| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: controller.php 21078 2011-04-04 20:52:23Z dextercowley $ 4 * @package Joomla 5 * @subpackage MailTo 6 * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant to the 9 * GNU General Public License, and as distributed it includes or is derivative 10 * of works licensed under the GNU General Public License or other free or open 11 * source software licenses. See COPYRIGHT.php for copyright notices and 12 * details. 13 */ 14 15 // Check to ensure this file is included in Joomla! 16 defined('_JEXEC') or die( 'Restricted access' ); 17 18 jimport('joomla.application.component.controller'); 19 20 define('MAILTO_TIMEOUT', 20); 21 22 /** 23 * @package Joomla 24 * @subpackage MailTo 25 */ 26 class MailtoController extends JController 27 { 28 29 /** 30 * Show the form so that the user can send the link to someone 31 * 32 * @access public 33 * @since 1.5 34 */ 35 function mailto() 36 { 37 $session =& JFactory::getSession(); 38 $session->set('com_mailto.formtime', time()); 39 JRequest::setVar( 'view', 'mailto' ); 40 $this->display(); 41 } 42 43 /** 44 * Send the message and display a notice 45 * 46 * @access public 47 * @since 1.5 48 */ 49 function send() 50 { 51 global $mainframe; 52 53 // Check for request forgeries 54 JRequest::checkToken() or jexit( 'Invalid Token' ); 55 $session =& JFactory::getSession(); 56 $db =& JFactory::getDBO(); 57 58 // we return time() instead of 0 (as it previously was), so that the session variable has to be set in order to send the mail 59 $timeout = $session->get('com_mailto.formtime', time()); 60 if($timeout == 0 || time() - $timeout < MAILTO_TIMEOUT) { 61 JError::raiseNotice( 500, JText:: _ ('EMAIL_NOT_SENT' )); 62 return $this->mailto(); 63 } 64 // here we unset the counter right away so that you have to wait again, and you have to visit mailto() first 65 $session->set('com_mailto.formtime', null); 66 67 jimport( 'joomla.mail.helper' ); 68 69 $SiteName = $mainframe->getCfg('sitename'); 70 $MailFrom = $mainframe->getCfg('mailfrom'); 71 $FromName = $mainframe->getCfg('fromname'); 72 73 $link = MailtoHelper::validateHash(JRequest::getString('link', '', 'post')); 74 75 // Verify that this is a local link 76 if((!$link) || (!JURI::isInternal($link))) { 77 //Non-local url... 78 JError::raiseNotice( 500, JText:: _ ('EMAIL_NOT_SENT' )); 79 return $this->mailto(); 80 } 81 82 // An array of e-mail headers we do not want to allow as input 83 $headers = array ( 'Content-Type:', 84 'MIME-Version:', 85 'Content-Transfer-Encoding:', 86 'bcc:', 87 'cc:'); 88 89 // An array of the input fields to scan for injected headers 90 $fields = array ('mailto', 91 'sender', 92 'from', 93 'subject', 94 ); 95 96 /* 97 * Here is the meat and potatoes of the header injection test. We 98 * iterate over the array of form input and check for header strings. 99 * If we find one, send an unauthorized header and die. 100 */ 101 foreach ($fields as $field) 102 { 103 foreach ($headers as $header) 104 { 105 if (strpos($_POST[$field], $header) !== false) 106 { 107 JError::raiseError(403, ''); 108 } 109 } 110 } 111 112 /* 113 * Free up memory 114 */ 115 unset ($headers, $fields); 116 117 $email = JRequest::getString('mailto', '', 'post'); 118 $sender = JRequest::getString('sender', '', 'post'); 119 $from = JRequest::getString('from', '', 'post'); 120 $subject_default = JText::sprintf('Item sent by', $sender); 121 $subject = JRequest::getString('subject', $subject_default, 'post'); 122 123 // Check for a valid to address 124 $error = false; 125 if ( ! $email || ! JMailHelper::isEmailAddress($email) ) 126 { 127 $error = JText::sprintf('EMAIL_INVALID', $email); 128 JError::raiseWarning(0, $error ); 129 } 130 131 // Check for a valid from address 132 if ( ! $from || ! JMailHelper::isEmailAddress($from) ) 133 { 134 $error = JText::sprintf('EMAIL_INVALID', $from); 135 JError::raiseWarning(0, $error ); 136 } 137 138 if ( $error ) 139 { 140 return $this->mailto(); 141 } 142 143 // Build the message to send 144 $msg = JText :: _('EMAIL_MSG'); 145 $body = sprintf( $msg, $SiteName, $sender, $from, $link); 146 147 // Clean the email data 148 $subject = JMailHelper::cleanSubject($subject); 149 $body = JMailHelper::cleanBody($body); 150 $sender = JMailHelper::cleanAddress($sender); 151 152 // Send the email 153 if ( JUtility::sendMail($from, $sender, $email, $subject, $body) !== true ) 154 { 155 JError::raiseNotice( 500, JText:: _ ('EMAIL_NOT_SENT' )); 156 return $this->mailto(); 157 } 158 159 JRequest::setVar( 'view', 'sent' ); 160 $this->display(); 161 } 162 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |