\n\n";
// Don't show the feedback details unless the nonce matches
if ( $feedback_id && wp_verify_nonce( stripslashes( $_GET['_wpnonce'] ), "contact-form-sent-{$feedback_id}" ) ) {
$r_success_message .= self::success_message( $feedback_id, $form );
}
/**
* Filter the message returned after a successful contact form submission.
*
* @module contact-form
*
* @since 1.3.1
*
* @param string $r_success_message Success message.
*/
$r .= apply_filters( 'grunion_contact_form_success_message', $r_success_message );
} else {
// Nothing special - show the normal contact form
if ( $form->get_attribute( 'widget' ) ) {
// Submit form to the current URL
$url = remove_query_arg( array( 'contact-form-id', 'contact-form-sent', 'action', '_wpnonce' ) );
} else {
// Submit form to the post permalink
$url = get_permalink();
}
// For SSL/TLS page. See RFC 3986 Section 4.2
$url = set_url_scheme( $url );
// May eventually want to send this to admin-post.php...
/**
* Filter the contact form action URL.
*
* @module contact-form
*
* @since 1.3.1
*
* @param string $contact_form_id Contact form post URL.
* @param $post $GLOBALS['post'] Post global variable.
* @param int $id Contact Form ID.
*/
$url = apply_filters( 'grunion_contact_form_form_action', "{$url}#contact-form-{$id}", $GLOBALS['post'], $id );
$r .= "\n";
}
$r .= '
';
return $r;
}
/**
* Returns a success message to be returned if the form is sent via AJAX.
*
* @param int $feedback_id
* @param object Grunion_Contact_Form $form
*
* @return string $message
*/
static function success_message( $feedback_id, $form ) {
return wp_kses(
'
',
array(
'br' => array(),
'blockquote' => array( 'class' => array() ),
'p' => array(),
)
);
}
/**
* Returns a compiled form with labels and values in a form of an array
* of lines.
*
* @param int $feedback_id
* @param object Grunion_Contact_Form $form
*
* @return array $lines
*/
static function get_compiled_form( $feedback_id, $form ) {
$feedback = get_post( $feedback_id );
$field_ids = $form->get_field_ids();
$content_fields = Grunion_Contact_Form_Plugin::parse_fields_from_content( $feedback_id );
// Maps field_ids to post_meta keys
$field_value_map = array(
'name' => 'author',
'email' => 'author_email',
'url' => 'author_url',
'subject' => 'subject',
'textarea' => false, // not a post_meta key. This is stored in post_content
);
$compiled_form = array();
// "Standard" field whitelist
foreach ( $field_value_map as $type => $meta_key ) {
if ( isset( $field_ids[ $type ] ) ) {
$field = $form->fields[ $field_ids[ $type ] ];
if ( $meta_key ) {
if ( isset( $content_fields[ "_feedback_{$meta_key}" ] ) ) {
$value = $content_fields[ "_feedback_{$meta_key}" ];
}
} else {
// The feedback content is stored as the first "half" of post_content
$value = $feedback->post_content;
list( $value ) = explode( '', $value );
$value = trim( $value );
}
$field_index = array_search( $field_ids[ $type ], $field_ids['all'] );
$compiled_form[ $field_index ] = sprintf(
'%1$s: %2$s
',
wp_kses( $field->get_attribute( 'label' ), array() ),
self::escape_and_sanitize_field_value( $value )
);
}
}
// "Non-standard" fields
if ( $field_ids['extra'] ) {
// array indexed by field label (not field id)
$extra_fields = get_post_meta( $feedback_id, '_feedback_extra_fields', true );
/**
* Only get data for the compiled form if `$extra_fields` is a valid and non-empty array.
*/
if ( is_array( $extra_fields ) && ! empty( $extra_fields ) ) {
$extra_field_keys = array_keys( $extra_fields );
$i = 0;
foreach ( $field_ids['extra'] as $field_id ) {
$field = $form->fields[ $field_id ];
$field_index = array_search( $field_id, $field_ids['all'] );
$label = $field->get_attribute( 'label' );
$compiled_form[ $field_index ] = sprintf(
'%1$s: %2$s
',
wp_kses( $label, array() ),
self::escape_and_sanitize_field_value( $extra_fields[ $extra_field_keys[ $i ] ] )
);
$i++;
}
}
}
// Sorting lines by the field index
ksort( $compiled_form );
return $compiled_form;
}
static function escape_and_sanitize_field_value( $value ) {
$value = str_replace( array( '[' , ']' ) , array( '[' , ']' ) , $value );
return nl2br( wp_kses( $value, array() ) );
}
/**
* Only strip out empty string values and keep all the other values as they are.
*
* @param $single_value
*
* @return bool
*/
static function remove_empty( $single_value ) {
return ( $single_value !== '' );
}
/**
* The contact-field shortcode processor
* We use an object method here instead of a static Grunion_Contact_Form_Field class method to parse contact-field shortcodes so that we can tie them to the contact-form object.
*
* @param array $attributes Key => Value pairs as parsed by shortcode_parse_atts()
* @param string|null $content The shortcode's inner content: [contact-field]$content[/contact-field]
* @return HTML for the contact form field
*/
static function parse_contact_field( $attributes, $content ) {
// Don't try to parse contact form fields if not inside a contact form
if ( ! Grunion_Contact_Form_Plugin::$using_contact_form_field ) {
$att_strs = array();
if ( ! isset( $attributes['label'] ) ) {
$type = isset( $attributes['type'] ) ? $attributes['type'] : null;
$attributes['label'] = self::get_default_label_from_type( $type );
}
foreach ( $attributes as $att => $val ) {
if ( is_numeric( $att ) ) { // Is a valueless attribute
$att_strs[] = esc_html( $val );
} elseif ( isset( $val ) ) { // A regular attr - value pair
if ( ( $att === 'options' || $att === 'values' ) && is_string( $val ) ) { // remove any empty strings
$val = explode( ',', $val );
}
if ( is_array( $val ) ) {
$val = array_filter( $val, array( __CLASS__, 'remove_empty' ) ); // removes any empty strings
$att_strs[] = esc_html( $att ) . '="' . implode( ',', array_map( 'esc_html', $val ) ) . '"';
} elseif ( is_bool( $val ) ) {
$att_strs[] = esc_html( $att ) . '="' . esc_html( $val ? '1' : '' ) . '"';
} else {
$att_strs[] = esc_html( $att ) . '="' . esc_html( $val ) . '"';
}
}
}
$html = '[contact-field ' . implode( ' ', $att_strs );
if ( isset( $content ) && ! empty( $content ) ) { // If there is content, let's add a closing tag
$html .= ']' . esc_html( $content ) . '[/contact-field]';
} else { // Otherwise let's add a closing slash in the first tag
$html .= '/]';
}
return $html;
}
$form = Grunion_Contact_Form::$current_form;
$field = new Grunion_Contact_Form_Field( $attributes, $content, $form );
$field_id = $field->get_attribute( 'id' );
if ( $field_id ) {
$form->fields[ $field_id ] = $field;
} else {
$form->fields[] = $field;
}
if (
isset( $_POST['action'] ) && 'grunion-contact-form' === $_POST['action']
&&
isset( $_POST['contact-form-id'] ) && $form->get_attribute( 'id' ) == $_POST['contact-form-id']
&&
isset( $_POST['contact-form-hash'] ) && hash_equals( $form->hash, $_POST['contact-form-hash'] )
) {
// If we're processing a POST submission for this contact form, validate the field value so we can show errors as necessary.
$field->validate();
}
// Output HTML
return $field->render();
}
static function get_default_label_from_type( $type ) {
switch ( $type ) {
case 'text':
return __( 'Text', 'jetpack' );
case 'name':
return __( 'Name', 'jetpack' );
case 'email':
return __( 'Email', 'jetpack' );
case 'url':
return __( 'Website', 'jetpack' );
case 'date':
return __( 'Date', 'jetpack' );
case 'telephone':
return __( 'Phone', 'jetpack' );
case 'textarea':
return __( 'Message', 'jetpack' );
case 'checkbox':
return __( 'Checkbox', 'jetpack' );
case 'checkbox-multiple':
return __( 'Choose several', 'jetpack' );
case 'radio':
return __( 'Choose one', 'jetpack' );
case 'select':
return __( 'Select one', 'jetpack' );
default:
return null;
}
}
/**
* Loops through $this->fields to generate a (structured) list of field IDs.
*
* Important: Currently the whitelisted fields are defined as follows:
* `name`, `email`, `url`, `subject`, `textarea`
*
* If you need to add new fields to the Contact Form, please don't add them
* to the whitelisted fields and leave them as extra fields.
*
* The reasoning behind this is that both the admin Feedback view and the CSV
* export will not include any fields that are added to the list of
* whitelisted fields without taking proper care to add them to all the
* other places where they accessed/used/saved.
*
* The safest way to add new fields is to add them to the dropdown and the
* HTML list ( @see Grunion_Contact_Form_Field::render ) and don't add them
* to the list of whitelisted fields. This way they will become a part of the
* `extra fields` which are saved in the post meta and will be properly
* handled by the admin Feedback view and the CSV Export without any extra
* work.
*
* If there is need to add a field to the whitelisted fields, then please
* take proper care to add logic to handle the field in the following places:
*
* - Below in the switch statement - so the field is recognized as whitelisted.
*
* - Grunion_Contact_Form::process_submission - validation and logic.
*
* - Grunion_Contact_Form::process_submission - add the field as an additional
* field in the `post_content` when saving the feedback content.
*
* - Grunion_Contact_Form_Plugin::parse_fields_from_content - add mapping
* for the field, defined in the above method.
*
* - Grunion_Contact_Form_Plugin::map_parsed_field_contents_of_post_to_field_names -
* add mapping of the field for the CSV Export. Otherwise it will be missing
* from the exported data.
*
* - admin.php / grunion_manage_post_columns - add the field to the render logic.
* Otherwise it will be missing from the admin Feedback view.
*
* @return array
*/
function get_field_ids() {
$field_ids = array(
'all' => array(), // array of all field_ids
'extra' => array(), // array of all non-whitelisted field IDs
// Whitelisted "standard" field IDs:
// 'email' => field_id,
// 'name' => field_id,
// 'url' => field_id,
// 'subject' => field_id,
// 'textarea' => field_id,
);
foreach ( $this->fields as $id => $field ) {
$field_ids['all'][] = $id;
$type = $field->get_attribute( 'type' );
if ( isset( $field_ids[ $type ] ) ) {
// This type of field is already present in our whitelist of "standard" fields for this form
// Put it in extra
$field_ids['extra'][] = $id;
continue;
}
/**
* See method description before modifying the switch cases.
*/
switch ( $type ) {
case 'email':
case 'name':
case 'url':
case 'subject':
case 'textarea':
$field_ids[ $type ] = $id;
break;
default:
// Put everything else in extra
$field_ids['extra'][] = $id;
}
}
return $field_ids;
}
/**
* Process the contact form's POST submission
* Stores feedback. Sends email.
