. */ namespace Fisharebest\Webtrees; use Fisharebest\Webtrees\Controller\PageController; /** @global Tree $WT_TREE */ global $WT_TREE; require 'includes/session.php'; $controller = new PageController; $controller->setPageTitle(I18N::translate('webtrees message')); // Send the message. if ($_SERVER['REQUEST_METHOD'] === 'POST') { $to = Filter::post('to', null, ''); $from_name = Filter::post('from_name', null, ''); $from_email = Filter::post('from_email'); $subject = Filter::post('subject', null, ''); $body = Filter::post('body', null, ''); $url = Filter::postUrl('url', 'index.php'); // Only an administration can use the distribution lists. $controller->restrictAccess(!in_array($to, ['all', 'never_logged', 'last_6mo']) || Auth::isAdmin()); $recipients = recipients($to); // Different validation for admin/user/visitor. $errors = !Filter::checkCsrf(); if (Auth::check()) { $from_name = Auth::user()->getRealName(); $from_email = Auth::user()->getEmail(); } elseif ($from_name === '' || $from_email === '') { $errors = true; } elseif (!preg_match('/@(.+)/', $from_email, $match) || function_exists('checkdnsrr') && !checkdnsrr($match[1])) { FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger'); $errors = true; } elseif (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) { FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */ I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger'); $errors = true; } elseif (empty($recipients)) { $errors = true; } if ($errors) { // Errors? Go back to the form. header( 'Location: message.php' . '?to=' . Filter::escapeUrl($to) . '&from_name=' . Filter::escapeUrl($from_name) . '&from_email=' . Filter::escapeUrl($from_email) . '&subject=' . Filter::escapeUrl($subject) . '&body=' . Filter::escapeUrl($body) . '&url=' . Filter::escapeUrl($url) ); } else { // No errors. Send the message. foreach ($recipients as $recipient) { if (deliverMessage($WT_TREE, $from_email, $from_name, $recipient, $subject, $body, $url)) { FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', Html::escape($to)), 'info'); } else { FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger'); Log::addErrorLog('Unable to send a message. FROM:' . $from_email . ' TO:' . $recipient->getEmail()); } } header('Location: ' . $url); } return; } $to = Filter::get('to', null, ''); $from_name = Filter::get('from_name', null, ''); $from_email = Filter::get('from_email', ''); $subject = Filter::get('subject', null, ''); $body = Filter::get('body', null, ''); $url = Filter::getUrl('url', 'index.php'); // Only an administration can use the distribution lists. $controller->restrictAccess(!in_array($to, ['all', 'never_logged', 'last_6mo']) || Auth::isAdmin()); $controller->pageHeader(); $to_names = implode(I18N::$list_separator, array_map(function(User $user) { return $user->getRealName(); }, recipients($to))); ?>