WPCF7_ConfigValidator

The Contact Form 7 WPCF7 ConfigValidator class.

Defined (1)

The class is defined in the following location(s).

/includes/config-validator.php  
  1. class WPCF7_ConfigValidator { 
  2.  
  3. const error = 100; 
  4. const error_maybe_empty = 101; 
  5. const error_invalid_mailbox_syntax = 102; 
  6. const error_email_not_in_site_domain = 103; 
  7. const error_html_in_message = 104; 
  8. const error_multiple_controls_in_label = 105; 
  9. const error_file_not_found = 106; 
  10. const error_unavailable_names = 107; 
  11. const error_invalid_mail_header = 108; 
  12.  
  13. public static function get_doc_link( $error_code = '' ) { 
  14. $url = __( 'https://contactform7.com/configuration-errors/',  
  15. 'contact-form-7' ); 
  16.  
  17. if ( '' !== $error_code ) { 
  18. $error_code = strtr( $error_code, '_', '-' ); 
  19.  
  20. $url = sprintf( '%s/%s', untrailingslashit( $url ), $error_code ); 
  21.  
  22. return esc_url( $url ); 
  23.  
  24. private $contact_form; 
  25. private $errors = array(); 
  26.  
  27. public function __construct( WPCF7_ContactForm $contact_form ) { 
  28. $this->contact_form = $contact_form; 
  29.  
  30. public function contact_form() { 
  31. return $this->contact_form; 
  32.  
  33. public function is_valid() { 
  34. return ! $this->count_errors(); 
  35.  
  36. public function count_errors( $args = '' ) { 
  37. $args = wp_parse_args( $args, array( 
  38. 'section' => '',  
  39. 'code' => '',  
  40. ) ); 
  41.  
  42. $count = 0; 
  43.  
  44. foreach ( $this->errors as $key => $errors ) { 
  45. if ( preg_match( '/^mail_[0-9]+\.(.*)$/', $key, $matches ) ) { 
  46. $key = sprintf( 'mail.%s', $matches[1] ); 
  47.  
  48. if ( $args['section'] 
  49. && $key != $args['section'] 
  50. && preg_replace( '/\..*$/', '', $key, 1 ) != $args['section'] ) { 
  51. continue; 
  52.  
  53. foreach ( $errors as $error ) { 
  54. if ( empty( $error ) ) { 
  55. continue; 
  56.  
  57. if ( $args['code'] && $error['code'] != $args['code'] ) { 
  58. continue; 
  59.  
  60. $count += 1; 
  61.  
  62. return $count; 
  63.  
  64. public function collect_error_messages() { 
  65. $error_messages = array(); 
  66.  
  67. foreach ( $this->errors as $section => $errors ) { 
  68. $error_messages[$section] = array(); 
  69.  
  70. foreach ( $errors as $error ) { 
  71. if ( empty( $error['args']['message'] ) ) { 
  72. $message = $this->get_default_message( $error['code'] ); 
  73. } elseif ( empty( $error['args']['params'] ) ) { 
  74. $message = $error['args']['message']; 
  75. } else { 
  76. $message = $this->build_message( 
  77. $error['args']['message'],  
  78. $error['args']['params'] ); 
  79.  
  80. $link = ''; 
  81.  
  82. if ( ! empty( $error['args']['link'] ) ) { 
  83. $link = $error['args']['link']; 
  84.  
  85. $error_messages[$section][] = array( 
  86. 'message' => esc_html( $message ),  
  87. 'link' => esc_url( $link ) ); 
  88.  
  89. return $error_messages; 
  90.  
  91. public function build_message( $message, $params = '' ) { 
  92. $params = wp_parse_args( $params, array() ); 
  93.  
  94. foreach ( $params as $key => $val ) { 
  95. if ( ! preg_match( '/^[0-9A-Za-z_]+$/', $key ) ) { // invalid key 
  96. continue; 
  97.  
  98. $placeholder = '%' . $key . '%'; 
  99.  
  100. if ( false !== stripos( $message, $placeholder ) ) { 
  101. $message = str_ireplace( $placeholder, $val, $message ); 
  102.  
  103. return $message; 
  104.  