*/
function process_submission() {
global $post;
$plugin = Grunion_Contact_Form_Plugin::init();
$id = $this->get_attribute( 'id' );
$to = $this->get_attribute( 'to' );
$widget = $this->get_attribute( 'widget' );
$contact_form_subject = $this->get_attribute( 'subject' );
$to = str_replace( ' ', '', $to );
$emails = explode( ',', $to );
$valid_emails = array();
foreach ( (array) $emails as $email ) {
if ( ! is_email( $email ) ) {
continue;
}
if ( function_exists( 'is_email_address_unsafe' ) && is_email_address_unsafe( $email ) ) {
continue;
}
$valid_emails[] = $email;
}
// No one to send it to, which means none of the "to" attributes are valid emails.
// Use default email instead.
if ( ! $valid_emails ) {
$valid_emails = $this->defaults['to'];
}
$to = $valid_emails;
// Last ditch effort to set a recipient if somehow none have been set.
if ( empty( $to ) ) {
$to = get_option( 'admin_email' );
}
// Make sure we're processing the form we think we're processing... probably a redundant check.
if ( $widget ) {
if ( 'widget-' . $widget != $_POST['contact-form-id'] ) {
return false;
}
} else {
if ( $post->ID != $_POST['contact-form-id'] ) {
return false;
}
}
$field_ids = $this->get_field_ids();
// Initialize all these "standard" fields to null
$comment_author_email = $comment_author_email_label = // v
$comment_author = $comment_author_label = // v
$comment_author_url = $comment_author_url_label = // v
$comment_content = $comment_content_label = null;
// For each of the "standard" fields, grab their field label and value.
if ( isset( $field_ids['name'] ) ) {
$field = $this->fields[ $field_ids['name'] ];
$comment_author = Grunion_Contact_Form_Plugin::strip_tags(
stripslashes(
/** This filter is already documented in core/wp-includes/comment-functions.php */
apply_filters( 'pre_comment_author_name', addslashes( $field->value ) )
)
);
$comment_author_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
}
if ( isset( $field_ids['email'] ) ) {
$field = $this->fields[ $field_ids['email'] ];
$comment_author_email = Grunion_Contact_Form_Plugin::strip_tags(
stripslashes(
/** This filter is already documented in core/wp-includes/comment-functions.php */
apply_filters( 'pre_comment_author_email', addslashes( $field->value ) )
)
);
$comment_author_email_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
}
if ( isset( $field_ids['url'] ) ) {
$field = $this->fields[ $field_ids['url'] ];
$comment_author_url = Grunion_Contact_Form_Plugin::strip_tags(
stripslashes(
/** This filter is already documented in core/wp-includes/comment-functions.php */
apply_filters( 'pre_comment_author_url', addslashes( $field->value ) )
)
);
if ( 'http://' == $comment_author_url ) {
$comment_author_url = '';
}
$comment_author_url_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
}
if ( isset( $field_ids['textarea'] ) ) {
$field = $this->fields[ $field_ids['textarea'] ];
$comment_content = trim( Grunion_Contact_Form_Plugin::strip_tags( $field->value ) );
$comment_content_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
}
if ( isset( $field_ids['subject'] ) ) {
$field = $this->fields[ $field_ids['subject'] ];
if ( $field->value ) {
$contact_form_subject = Grunion_Contact_Form_Plugin::strip_tags( $field->value );
}
}
$all_values = $extra_values = array();
$i = 1; // Prefix counter for stored metadata
// For all fields, grab label and value
foreach ( $field_ids['all'] as $field_id ) {
$field = $this->fields[ $field_id ];
$label = $i . '_' . $field->get_attribute( 'label' );
$value = $field->value;
$all_values[ $label ] = $value;
$i++; // Increment prefix counter for the next field
}
// For the "non-standard" fields, grab label and value
// Extra fields have their prefix starting from count( $all_values ) + 1
foreach ( $field_ids['extra'] as $field_id ) {
$field = $this->fields[ $field_id ];
$label = $i . '_' . $field->get_attribute( 'label' );
$value = $field->value;
if ( is_array( $value ) ) {
$value = implode( ', ', $value );
}
$extra_values[ $label ] = $value;
$i++; // Increment prefix counter for the next extra field
}
$contact_form_subject = trim( $contact_form_subject );
$comment_author_IP = Grunion_Contact_Form_Plugin::get_ip_address();
$vars = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP' );
foreach ( $vars as $var ) {
$$var = str_replace( array( "\n", "\r" ), '', $$var );
}
// Ensure that Akismet gets all of the relevant information from the contact form,
// not just the textarea field and predetermined subject.
$akismet_vars = compact( $vars );
$akismet_vars['comment_content'] = $comment_content;
foreach ( array_merge( $field_ids['all'], $field_ids['extra'] ) as $field_id ) {
$field = $this->fields[ $field_id ];
// Skip any fields that are just a choice from a pre-defined list. They wouldn't have any value
// from a spam-filtering point of view.
if ( in_array( $field->get_attribute( 'type' ), array( 'select', 'checkbox', 'checkbox-multiple', 'radio' ) ) ) {
continue;
}
// Normalize the label into a slug.
$field_slug = trim( // Strip all leading/trailing dashes.
preg_replace( // Normalize everything to a-z0-9_-
'/[^a-z0-9_]+/',
'-',
strtolower( $field->get_attribute( 'label' ) ) // Lowercase
),
'-'
);
$field_value = ( is_array( $field->value ) ) ? trim( implode( ', ', $field->value ) ) : trim( $field->value );
// Skip any values that are already in the array we're sending.
if ( $field_value && in_array( $field_value, $akismet_vars ) ) {
continue;
}
$akismet_vars[ 'contact_form_field_' . $field_slug ] = $field_value;
}
$spam = '';
$akismet_values = $plugin->prepare_for_akismet( $akismet_vars );
// Is it spam?
