(.+?)%s'; if ( preg_match_all( $pattern, $content, $matches ) ) { $form_tags_manager = WPCF7_FormTagsManager::get_instance(); foreach ( $matches[1] as $insidelabel ) { $tags = $form_tags_manager->scan( $insidelabel ); $fields_count = 0; foreach ( $tags as $tag ) { $is_multiple_controls_container = wpcf7_form_tag_supports( $tag->type, 'multiple-controls-container' ); $is_zero_controls_container = wpcf7_form_tag_supports( $tag->type, 'zero-controls-container' ); if ( $is_multiple_controls_container ) { $fields_count += count( $tag->values ); if ( $tag->has_option( 'free_text' ) ) { $fields_count += 1; } } elseif ( $is_zero_controls_container ) { $fields_count += 0; } elseif ( ! empty( $tag->name ) ) { $fields_count += 1; } if ( 1 < $fields_count ) { return $this->add_error( $section, self::error_multiple_controls_in_label, array( 'link' => self::get_doc_link( 'multiple_controls_in_label' ), ) ); } } } } return false; } public function detect_unavailable_names( $section, $content ) { $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); $form_tags_manager = WPCF7_FormTagsManager::get_instance(); $ng_named_tags = $form_tags_manager->filter( $content, array( 'name' => $public_query_vars ) ); $ng_names = array(); foreach ( $ng_named_tags as $tag ) { $ng_names[] = sprintf( '"%s"', $tag->name ); } if ( $ng_names ) { $ng_names = array_unique( $ng_names ); return $this->add_error( $section, self::error_unavailable_names, array( 'message' => /* translators: %names%: a list of form control names */ __( "Unavailable names (%names%) are used for form controls.", 'contact-form-7' ), 'params' => array( 'names' => implode( ', ', $ng_names ) ), 'link' => self::get_doc_link( 'unavailable_names' ), ) ); } return false; } public function detect_unavailable_html_elements( $section, $content ) { $pattern = '%(?:]|)%i'; if ( preg_match( $pattern, $content ) ) { return $this->add_error( $section, self::error_unavailable_html_elements, array( 'message' => __( "Unavailable HTML elements are used in the form template.", 'contact-form-7' ), 'link' => self::get_doc_link( 'unavailable_html_elements' ), ) ); } return false; } public function validate_mail( $template = 'mail' ) { $components = (array) $this->contact_form->prop( $template ); if ( ! $components ) { return; } if ( 'mail' != $template and empty( $components['active'] ) ) { return; } $components = wp_parse_args( $components, array( 'subject' => '', 'sender' => '', 'recipient' => '', 'additional_headers' => '', 'body' => '', 'attachments' => '', ) ); $callback = array( $this, 'replace_mail_tags_with_minimum_input' ); $subject = $components['subject']; $subject = new WPCF7_MailTaggedText( $subject, array( 'callback' => $callback ) ); $subject = $subject->replace_tags(); $subject = wpcf7_strip_newline( $subject ); $this->detect_maybe_empty( sprintf( '%s.subject', $template ), $subject ); $sender = $components['sender']; $sender = new WPCF7_MailTaggedText( $sender, array( 'callback' => $callback ) ); $sender = $sender->replace_tags(); $sender = wpcf7_strip_newline( $sender ); if ( ! $this->detect_invalid_mailbox_syntax( sprintf( '%s.sender', $template ), $sender ) and ! wpcf7_is_email_in_site_domain( $sender ) ) { $this->add_error( sprintf( '%s.sender', $template ), self::error_email_not_in_site_domain, array( 'link' => self::get_doc_link( 'email_not_in_site_domain' ), ) ); } $recipient = $components['recipient']; $recipient = new WPCF7_MailTaggedText( $recipient, array( 'callback' => $callback ) ); $recipient = $recipient->replace_tags(); $recipient = wpcf7_strip_newline( $recipient ); $this->detect_invalid_mailbox_syntax( sprintf( '%s.recipient', $template ), $recipient ); $additional_headers = $components['additional_headers']; $additional_headers = new WPCF7_MailTaggedText( $additional_headers, array( 'callback' => $callback ) ); $additional_headers = $additional_headers->replace_tags(); $additional_headers = explode( "\n", $additional_headers ); $mailbox_header_types = array( 'reply-to', 'cc', 'bcc' ); $invalid_mail_header_exists = false; foreach ( $additional_headers as $header ) { $header = trim( $header ); if ( '' === $header ) { continue; } if ( ! preg_match( '/^([0-9A-Za-z-]+):(.