($_POST['Services']['lastName'])) { $lastName = $_POST['Services']['lastName']; if (isset($fullName)) { $fullName .= ' ' . $lastName; } else { $fullName = $lastName; } } if (isset($_POST['Services']['email'])) { $email = $_POST['Services']['email']; } if (isset($_POST['Services']['phone'])) { $phone = $_POST['Services']['phone']; } if (isset($_POST['Services']['desription'])) { $description = $_POST['Services']['description']; } // Extra sanitizing $p = Fields::getPurifier(); foreach ($model->attributes as $name => $value) { if ($name != $model->primaryKey() && !empty($value)) { $model->{$name} = $p->purify($value); } } if (isset($email) && $email) { $contact = Contacts::model()->findByAttributes(array('email' => $email)); } else { $contact = false; } if ($contact) { $model->contactId = $contact->nameId; } else { $model->contactId = "Unregistered"; } if (isset($fullName) || isset($email)) { $model->subject = Yii::t('services', 'Web Form Case entered by {name}', array('{name}' => isset($fullName) ? $fullName : $email)); } else { $model->subject = Yii::t('services', 'Web Form Case'); } $model->origin = 'Web'; if (!isset($model->impact) || $model->impact == '') { $model->impact = Yii::t('services', '3 - Moderate'); } if (!isset($model->status) || $model->status == '') { $model->status = Yii::t('services', 'New'); } if (!isset($model->mainIssue) || $model->mainIssue == '') { $model->mainIssue = Yii::t('services', 'General Request'); } if (!isset($model->subIssue) || $model->subIssue == '') { $model->subIssue = Yii::t('services', 'Other'); } $model->assignedTo = $this->controller->getNextAssignee(); if (isset($email)) { $model->email = CHtml::encode($email); } $now = time(); $model->createDate = $now; $model->lastUpdated = $now; $model->updatedBy = 'admin'; if (isset($description)) { $model->description = CHtml::encode($description); } if (!$model->hasErrors()) { if ($model->save()) { $model->name = $model->id; $model->update(array('name')); self::addTags($model); //use the submitted info to create an action $action = new Actions(); $action->actionDescription = Yii::t('contacts', 'Web Form') . "\n\n" . (isset($fullName) ? Yii::t('contacts', 'Name') . ': ' . $fullName . "\n" : '') . (isset($email) ? Yii::t('contacts', 'Email') . ": " . $email . "\n" : '') . (isset($phone) ? Yii::t('contacts', 'Phone') . ": " . $phone . "\n" : '') . (isset($description) ? Yii::t('services', 'Description') . ": " . $description : ''); // create action $action->type = 'note'; $action->assignedTo = $model->assignedTo; $action->visibility = '1'; $action->associationType = 'services'; $action->associationId = $model->id; $action->associationName = $model->name; $action->createDate = $now; $action->lastUpdated = $now; $action->completeDate = $now; $action->complete = 'Yes'; $action->updatedBy = 'admin'; $action->save(); if (isset($email)) { //send email $emailBody = Yii::t('services', 'Hello') . ' ' . $fullName . ",<br><br>"; $emailBody .= Yii::t('services', 'Thank you for contacting our Technical Support ' . 'team. This is to verify we have received your request for Case# ' . '{casenumber}. One of our Technical Analysts will contact you shortly.', array('{casenumber}' => $model->id)); $emailBody = Yii::app()->settings->serviceCaseEmailMessage; if (isset($firstName)) { $emailBody = preg_replace('/{first}/u', $firstName, $emailBody); } if (isset($lastName)) { $emailBody = preg_replace('/{last}/u', $lastName, $emailBody); } if (isset($phone)) { $emailBody = preg_replace('/{phone}/u', $phone, $emailBody); } if (isset($email)) { $emailBody = preg_replace('/{email}/u', $email, $emailBody); } if (isset($description)) { $emailBody = preg_replace('/{description}/u', $description, $emailBody); } $emailBody = preg_replace('/{case}/u', $model->id, $emailBody); $emailBody = preg_replace('/\\n|\\r\\n/', "<br>", $emailBody); $uniqueId = md5(uniqid(rand(), true)); $emailBody .= '<img src="' . $this->controller->createAbsoluteUrl('/actions/actions/emailOpened', array('uid' => $uniqueId, 'type' => 'open')) . '"/>'; $emailSubject = Yii::app()->settings->serviceCaseEmailSubject; if (isset($firstName)) { $emailSubject = preg_replace('/{first}/u', $firstName, $emailSubject); } if (isset($lastName)) { $emailSubject = preg_replace('/{last}/u', $lastName, $emailSubject); } if (isset($phone)) { $emailSubject = preg_replace('/{phone}/u', $phone, $emailSubject); } if (isset($email)) { $emailSubject = preg_replace('/{email}/u', $email, $emailSubject); } if (isset($description)) { $emailSubject = preg_replace('/{description}/u', $description, $emailSubject); } $emailSubject = preg_replace('/{case}/u', $model->id, $emailSubject); if (Yii::app()->settings->serviceCaseEmailAccount != Credentials::LEGACY_ID) { $from = (int) Yii::app()->settings->serviceCaseEmailAccount; } else { $from = array('name' => Yii::app()->settings->serviceCaseFromEmailName, 'address' => Yii::app()->settings->serviceCaseFromEmailAddress); } $useremail = array('to' => array(array(isset($fullName) ? $fullName : '', $email))); $status = $this->controller->sendUserEmail($useremail, $emailSubject, $emailBody, null, $from); if ($status['code'] == 200) { if ($model->assignedTo != 'Anyone') { $profile = X2Model::model('Profile')->findByAttributes(array('username' => $model->assignedTo)); if (isset($profile)) { $useremail['to'] = array(array($profile->fullName, $profile->emailAddress)); $emailSubject = 'Service Case Created'; $emailBody = "A new service case, #" . $model->id . ", has been created in X2Engine. To view the case, click " . "this link: " . $model->getLink(); $status = $this->controller->sendUserEmail($useremail, $emailSubject, $emailBody, null, $from); } } //email action $action = new Actions(); $action->associationType = 'services'; $action->associationId = $model->id; $action->associationName = $model->name; $action->visibility = 1; $action->complete = 'Yes'; $action->type = 'email'; $action->completedBy = 'admin'; $action->assignedTo = $model->assignedTo; $action->createDate = time(); $action->dueDate = time(); $action->completeDate = time(); $action->actionDescription = '<b>' . $model->subject . "</b>\n\n" . $emailBody; if ($action->save()) { $track = new TrackEmail(); $track->actionId = $action->id; $track->uniqueId = $uniqueId; $track->save(); } } else { $errMsg = 'Error: actionWebForm.php: sendUserEmail failed'; /**/ AuxLib::debugLog($errMsg); Yii::log($errMsg, '', 'application.debug'); } } $this->controller->renderPartial('application.components.views.webFormSubmit', array('type' => 'service', 'caseNumber' => $model->id)); Yii::app()->end(); // success! } } } $sanitizedGetParams = self::sanitizeGetParams(); $this->controller->renderPartial('application.components.views.webForm', array_merge(array('model' => $model, 'type' => 'service'), $sanitizedGetParams)); }
/** * Perform the email delivery with PHPMailer. * * Any special authentication and security should take place in here. * * @param array $addresses This array must contain "to", "cc" and/or "bcc" * keys, and values must be arrays of recipients. Each recipient is expressed * as a 2-element array with the first element being the name, and the second * the email address. * @throws Exception * @return array */ public function deliverEmail($addresses, $subject, $message, $attachments = array()) { if (YII_DEBUG && self::DEBUG_EMAIL) { // Fake a successful send /**/ AuxLib::debugLog('Faking an email delivery to address(es): ' . var_export($addresses, 1)); return $this->status = $this->getDebugStatus(); } $phpMail = $this->mailer; try { $this->addEmailAddresses($phpMail, $addresses); $phpMail->Subject = $subject; // $phpMail->AltBody = $message; $phpMail->MsgHTML($message); // $phpMail->Body = $message; // add attachments, if any if ($attachments) { foreach ($attachments as $attachment) { $type = $attachment['type']; switch ($type) { case 'temp': // stored as a temp file? $file = 'uploads/media/temp/' . $attachment['folder'] . '/' . $attachment['filename']; if (file_exists($file)) { // check file exists if ($this->validateFileSize(filesize($file))) { $phpMail->AddAttachment($file); } } break; case 'media': // stored in media library $file = 'uploads/media/' . $attachment['folder'] . '/' . $attachment['filename']; if (file_exists($file)) { // check file exists if ($this->validateFileSize(filesize($file))) { $phpMail->AddAttachment($file); } } break; default: throw new CException('Invalid attachment type'); } } } $phpMail->Send(); // delete temp attachment files, if they exist if ($attachments) { foreach ($attachments as $attachment) { $type = $attachment['type']; if ($type === 'temp') { $file = 'uploads/media/temp/' . $attachment['folder'] . '/' . $attachment['filename']; $folder = 'uploads/media/temp/' . $attachment['folder']; if (file_exists($file)) { unlink($file); } // delete temp file if (file_exists($folder)) { rmdir($folder); } // delete temp folder TempFile::model()->deleteByPk($attachment['id']); } } } $this->status['code'] = '200'; $this->status['exception'] = null; $this->status['message'] = Yii::t('app', 'Email Sent!'); } catch (phpmailerException $e) { // Catch PHPMailer specific exceptions for pretty error printing $this->status['code'] = '500'; $this->status['exception'] = $e; $this->status['message'] = $phpMail->ErrorInfo . " " . $e->getFile() . " L" . $e->getLine(); } catch (Exception $e) { $this->status['code'] = '500'; $this->status['exception'] = $e; $this->status['message'] = $e->getMessage() . " " . $e->getFile() . " L" . $e->getLine(); } return $this->status; }