/** This filter is already documented in modules/contact-form/admin.php */
$is_spam = apply_filters( 'jetpack_contact_form_is_spam', false, $akismet_values );
if ( is_wp_error( $is_spam ) ) { // WP_Error to abort
return $is_spam; // abort
} elseif ( $is_spam === true ) { // TRUE to flag a spam
$spam = '***SPAM*** ';
}
if ( ! $comment_author ) {
$comment_author = $comment_author_email;
}
/**
* Filter the email where a submitted feedback is sent.
*
* @module contact-form
*
* @since 1.3.1
*
* @param string|array $to Array of valid email addresses, or single email address.
*/
$to = (array) apply_filters( 'contact_form_to', $to );
$reply_to_addr = $to[0]; // get just the address part before the name part is added
foreach ( $to as $to_key => $to_value ) {
$to[ $to_key ] = Grunion_Contact_Form_Plugin::strip_tags( $to_value );
$to[ $to_key ] = self::add_name_to_address( $to_value );
}
$blog_url = parse_url( site_url() );
$from_email_addr = 'wordpress@' . $blog_url['host'];
if ( ! empty( $comment_author_email ) ) {
$reply_to_addr = $comment_author_email;
}
$headers = 'From: "' . $comment_author . '" <' . $from_email_addr . ">\r\n" .
'Reply-To: "' . $comment_author . '" <' . $reply_to_addr . ">\r\n";
// Build feedback reference
$feedback_time = current_time( 'mysql' );
$feedback_title = "{$comment_author} - {$feedback_time}";
$feedback_id = md5( $feedback_title );
$all_values = array_merge(
$all_values, array(
'entry_title' => the_title_attribute( 'echo=0' ),
'entry_permalink' => esc_url( get_permalink( get_the_ID() ) ),
'feedback_id' => $feedback_id,
)
);
/** This filter is already documented in modules/contact-form/admin.php */
$subject = apply_filters( 'contact_form_subject', $contact_form_subject, $all_values );
$url = $widget ? home_url( '/' ) : get_permalink( $post->ID );
$date_time_format = _x( '%1$s \a\t %2$s', '{$date_format} \a\t {$time_format}', 'jetpack' );
$date_time_format = sprintf( $date_time_format, get_option( 'date_format' ), get_option( 'time_format' ) );
$time = date_i18n( $date_time_format, current_time( 'timestamp' ) );
// keep a copy of the feedback as a custom post type
$feedback_status = $is_spam === true ? 'spam' : 'publish';
foreach ( (array) $akismet_values as $av_key => $av_value ) {
$akismet_values[ $av_key ] = Grunion_Contact_Form_Plugin::strip_tags( $av_value );
}
foreach ( (array) $all_values as $all_key => $all_value ) {
$all_values[ $all_key ] = Grunion_Contact_Form_Plugin::strip_tags( $all_value );
}
foreach ( (array) $extra_values as $ev_key => $ev_value ) {
$extra_values[ $ev_key ] = Grunion_Contact_Form_Plugin::strip_tags( $ev_value );
}
/*
We need to make sure that the post author is always zero for contact
* form submissions. This prevents export/import from trying to create
* new users based on form submissions from people who were logged in
* at the time.
*
* Unfortunately wp_insert_post() tries very hard to make sure the post
* author gets the currently logged in user id. That is how we ended up
* with this work around. */
add_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10, 2 );
$post_id = wp_insert_post(
array(
'post_date' => addslashes( $feedback_time ),
'post_type' => 'feedback',
'post_status' => addslashes( $feedback_status ),
'post_parent' => (int) $post->ID,
'post_title' => addslashes( wp_kses( $feedback_title, array() ) ),
'post_content' => addslashes( wp_kses( $comment_content . "\n\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$subject}\nIP: {$comment_author_IP}\n" . @print_r( $all_values, true ), array() ) ), // so that search will pick up this data
'post_name' => $feedback_id,
)
);
// once insert has finished we don't need this filter any more
remove_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10 );
update_post_meta( $post_id, '_feedback_extra_fields', $this->addslashes_deep( $extra_values ) );
if ( 'publish' == $feedback_status ) {
// Increase count of unread feedback.
$unread = get_option( 'feedback_unread_count', 0 ) + 1;
update_option( 'feedback_unread_count', $unread );
}
if ( defined( 'AKISMET_VERSION' ) ) {
update_post_meta( $post_id, '_feedback_akismet_values', $this->addslashes_deep( $akismet_values ) );
}
$message = self::get_compiled_form( $post_id, $this );
array_push(
$message,
' ',
'',
__( 'Time:', 'jetpack' ) . ' ' . $time . ' ',
__( 'IP Address:', 'jetpack' ) . ' ' . $comment_author_IP . ' ',
__( 'Contact Form URL:', 'jetpack' ) . ' ' . $url . ' '
);
if ( is_user_logged_in() ) {
array_push(
$message,
sprintf(
'
' . __( 'Sent by a verified %s user.', 'jetpack' ) . '
' . __( 'Sent by an unverified visitor to your site.', 'jetpack' ) . '
' );
}
$message = join( $message, '' );
/**
* Filters the message sent via email after a successful form submission.
*
* @module contact-form
*
* @since 1.3.1
*
* @param string $message Feedback email message.