  105. public function get_default_message( $code ) { 
  106. switch ( $code ) { 
  107. case self::error_maybe_empty: 
  108. return __( "There is a possible empty field.", 'contact-form-7' ); 
  109. case self::error_invalid_mailbox_syntax: 
  110. return __( "Invalid mailbox syntax is used.", 'contact-form-7' ); 
  111. case self::error_email_not_in_site_domain: 
  112. return __( "Sender email address does not belong to the site domain.", 'contact-form-7' ); 
  113. case self::error_html_in_message: 
  114. return __( "HTML tags are used in a message.", 'contact-form-7' ); 
  115. case self::error_multiple_controls_in_label: 
  116. return __( "Multiple form controls are in a single label element.", 'contact-form-7' ); 
  117. case self::error_invalid_mail_header: 
  118. return __( "There are invalid mail header fields.", 'contact-form-7' ); 
  119. default: 
  120. return ''; 
  121.  
  122. public function add_error( $section, $code, $args = '' ) { 
  123. $args = wp_parse_args( $args, array( 
  124. 'message' => '',  
  125. 'params' => array(),  
  126. ) ); 
  127.  
  128. if ( ! isset( $this->errors[$section] ) ) { 
  129. $this->errors[$section] = array(); 
  130.  
  131. $this->errors[$section][] = array( 'code' => $code, 'args' => $args ); 
  132.  
  133. return true; 
  134.  
  135. public function remove_error( $section, $code ) { 
  136. if ( empty( $this->errors[$section] ) ) { 
  137. return; 
  138.  
  139. foreach ( (array) $this->errors[$section] as $key => $error ) { 
  140. if ( isset( $error['code'] ) && $error['code'] == $code ) { 
  141. unset( $this->errors[$section][$key] ); 
  142.  
  143. public function validate() { 
  144. $this->errors = array(); 
  145.  
  146. $this->validate_form(); 
  147. $this->validate_mail( 'mail' ); 
  148. $this->validate_mail( 'mail_2' ); 
  149. $this->validate_messages(); 
  150.  
  151. do_action( 'wpcf7_config_validator_validate', $this ); 
  152.  
  153. return $this->is_valid(); 
  154.  
  155. public function save() { 
  156. if ( $this->contact_form->initial() ) { 
  157. return; 
  158.  
  159. delete_post_meta( $this->contact_form->id(), '_config_errors' ); 
  160.  
  161. if ( $this->errors ) { 
  162. update_post_meta( $this->contact_form->id(), '_config_errors',  
  163. $this->errors ); 
  164.  
  165. public function restore() { 
  166. $config_errors = get_post_meta( 
  167. $this->contact_form->id(), '_config_errors', true ); 
  168.  
  169. foreach ( (array) $config_errors as $section => $errors ) { 
  170. if ( empty( $errors ) ) { 
  171. continue; 
  172.  
  173. if ( ! is_array( $errors ) ) { // for back-compat 
  174. $code = $errors; 
  175. $this->add_error( $section, $code ); 
  176. } else { 
  177. foreach ( (array) $errors as $error ) { 
  178. if ( ! empty( $error['code'] ) ) { 
  179. $code = $error['code']; 
  180. $args = isset( $error['args'] ) ? $error['args'] : ''; 
  181. $this->add_error( $section, $code, $args ); 
  182.  
  183. public function replace_mail_tags_with_minimum_input( $matches ) { 
  184. // allow [[foo]] syntax for escaping a tag 
  185. if ( $matches[1] == '[' && $matches[4] == ']' ) { 
  186. return substr( $matches[0], 1, -1 ); 
  187.  
  188. $tag = $matches[0]; 
  189. $tagname = $matches[2]; 
  190. $values = $matches[3]; 
  191.  
  192. if ( ! empty( $values ) ) { 
  193. preg_match_all( '/"[^"]*"|\'[^\']*\'/', $values, $matches ); 
  194. $values = wpcf7_strip_quote_deep( $matches[0] ); 
  195.  
  196. $do_not_heat = false; 
  197.  
  198. if ( preg_match( '/^_raw_(.+)$/', $tagname, $matches ) ) { 
  199. $tagname = trim( $matches[1] ); 
  200. $do_not_heat = true; 
  201.  