*)$/', $header, $matches ) ) { $invalid_mail_header_exists = true; } else { $header_name = $matches[1]; $header_value = trim( $matches[2] ); if ( in_array( strtolower( $header_name ), $mailbox_header_types ) ) { $this->detect_invalid_mailbox_syntax( sprintf( '%s.additional_headers', $template ), $header_value, array( 'message' => __( "Invalid mailbox syntax is used in the %name% field.", 'contact-form-7' ), 'params' => array( 'name' => $header_name ) ) ); } elseif ( empty( $header_value ) ) { $invalid_mail_header_exists = true; } } } if ( $invalid_mail_header_exists ) { $this->add_error( sprintf( '%s.additional_headers', $template ), self::error_invalid_mail_header, array( 'link' => self::get_doc_link( 'invalid_mail_header' ), ) ); } $body = $components['body']; $body = new WPCF7_MailTaggedText( $body, array( 'callback' => $callback ) ); $body = $body->replace_tags(); $this->detect_maybe_empty( sprintf( '%s.body', $template ), $body ); if ( '' !== $components['attachments'] ) { $attachables = array(); $tags = $this->contact_form->scan_form_tags( array( 'type' => array( 'file', 'file*' ) ) ); foreach ( $tags as $tag ) { $name = $tag->name; if ( false === strpos( $components['attachments'], "[{$name}]" ) ) { continue; } $limit = (int) $tag->get_limit_option(); if ( empty( $attachables[$name] ) or $attachables[$name] < $limit ) { $attachables[$name] = $limit; } } $total_size = array_sum( $attachables ); $has_file_not_found = false; $has_file_not_in_content_dir = false; foreach ( explode( "\n", $components['attachments'] ) as $line ) { $line = trim( $line ); if ( '' === $line or '[' == substr( $line, 0, 1 ) ) { continue; } $has_file_not_found = $this->detect_file_not_found( sprintf( '%s.attachments', $template ), $line ); if ( ! $has_file_not_found and ! $has_file_not_in_content_dir ) { $has_file_not_in_content_dir = $this->detect_file_not_in_content_dir( sprintf( '%s.attachments', $template ), $line ); } if ( ! $has_file_not_found ) { $path = path_join( WP_CONTENT_DIR, $line ); $total_size += (int) @filesize( $path ); } } $max = 25 * 1024 * 1024; // 25 MB if ( $max < $total_size ) { $this->add_error( sprintf( '%s.attachments', $template ), self::error_attachments_overweight, array( 'message' => __( "The total size of attachment files is too large.", 'contact-form-7' ), 'link' => self::get_doc_link( 'attachments_overweight' ), ) ); } } } public function detect_invalid_mailbox_syntax( $section, $content, $args = '' ) { $args = wp_parse_args( $args, array( 'link' => self::get_doc_link( 'invalid_mailbox_syntax' ), 'message' => '', 'params' => array(), ) ); if ( ! wpcf7_is_mailbox_list( $content ) ) { return $this->add_error( $section, self::error_invalid_mailbox_syntax, $args ); } return false; } public function detect_maybe_empty( $section, $content ) { if ( '' === $content ) { return $this->add_error( $section, self::error_maybe_empty, array( 'link' => self::get_doc_link( 'maybe_empty' ), ) ); } return false; } public function detect_file_not_found( $section, $content ) { $path = path_join( WP_CONTENT_DIR, $content ); if ( ! is_readable( $path ) or ! is_file( $path ) ) { return $this->add_error( $section, self::error_file_not_found, array( 'message' => __( "Attachment file does not exist at %path%.", 'contact-form-7' ), 'params' => array( 'path' => $content ), 'link' => self::get_doc_link( 'file_not_found' ), ) ); } return false; } public function detect_file_not_in_content_dir( $section, $content ) { $path = path_join( WP_CONTENT_DIR, $content ); if ( ! wpcf7_is_file_path_in_content_dir( $path ) ) { return $this->add_error( $section, self::error_file_not_in_content_dir, array( 'message' => __( "It is not allowed to use files outside the wp-content directory.", 'contact-form-7' ), 'link' => self::get_doc_link( 'file_not_in_content_dir' ), ) ); } return false; } public function validate_messages() { $messages = (array) $this->contact_form->prop( 'messages' ); if ( ! $messages ) { return; } if ( isset( $messages['captcha_not_match'] ) and ! wpcf7_use_really_simple_captcha() ) { unset( $messages['captcha_not_match'] ); } foreach ( $messages as $key => $message ) { $section = sprintf( 'messages.%s', $key ); $this->detect_html_in_message( $section, $message ); } } public function detect_html_in_message( $section, $content ) { $stripped = wp_strip_all_tags( $content ); if ( $stripped != $content ) { return $this->add_error( $section, self::error_html_in_message, array( 'link' => self::get_doc_link( 'html_in_message' ), ) ); } return false; } public function validate_additional_settings() { $deprecated_settings_used = $this->contact_form->additional_setting( 'on_sent_ok' ) || $this->contact_form->additional_setting( 'on_submit' ); if ( $deprecated_settings_used ) { return $this->add_error( 'additional_settings.body', self::error_deprecated_settings, array( 'link' => self::get_doc_link( 'deprecated_settings' ), ) ); } } }