*/
$message = apply_filters( 'contact_form_message', $message );
// This is called after `contact_form_message`, in order to preserve back-compat
$message = self::wrap_message_in_html_tags( $message );
update_post_meta( $post_id, '_feedback_email', $this->addslashes_deep( compact( 'to', 'message' ) ) );
/**
* Fires right before the contact form message is sent via email to
* the recipient specified in the contact form.
*
* @module contact-form
*
* @since 1.3.1
*
* @param integer $post_id Post contact form lives on
* @param array $all_values Contact form fields
* @param array $extra_values Contact form fields not included in $all_values
*/
do_action( 'grunion_pre_message_sent', $post_id, $all_values, $extra_values );
// schedule deletes of old spam feedbacks
if ( ! wp_next_scheduled( 'grunion_scheduled_delete' ) ) {
wp_schedule_event( time() + 250, 'daily', 'grunion_scheduled_delete' );
}
if (
$is_spam !== true &&
/**
* Filter to choose whether an email should be sent after each successful contact form submission.
*
* @module contact-form
*
* @since 2.6.0
*
* @param bool true Should an email be sent after a form submission. Default to true.
* @param int $post_id Post ID.
*/
true === apply_filters( 'grunion_should_send_email', true, $post_id )
) {
self::wp_mail( $to, "{$spam}{$subject}", $message, $headers );
} elseif (
true === $is_spam &&
/**
* Choose whether an email should be sent for each spam contact form submission.
*
* @module contact-form
*
* @since 1.3.1
*
* @param bool false Should an email be sent after a spam form submission. Default to false.
*/
apply_filters( 'grunion_still_email_spam', false ) == true
) { // don't send spam by default. Filterable.
self::wp_mail( $to, "{$spam}{$subject}", $message, $headers );
}
/**
* Fires an action hook right after the email(s) have been sent.
*
* @module contact-form
*
* @since 7.3.0
*
* @param int $post_id Post contact form lives on.
* @param string|array $to Array of valid email addresses, or single email address.
* @param string $subject Feedback email subject.
* @param string $message Feedback email message.
* @param string|array $headers Optional. Additional headers.
* @param array $all_values Contact form fields.
* @param array $extra_values Contact form fields not included in $all_values
*/
do_action( 'grunion_after_message_sent', $post_id, $to, $subject, $message, $headers, $all_values, $extra_values );
if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
return self::success_message( $post_id, $this );
}
$redirect = wp_get_referer();
if ( ! $redirect ) { // wp_get_referer() returns false if the referer is the same as the current page
$redirect = $_SERVER['REQUEST_URI'];
}
$redirect = add_query_arg(
urlencode_deep(
array(
'contact-form-id' => $id,
'contact-form-sent' => $post_id,
'contact-form-hash' => $this->hash,
'_wpnonce' => wp_create_nonce( "contact-form-sent-{$post_id}" ), // wp_nonce_url HTMLencodes :(
)
), $redirect
);
/**
* Filter the URL where the reader is redirected after submitting a form.
*
* @module contact-form
*
* @since 1.9.0
*
* @param string $redirect Post submission URL.
* @param int $id Contact Form ID.
* @param int $post_id Post ID.
*/
$redirect = apply_filters( 'grunion_contact_form_redirect_url', $redirect, $id, $post_id );
wp_safe_redirect( $redirect );
exit;
}
/**
* Wrapper for wp_mail() that enables HTML messages with text alternatives
*
* @param string|array $to Array or comma-separated list of email addresses to send message.
* @param string $subject Email subject.
* @param string $message Message contents.
* @param string|array $headers Optional. Additional headers.
* @param string|array $attachments Optional. Files to attach.
*
* @return bool Whether the email contents were sent successfully.
*/
public static function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() ) {
add_filter( 'wp_mail_content_type', __CLASS__ . '::get_mail_content_type' );
add_action( 'phpmailer_init', __CLASS__ . '::add_plain_text_alternative' );
$result = wp_mail( $to, $subject, $message, $headers, $attachments );
remove_filter( 'wp_mail_content_type', __CLASS__ . '::get_mail_content_type' );
remove_action( 'phpmailer_init', __CLASS__ . '::add_plain_text_alternative' );
return $result;
}
/**
* Add a display name part to an email address
*
* SpamAssassin doesn't like addresses in HTML messages that are missing display names (e.g., `foo@bar.org`
* instead of `"Foo Bar" `.
*
* @param string $address
*
* @return string
*/
function add_name_to_address( $address ) {
// If it's just the address, without a display name
if ( is_email( $address ) ) {
$address_parts = explode( '@', $address );
$address = sprintf( '"%s" <%s>', $address_parts[0], $address );
}
return $address;
}
/**
* Get the content type that should be assigned to outbound emails
*
* @return string
*/
static function get_mail_content_type() {
return 'text/html';
}
/**
* Wrap a message body with the appropriate in HTML tags
*
* This helps to ensure correct parsing by clients, and also helps avoid triggering spam filtering rules
*
* @param string $body
*
* @return string
*/
static function wrap_message_in_html_tags( $body ) {
// Don't do anything if the message was already wrapped in HTML tags
// That could have be done by a plugin via filters
if ( false !== strpos( $body, '
%s
'
),
$body
);
return $html_message;
}
/**
* Add a plain-text alternative part to an outbound email
*
* This makes the message more accessible to mail clients that aren't HTML-aware, and decreases the likelihood
* that the message will be flagged as spam.