  202. $format = ''; 
  203.  
  204. if ( preg_match( '/^_format_(.+)$/', $tagname, $matches ) ) { 
  205. $tagname = trim( $matches[1] ); 
  206. $format = $values[0]; 
  207.  
  208. $example_email = 'example@example.com'; 
  209. $example_text = 'example'; 
  210. $example_blank = ''; 
  211.  
  212. $form_tags = $this->contact_form->scan_form_tags( 
  213. array( 'name' => $tagname ) ); 
  214.  
  215. if ( $form_tags ) { 
  216. $form_tag = new WPCF7_FormTag( $form_tags[0] ); 
  217.  
  218. $is_required = ( $form_tag->is_required() || 'radio' == $form_tag->type ); 
  219.  
  220. if ( ! $is_required ) { 
  221. return $example_blank; 
  222.  
  223. if ( wpcf7_form_tag_supports( $form_tag->type, 'selectable-values' ) ) { 
  224. if ( $form_tag->pipes instanceof WPCF7_Pipes ) { 
  225. if ( $do_not_heat ) { 
  226. $before_pipes = $form_tag->pipes->collect_befores(); 
  227. $last_item = array_pop( $before_pipes ); 
  228. } else { 
  229. $after_pipes = $form_tag->pipes->collect_afters(); 
  230. $last_item = array_pop( $after_pipes ); 
  231. } else { 
  232. $last_item = array_pop( $form_tag->values ); 
  233.  
  234. if ( $last_item && wpcf7_is_mailbox_list( $last_item ) ) { 
  235. return $example_email; 
  236. } else { 
  237. return $example_text; 
  238.  
  239. if ( 'email' == $form_tag->basetype ) { 
  240. return $example_email; 
  241. } else { 
  242. return $example_text; 
  243.  
  244. } else { 
  245. $tagname = preg_replace( '/^wpcf7\./', '_', $tagname ); // for back-compat 
  246.  
  247. if ( '_post_author_email' == $tagname ) { 
  248. return $example_email; 
  249. } elseif ( '_' == substr( $tagname, 0, 1 ) ) { // maybe special mail tag 
  250. return $example_text; 
  251.  
  252. return $tag; 
  253.  
  254. public function validate_form() { 
  255. $section = 'form.body'; 
  256. $form = $this->contact_form->prop( 'form' ); 
  257. $this->detect_multiple_controls_in_label( $section, $form ); 
  258. $this->detect_unavailable_names( $section, $form ); 
  259.  
  260. public function detect_multiple_controls_in_label( $section, $content ) { 
  261. $pattern = '%<label(?:[ \t\n]+.*?)?>(.+?)</label>%s'; 
  262.  
  263. if ( preg_match_all( $pattern, $content, $matches ) ) { 
  264. $form_tags_manager = WPCF7_FormTagsManager::get_instance(); 
  265.  
  266. foreach ( $matches[1] as $insidelabel ) { 
  267. $tags = $form_tags_manager->scan( $insidelabel ); 
  268. $fields_count = 0; 
  269.  
  270. foreach ( $tags as $tag ) { 
  271. $tag = new WPCF7_FormTag( $tag ); 
  272.  
  273. $is_multiple_controls_container = wpcf7_form_tag_supports( 
  274. $tag->type, 'multiple-controls-container' ); 
  275.  
  276. if ( $is_multiple_controls_container ) { 
  277. $fields_count += count( $tag->values ); 
  278.  
  279. if ( $tag->has_option( 'free_text' ) ) { 
  280. $fields_count += 1; 
  281. } elseif ( ! empty( $tag->name ) ) { 
  282. $fields_count += 1; 
  283.  
  284. if ( 1 < $fields_count ) { 
  285. return $this->add_error( $section,  
  286. self::error_multiple_controls_in_label, array( 
  287. 'link' => self::get_doc_link( 'multiple_controls_in_label' ),  
  288. ); 
  289.  
  290. return false; 
  291.  
  292. public function detect_unavailable_names( $section, $content ) { 
  293. $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat',  
  294. 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence',  
  295. 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order',  
  296. 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second',  
  297. 'name', 'category_name', 'tag', 'feed', 'author_name', 'static',  
  298. 'pagename', 'page_id', 'error', 'attachment', 'attachment_id',  
  299. 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term',  
  300. 'cpage', 'post_type', 'embed' ); 
  301.  
