PHPXRef 0.7.1 : Joomla 2.5.4 DE : /components/com

[Summary view] [Print] [Text view]
   1  <?php
   2  /**
   3   * @package        Joomla.Site
   4   * @subpackage    com_mailto
   5   * @copyright    Copyright (C) 2005 - 2012 Open Source Matters, Inc. All rights reserved.
   6   * @license        GNU General Public License version 2 or later; see LICENSE.txt
   7   */
   8  
   9  // No direct access
  10  defined('_JEXEC') or die;
  11  
  12  jimport('joomla.application.component.controller');
  13  
  14  /**
  15   * @package        Joomla.Site
  16   * @subpackage    com_mailto
  17   */
  18  class MailtoController extends JController
  19  {
  20  
  21      /**
  22       * Show the form so that the user can send the link to someone
  23       *
  24       * @access public
  25       * @since 1.5
  26       */
  27  	function mailto()
  28      {
  29          $session = JFactory::getSession();
  30          $session->set('com_mailto.formtime', time());
  31          JRequest::setVar('view', 'mailto');
  32          $this->display();
  33      }
  34  
  35      /**
  36       * Send the message and display a notice
  37       *
  38       * @access public
  39       * @since 1.5
  40       */
  41  	function send()
  42      {
  43          // Check for request forgeries
  44          JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));
  45  
  46          $app    = JFactory::getApplication();
  47          $session = JFactory::getSession();
  48          $db    = JFactory::getDbo();
  49  
  50          $timeout = $session->get('com_mailto.formtime', 0);
  51          if ($timeout == 0 || time() - $timeout < 20) {
  52              JError::raiseNotice(500, JText:: _ ('COM_MAILTO_EMAIL_NOT_SENT'));
  53              return $this->mailto();
  54          }
  55  
  56          $SiteName    = $app->getCfg('sitename');
  57          $MailFrom    = $app->getCfg('mailfrom');
  58          $FromName    = $app->getCfg('fromname');
  59  
  60          $link        = MailtoHelper::validateHash(JRequest::getCMD('link', '', 'post'));
  61  
  62          // Verify that this is a local link
  63          if (!$link || !JURI::isInternal($link)) {
  64              //Non-local url...
  65              JError::raiseNotice(500, JText:: _ ('COM_MAILTO_EMAIL_NOT_SENT'));
  66              return $this->mailto();
  67          }
  68  
  69          // An array of email headers we do not want to allow as input
  70          $headers = array (    'Content-Type:',
  71                              'MIME-Version:',
  72                              'Content-Transfer-Encoding:',
  73                              'bcc:',
  74                              'cc:');
  75  
  76          // An array of the input fields to scan for injected headers
  77          $fields = array(
  78              'mailto',
  79              'sender',
  80              'from',
  81              'subject',
  82          );
  83  
  84          /*
  85           * Here is the meat and potatoes of the header injection test.  We
  86           * iterate over the array of form input and check for header strings.
  87           * If we find one, send an unauthorized header and die.
  88           */
  89          foreach ($fields as $field)
  90          {
  91              foreach ($headers as $header)
  92              {
  93                  if (strpos($_POST[$field], $header) !== false)
  94                  {
  95                      JError::raiseError(403, '');
  96                  }
  97              }
  98          }
  99  
 100          /*
 101           * Free up memory
 102           */
 103          unset ($headers, $fields);
 104  
 105          $email                = JRequest::getString('mailto', '', 'post');
 106          $sender                = JRequest::getString('sender', '', 'post');
 107          $from                = JRequest::getString('from', '', 'post');
 108          $subject_default    = JText::sprintf('COM_MAILTO_SENT_BY', $sender);
 109          $subject            = JRequest::getString('subject', $subject_default, 'post');
 110  
 111          // Check for a valid to address
 112          $error    = false;
 113          if (! $email  || ! JMailHelper::isEmailAddress($email))
 114          {
 115              $error    = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $email);
 116              JError::raiseWarning(0, $error);
 117          }
 118  
 119          // Check for a valid from address
 120          if (! $from || ! JMailHelper::isEmailAddress($from))
 121          {
 122              $error    = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $from);
 123              JError::raiseWarning(0, $error);
 124          }
 125  
 126          if ($error)
 127          {
 128              return $this->mailto();
 129          }
 130  
 131          // Build the message to send
 132          $msg    = JText :: _('COM_MAILTO_EMAIL_MSG');
 133          $body    = sprintf($msg, $SiteName, $sender, $from, $link);
 134  
 135          // Clean the email data
 136          $subject = JMailHelper::cleanSubject($subject);
 137          $body     = JMailHelper::cleanBody($body);
 138          $sender     = JMailHelper::cleanAddress($sender);
 139  
 140          // Send the email
 141          if (JFactory::getMailer()->sendMail($from, $sender, $email, $subject, $body) !== true)
 142          {
 143              JError::raiseNotice(500, JText:: _ ('COM_MAILTO_EMAIL_NOT_SENT'));
 144              return $this->mailto();
 145          }
 146  
 147          JRequest::setVar('view', 'sent');
 148          $this->display();
 149      }
 150  }
PHP Cross Reference of Joomla 2.5.4 DE

/components/com_mailto/ -> controller.php (source)