*
* @param PHPMailer $phpmailer
*/
static function add_plain_text_alternative( $phpmailer ) {
// Add an extra break so that the extra space above the
is preserved after the
is stripped out
$alt_body = str_replace( '
', '
', $phpmailer->Body );
// Convert to \n breaks, to preserve the space between lines that we want to keep
$alt_body = str_replace( array( ' ', ' ' ), "\n", $alt_body );
// Convert
to an plain-text equivalent, to preserve the integrity of the message
$alt_body = str_replace( array( '', '' ), "----\n", $alt_body );
// Trim the plain text message to remove the \n breaks that were after , , and
$phpmailer->AltBody = trim( strip_tags( $alt_body ) );
}
function addslashes_deep( $value ) {
if ( is_array( $value ) ) {
return array_map( array( $this, 'addslashes_deep' ), $value );
} elseif ( is_object( $value ) ) {
$vars = get_object_vars( $value );
foreach ( $vars as $key => $data ) {
$value->{$key} = $this->addslashes_deep( $data );
}
return $value;
}
return addslashes( $value );
}
}
/**
* Class for the contact-field shortcode.
* Parses shortcode to output the contact form field as HTML.
* Validates input.
*/
class Grunion_Contact_Form_Field extends Crunion_Contact_Form_Shortcode {
public $shortcode_name = 'contact-field';
/**
* @var Grunion_Contact_Form parent form
*/
public $form;
/**
* @var string default or POSTed value
*/
public $value;
/**
* @var bool Is the input invalid?
*/
public $error = false;
/**
* @param array $attributes An associative array of shortcode attributes. @see shortcode_atts()
* @param null|string $content Null for selfclosing shortcodes. The inner content otherwise.
* @param Grunion_Contact_Form $form The parent form
*/
function __construct( $attributes, $content = null, $form = null ) {
$attributes = shortcode_atts(
array(
'label' => null,
'type' => 'text',
'required' => false,
'options' => array(),
'id' => null,
'default' => null,
'values' => null,
'placeholder' => null,
'class' => null,
), $attributes, 'contact-field'
);
// special default for subject field
if ( 'subject' == $attributes['type'] && is_null( $attributes['default'] ) && ! is_null( $form ) ) {
$attributes['default'] = $form->get_attribute( 'subject' );
}
// allow required=1 or required=true
if ( '1' == $attributes['required'] || 'true' == strtolower( $attributes['required'] ) ) {
$attributes['required'] = true;
} else {
$attributes['required'] = false;
}
// parse out comma-separated options list (for selects, radios, and checkbox-multiples)
if ( ! empty( $attributes['options'] ) && is_string( $attributes['options'] ) ) {
$attributes['options'] = array_map( 'trim', explode( ',', $attributes['options'] ) );
if ( ! empty( $attributes['values'] ) && is_string( $attributes['values'] ) ) {
$attributes['values'] = array_map( 'trim', explode( ',', $attributes['values'] ) );
}
}
if ( $form ) {
// make a unique field ID based on the label, with an incrementing number if needed to avoid clashes
$form_id = $form->get_attribute( 'id' );
$id = isset( $attributes['id'] ) ? $attributes['id'] : false;
$unescaped_label = $this->unesc_attr( $attributes['label'] );
$unescaped_label = str_replace( '%', '-', $unescaped_label ); // jQuery doesn't like % in IDs?
$unescaped_label = preg_replace( '/[^a-zA-Z0-9.-_:]/', '', $unescaped_label );
if ( empty( $id ) ) {
$id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label );
$i = 0;
$max_tries = 99;
while ( isset( $form->fields[ $id ] ) ) {
$i++;
$id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label . '-' . $i );
if ( $i > $max_tries ) {
break;
}
}
}
$attributes['id'] = $id;
}
parent::__construct( $attributes, $content );
// Store parent form
$this->form = $form;
}
/**
* This field's input is invalid. Flag as invalid and add an error to the parent form
*
* @param string $message The error message to display on the form.
*/
function add_error( $message ) {
$this->is_error = true;
if ( ! is_wp_error( $this->form->errors ) ) {
$this->form->errors = new WP_Error;
}
$this->form->errors->add( $this->get_attribute( 'id' ), $message );
}
/**
* Is the field input invalid?
*
* @see $error
*
* @return bool
*/
function is_error() {
return $this->error;
}
/**
* Validates the form input
*/
function validate() {
// If it's not required, there's nothing to validate
if ( ! $this->get_attribute( 'required' ) ) {
return;
}
$field_id = $this->get_attribute( 'id' );
$field_type = $this->get_attribute( 'type' );
$field_label = $this->get_attribute( 'label' );
if ( isset( $_POST[ $field_id ] ) ) {
if ( is_array( $_POST[ $field_id ] ) ) {
$field_value = array_map( 'stripslashes', $_POST[ $field_id ] );
} else {
$field_value = stripslashes( $_POST[ $field_id ] );
}
} else {
$field_value = '';
}
switch ( $field_type ) {
case 'email':
// Make sure the email address is valid
if ( ! is_email( $field_value ) ) {
/* translators: %s is the name of a form field */
$this->add_error( sprintf( __( '%s requires a valid email address', 'jetpack' ), $field_label ) );
}
break;
case 'checkbox-multiple':
// Check that there is at least one option selected
if ( empty( $field_value ) ) {
/* translators: %s is the name of a form field */
$this->add_error( sprintf( __( '%s requires at least one selection', 'jetpack' ), $field_label ) );
}
break;
default:
// Just check for presence of any text
if ( ! strlen( trim( $field_value ) ) ) {
/* translators: %s is the name of a form field */
$this->add_error( sprintf( __( '%s is required', 'jetpack' ), $field_label ) );
}
}
}
/**
* Check the default value for options field
*
* @param string value
* @param int index
* @param string default value
*
* @return string
*/
public function get_option_value( $value, $index, $options ) {
if ( empty( $value[ $index ] ) ) {
return $options;
}
return $value[ $index ];
}
/**
* Outputs the HTML for this form field
*
* @return string HTML
*/
function render() {
global $current_user, $user_identity;
$field_id = $this->get_attribute( 'id' );
$field_type = $this->get_attribute( 'type' );
$field_label = $this->get_attribute( 'label' );
$field_required = $this->get_attribute( 'required' );
$field_placeholder = $this->get_attribute( 'placeholder' );
$class = 'date' === $field_type ? 'jp-contact-form-date' : $this->get_attribute( 'class' );
/**
* Filters the "class" attribute of the contact form input
*
* @module contact-form
*
* @since 6.6.0
*
* @param string $class Additional CSS classes for input class attribute.