  302. $form_tags_manager = WPCF7_FormTagsManager::get_instance(); 
  303. $ng_named_tags = $form_tags_manager->filter( $content,  
  304. array( 'name' => $public_query_vars ) ); 
  305.  
  306. $ng_names = array(); 
  307.  
  308. foreach ( $ng_named_tags as $tag ) { 
  309. $ng_names[] = $tag['name']; 
  310.  
  311. if ( $ng_names ) { 
  312. $ng_names = array_unique( $ng_names ); 
  313.  
  314. return $this->add_error( $section,  
  315. self::error_unavailable_names,  
  316. array( 
  317. 'message' => __( "Unavailable names (%names%) are used for form controls.", 'contact-form-7' ),  
  318. 'params' => array( 'names' => implode( ', ', $ng_names ) ),  
  319. 'link' => self::get_doc_link( 'unavailable_names' ),  
  320. ); 
  321.  
  322. return false; 
  323.  
  324. public function validate_mail( $template = 'mail' ) { 
  325. $components = (array) $this->contact_form->prop( $template ); 
  326.  
  327. if ( ! $components ) { 
  328. return; 
  329.  
  330. if ( 'mail' != $template && empty( $components['active'] ) ) { 
  331. return; 
  332.  
  333. $components = wp_parse_args( $components, array( 
  334. 'subject' => '',  
  335. 'sender' => '',  
  336. 'recipient' => '',  
  337. 'additional_headers' => '',  
  338. 'body' => '',  
  339. 'attachments' => '',  
  340. ) ); 
  341.  
  342. $callback = array( $this, 'replace_mail_tags_with_minimum_input' ); 
  343.  
  344. $subject = $components['subject']; 
  345. $subject = new WPCF7_MailTaggedText( $subject,  
  346. array( 'callback' => $callback ) ); 
  347. $subject = $subject->replace_tags(); 
  348. $subject = wpcf7_strip_newline( $subject ); 
  349. $this->detect_maybe_empty( sprintf( '%s.subject', $template ), $subject ); 
  350.  
  351. $sender = $components['sender']; 
  352. $sender = new WPCF7_MailTaggedText( $sender,  
  353. array( 'callback' => $callback ) ); 
  354. $sender = $sender->replace_tags(); 
  355. $sender = wpcf7_strip_newline( $sender ); 
  356.  
  357. if ( ! $this->detect_invalid_mailbox_syntax( sprintf( '%s.sender', $template ), $sender ) 
  358. && ! wpcf7_is_email_in_site_domain( $sender ) ) { 
  359. $this->add_error( sprintf( '%s.sender', $template ),  
  360. self::error_email_not_in_site_domain, array( 
  361. 'link' => self::get_doc_link( 'email_not_in_site_domain' ),  
  362. ); 
  363.  
  364. $recipient = $components['recipient']; 
  365. $recipient = new WPCF7_MailTaggedText( $recipient,  
  366. array( 'callback' => $callback ) ); 
  367. $recipient = $recipient->replace_tags(); 
  368. $recipient = wpcf7_strip_newline( $recipient ); 
  369.  
  370. $this->detect_invalid_mailbox_syntax( 
  371. sprintf( '%s.recipient', $template ), $recipient ); 
  372.  
  373. $additional_headers = $components['additional_headers']; 
  374. $additional_headers = new WPCF7_MailTaggedText( $additional_headers,  
  375. array( 'callback' => $callback ) ); 
  376. $additional_headers = $additional_headers->replace_tags(); 
  377. $additional_headers = explode( "\n", $additional_headers ); 
  378. $mailbox_header_types = array( 'reply-to', 'cc', 'bcc' ); 
  379. $invalid_mail_header_exists = false; 
  380.  
  381. foreach ( $additional_headers as $header ) { 
  382. $header = trim( $header ); 
  383.  
  384. if ( '' === $header ) { 
  385. continue; 
  386.  
