setPageTitle(WT_I18N::translate('webtrees Message')); $to_user_id=get_user_id($to); // This should never happen? All links to this page contain valid recipients.... if (!$to_user_id || ($to=='all' || $to=='last_6mo' || $to=='never_logged') && !WT_USER_IS_ADMIN) { // TODO, what if we have a user called "all" or "last_6mo" or "never_logged" ??? Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger')->addMessage(WT_I18N::translate('Message was not sent')); $controller->pageHeader(); $controller->addInlineJavaScript('window.opener.location.reload(); window.close();'); exit; } $errors=''; // Is this message from a member or a visitor? if (WT_USER_ID) { $from=WT_USER_NAME; } else { $from_email=isset($_REQUEST['from_email']) ? $_REQUEST['from_email'] : ''; $from_name =isset($_REQUEST['from_name' ]) ? $_REQUEST['from_name' ] : ''; // Visitors must provide a valid email address if ($from_email && (!preg_match("/(.+)@(.+)/", $from_email, $match) || function_exists('checkdnsrr') && checkdnsrr($match[2])===false)) { $errors.='
'.WT_I18N::translate('Please enter a valid email address.').'
'; $action='compose'; } // Do not allow anonymous visitors to include links to external sites if (preg_match('/(?!'.preg_quote(WT_SERVER_NAME, '/').')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject.$body, $match)) { $errors.= ''.WT_I18N::translate('You are not allowed to send messages that contain external links.').'
'. ''./* I18N: e.g. "You should delete the “http://” from “http://www.example.com” and try again." */ WT_I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]).'
'. AddToLog('Possible spam message from "'.$from_name.'"/"'.$from_email.'", IP="'.$_SERVER['REMOTE_ADDR'].'", subject="'.$subject.'", body="'.$body.'"', 'auth'); $action='compose'; } } // Ensure the user always visits this page twice - once to compose it and again to send it. // This makes it harder for spammers. // We must write all session variables *before* we display the page header. switch ($action) { case 'compose': $WT_SESSION->good_to_send=true; break; case 'send': // Only send messages if we've come straight from the compose page. if ($WT_SESSION->good_to_send) { unset($WT_SESSION->good_to_send); } else { AddToLog('Attempt to send message without visiting the compose page. Spam attack?', 'auth'); $action='compose'; } break; default: unset($WT_SESSION->good_to_send); break; } switch ($action) { case 'compose': $controller ->pageHeader() ->addInlineJavaScript(' function validateEmail(email) { if (email.value.search("(.*)@(.*)")==-1) { alert("'.WT_I18N::translate('Please enter a valid email address.').'"); email.focus(); return false; } return checkForm(document.messageform); } function checkForm(frm) { if (frm.subject.value=="") { alert("'.WT_I18N::translate('Please enter a message subject.').'"); document.messageform.subject.focus(); return false; } if (frm.body.value=="") { alert("'.WT_I18N::translate('Please enter some message text before sending.').'"); document.messageform.body.focus(); return false; } return true; } '); echo '', WT_I18N::translate('Send Message'), ''; echo $errors; if (!WT_USER_ID) { echo '