*/
$field_class = apply_filters( 'jetpack_contact_form_input_class', $class );
if ( isset( $_POST[ $field_id ] ) ) {
if ( is_array( $_POST[ $field_id ] ) ) {
$this->value = array_map( 'stripslashes', $_POST[ $field_id ] );
} else {
$this->value = stripslashes( (string) $_POST[ $field_id ] );
}
} elseif ( isset( $_GET[ $field_id ] ) ) {
$this->value = stripslashes( (string) $_GET[ $field_id ] );
} elseif (
is_user_logged_in() &&
( ( defined( 'IS_WPCOM' ) && IS_WPCOM ) ||
/**
* Allow third-party tools to prefill the contact form with the user's details when they're logged in.
*
* @module contact-form
*
* @since 3.2.0
*
* @param bool false Should the Contact Form be prefilled with your details when you're logged in. Default to false.
*/
true === apply_filters( 'jetpack_auto_fill_logged_in_user', false )
)
) {
// Special defaults for logged-in users
switch ( $this->get_attribute( 'type' ) ) {
case 'email':
$this->value = $current_user->data->user_email;
break;
case 'name':
$this->value = $user_identity;
break;
case 'url':
$this->value = $current_user->data->user_url;
break;
default:
$this->value = $this->get_attribute( 'default' );
}
} else {
$this->value = $this->get_attribute( 'default' );
}
$field_value = Grunion_Contact_Form_Plugin::strip_tags( $this->value );
$field_label = Grunion_Contact_Form_Plugin::strip_tags( $field_label );
$rendered_field = $this->render_field( $field_type, $field_id, $field_label, $field_value, $field_class, $field_placeholder, $field_required );
/**
* Filter the HTML of the Contact Form.
*
* @module contact-form
*
* @since 2.6.0
*
* @param string $rendered_field Contact Form HTML output.
* @param string $field_label Field label.
* @param int|null $id Post ID.
*/
return apply_filters( 'grunion_contact_form_field_html', $rendered_field, $field_label, ( in_the_loop() ? get_the_ID() : null ) );
}
function render_label( $type = '', $id, $label, $required, $required_field_text ) {
$type_class = $type ? ' ' .$type : '';
return
"\n";
}
function render_input_field( $type, $id, $value, $class, $placeholder, $required ) {
return "\n";
}
function render_email_field( $id, $label, $value, $class, $required, $required_field_text, $placeholder ) {
$field = $this->render_label( 'email', $id, $label, $required, $required_field_text );
$field .= $this->render_input_field( 'email', $id, $value, $class, $placeholder, $required );
return $field;
}
function render_telephone_field( $id, $label, $value, $class, $required, $required_field_text, $placeholder ) {
$field = $this->render_label( 'telephone', $id, $label, $required, $required_field_text );
$field .= $this->render_input_field( 'tel', $id, $value, $class, $placeholder, $required );
return $field;
}
function render_url_field( $id, $label, $value, $class, $required, $required_field_text, $placeholder ) {
$field = $this->render_label( 'url', $id, $label, $required, $required_field_text );
$field .= $this->render_input_field( 'url', $id, $value, $class, $placeholder, $required );
return $field;
}
function render_textarea_field( $id, $label, $value, $class, $required, $required_field_text, $placeholder ) {
$field = $this->render_label( 'textarea', 'contact-form-comment-' . $id, $label, $required, $required_field_text );
$field .= "\n";
return $field;
}
function render_radio_field( $id, $label, $value, $class, $required, $required_field_text ) {
$field = $this->render_label( '', $id, $label, $required, $required_field_text );
foreach ( (array) $this->get_attribute( 'options' ) as $optionIndex => $option ) {
$option = Grunion_Contact_Form_Plugin::strip_tags( $option );
if ( $option ) {
$field .= "\t\t\n";
$field .= "\t\t\n";
}
}
return $field;
}
function render_checkbox_field( $id, $label, $value, $class, $required, $required_field_text ) {
$field = "\n";
$field .= "\n";
return $field;
}
function render_checkbox_multiple_field( $id, $label, $value, $class, $required, $required_field_text ) {
$field = $this->render_label( '', $id, $label, $required, $required_field_text );
foreach ( (array) $this->get_attribute( 'options' ) as $optionIndex => $option ) {
$option = Grunion_Contact_Form_Plugin::strip_tags( $option );
if ( $option ) {
$field .= "\t\t\n";
$field .= "\t\t\n";
}
}
return $field;
}
function render_select_field( $id, $label, $value, $class, $required, $required_field_text ) {
$field = $this->render_label( 'select', $id, $label, $required, $required_field_text );
$field .= "\t\n";
return $field;
}
function render_date_field( $id, $label, $value, $class, $required, $required_field_text, $placeholder ) {
$field = $this->render_label( 'date', $id, $label, $required, $required_field_text );
$field .= $this->render_input_field( 'text', $id, $value, $class, $placeholder, $required );
/* For AMP requests, use amp-date-picker element: https://amp.dev/documentation/components/amp-date-picker */