  387. if ( ! preg_match( '/^([0-9A-Za-z-]+):(.+)$/', $header, $matches ) ) { 
  388. $invalid_mail_header_exists = true; 
  389. } else { 
  390. $header_name = $matches[1]; 
  391. $header_value = $matches[2]; 
  392.  
  393. if ( in_array( strtolower( $header_name ), $mailbox_header_types ) ) { 
  394. $this->detect_invalid_mailbox_syntax( 
  395. sprintf( '%s.additional_headers', $template ),  
  396. $header_value, array( 
  397. 'message' => 
  398. __( "Invalid mailbox syntax is used in the %name% field.", 'contact-form-7' ),  
  399. 'params' => array( 'name' => $header_name ) ) ); 
  400.  
  401. if ( $invalid_mail_header_exists ) { 
  402. $this->add_error( sprintf( '%s.additional_headers', $template ),  
  403. self::error_invalid_mail_header, array( 
  404. 'link' => self::get_doc_link( 'invalid_mail_header' ),  
  405. ); 
  406.  
  407. $body = $components['body']; 
  408. $body = new WPCF7_MailTaggedText( $body,  
  409. array( 'callback' => $callback ) ); 
  410. $body = $body->replace_tags(); 
  411. $this->detect_maybe_empty( sprintf( '%s.body', $template ), $body ); 
  412.  
  413. if ( '' !== $components['attachments'] ) { 
  414. foreach ( explode( "\n", $components['attachments'] ) as $line ) { 
  415. $line = trim( $line ); 
  416.  
  417. if ( '' === $line || '[' == substr( $line, 0, 1 ) ) { 
  418. continue; 
  419.  
  420. $this->detect_file_not_found( 
  421. sprintf( '%s.attachments', $template ), $line ); 
  422.  
  423. public function detect_invalid_mailbox_syntax( $section, $content, $args = '' ) { 
  424. $args = wp_parse_args( $args, array( 
  425. 'link' => self::get_doc_link( 'invalid_mailbox_syntax' ),  
  426. 'message' => '',  
  427. 'params' => array(),  
  428. ) ); 
  429.  
  430. if ( ! wpcf7_is_mailbox_list( $content ) ) { 
  431. return $this->add_error( $section,  
  432. self::error_invalid_mailbox_syntax, $args ); 
  433.  
  434. return false; 
  435.  
  436. public function detect_maybe_empty( $section, $content ) { 
  437. if ( '' === $content ) { 
  438. return $this->add_error( $section,  
  439. self::error_maybe_empty, array( 
  440. 'link' => self::get_doc_link( 'maybe_empty' ),  
  441. ); 
  442.  
  443. return false; 
  444.  
  445. public function detect_file_not_found( $section, $content ) { 
  446. $path = path_join( WP_CONTENT_DIR, $content ); 
  447.  
  448. if ( ! @is_readable( $path ) || ! @is_file( $path ) ) { 
  449. return $this->add_error( $section,  
  450. self::error_file_not_found,  
  451. array( 
  452. 'message' => 
  453. __( "Attachment file does not exist at %path%.", 'contact-form-7' ),  
  454. 'params' => array( 'path' => $content ),  
  455. 'link' => self::get_doc_link( 'file_not_found' ),  
  456. ); 
  457.  
  458. return false; 
  459.  
  460. public function validate_messages() { 
  461. $messages = (array) $this->contact_form->prop( 'messages' ); 
  462.  
  463. if ( ! $messages ) { 
  464. return; 
  465.  
  466. if ( isset( $messages['captcha_not_match'] ) 
  467. && ! wpcf7_use_really_simple_captcha() ) { 
  468. unset( $messages['captcha_not_match'] ); 
  469.  
  470. foreach ( $messages as $key => $message ) { 
  471. $section = sprintf( 'messages.%s', $key ); 
  472. $this->detect_html_in_message( $section, $message ); 
  473.  
  474. public function detect_html_in_message( $section, $content ) { 
  475. $stripped = wp_strip_all_tags( $content ); 
  476.  
  477. if ( $stripped != $content ) { 
  478. return $this->add_error( $section,  
  479. self::error_html_in_message,  
  480. array( 
  481. 'link' => self::get_doc_link( 'html_in_message' ),  
  482. ); 
  483.  
  484. return false;