if ( class_exists( 'Jetpack_AMP_Support' ) && Jetpack_AMP_Support::is_amp_request() ) {
return sprintf(
'<%1$s mode="overlay" layout="container" type="single" input-selector="[name=%2$s]">%3$s',
'amp-date-picker',
esc_attr( $id ),
$field
);
}
wp_enqueue_script(
'grunion-frontend',
Assets::get_file_url_for_environment(
'_inc/build/contact-form/js/grunion-frontend.min.js',
'modules/contact-form/js/grunion-frontend.js'
),
array( 'jquery', 'jquery-ui-datepicker' )
);
wp_enqueue_style( 'jp-jquery-ui-datepicker', plugins_url( 'css/jquery-ui-datepicker.css', __FILE__ ), array( 'dashicons' ), '1.0' );
// Using Core's built-in datepicker localization routine
wp_localize_jquery_ui_datepicker();
return $field;
}
function render_default_field( $id, $label, $value, $class, $required, $required_field_text, $placeholder, $type ) {
$field = $this->render_label( $type, $id, $label, $required, $required_field_text );
$field .= $this->render_input_field( 'text', $id, $value, $class, $placeholder, $required );
return $field;
}
function render_field( $type, $id, $label, $value, $class, $placeholder, $required ) {
$field_placeholder = ( ! empty( $placeholder ) ) ? "placeholder='" . esc_attr( $placeholder ) . "'" : '';
$field_class = "class='" . trim( esc_attr( $type ) . ' ' . esc_attr( $class ) ) . "' ";
$wrap_classes = empty( $class ) ? '' : implode( '-wrap ', array_filter( explode( ' ', $class ) ) ) . '-wrap'; // this adds
$shell_field_class = "class='grunion-field-wrap grunion-field-" . trim( esc_attr( $type ) . '-wrap ' . esc_attr( $wrap_classes ) ) . "' ";
/**
/**
* Filter the Contact Form required field text
*
* @module contact-form
*
* @since 3.8.0
*
* @param string $var Required field text. Default is "(required)".
*/
$required_field_text = esc_html( apply_filters( 'jetpack_required_field_text', __( '(required)', 'jetpack' ) ) );
$field = "\n
\n"; // new in Jetpack 6.8.0
// If they are logged in, and this is their site, don't pre-populate fields
if ( current_user_can( 'manage_options' ) ) {
$value = '';
}
switch ( $type ) {
case 'email':
$field .= $this->render_email_field( $id, $label, $value, $field_class, $required, $required_field_text, $field_placeholder );
break;
case 'telephone':
$field .= $this->render_telephone_field( $id, $label, $value, $field_class, $required, $required_field_text, $field_placeholder );
break;
case 'url':
$field .= $this->render_url_field( $id, $label, $value, $field_class, $required, $required_field_text, $field_placeholder );
break;
case 'textarea':
$field .= $this->render_textarea_field( $id, $label, $value, $field_class, $required, $required_field_text, $field_placeholder );
break;
case 'radio':
$field .= $this->render_radio_field( $id, $label, $value, $field_class, $required, $required_field_text, $field_placeholder );
break;
case 'checkbox':
$field .= $this->render_checkbox_field( $id, $label, $value, $field_class, $required, $required_field_text );
break;
case 'checkbox-multiple':
$field .= $this->render_checkbox_multiple_field( $id, $label, $value, $field_class, $required, $required_field_text );
break;
case 'select':
$field .= $this->render_select_field( $id, $label, $value, $field_class, $required, $required_field_text );
break;
case 'date':
$field .= $this->render_date_field( $id, $label, $value, $field_class, $required, $required_field_text, $field_placeholder );
break;
default: // text field
$field .= $this->render_default_field( $id, $label, $value, $field_class, $required, $required_field_text, $field_placeholder, $type );
break;
}
$field .= "\t
\n";
return $field;
}
}
add_action( 'init', array( 'Grunion_Contact_Form_Plugin', 'init' ), 9 );
add_action( 'grunion_scheduled_delete', 'grunion_delete_old_spam' );
/**
* Deletes old spam feedbacks to keep the posts table size under control
*/
function grunion_delete_old_spam() {
global $wpdb;
$grunion_delete_limit = 100;
$now_gmt = current_time( 'mysql', 1 );
$sql = $wpdb->prepare(
"
SELECT `ID`
FROM $wpdb->posts
WHERE DATE_SUB( %s, INTERVAL 15 DAY ) > `post_date_gmt`
AND `post_type` = 'feedback'
AND `post_status` = 'spam'
LIMIT %d
", $now_gmt, $grunion_delete_limit
);
$post_ids = $wpdb->get_col( $sql );
foreach ( (array) $post_ids as $post_id ) {
// force a full delete, skip the trash
wp_delete_post( $post_id, true );
}
if (
/**
* Filter if the module run OPTIMIZE TABLE on the core WP tables.
*
* @module contact-form
*
* @since 1.3.1
* @since 6.4.0 Set to false by default.
*
* @param bool $filter Should Jetpack optimize the table, defaults to false.
*/
apply_filters( 'grunion_optimize_table', false )
) {
$wpdb->query( "OPTIMIZE TABLE $wpdb->posts" );
}
// if we hit the max then schedule another run
if ( count( $post_ids ) >= $grunion_delete_limit ) {
wp_schedule_single_event( time() + 700, 'grunion_scheduled_delete' );
}
}