GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

<?php /** * Class representing contact form submission. */ class WPCF7_Submission { use WPCF7_PocketHolder; private static $instance; private $contact_form; private $status = 'init'; private $posted_data = array(); private $posted_data_hash = null; private $skip_spam_check = false; private $uploaded_files = array(); private $extra_attachments = array(); private $skip_mail = false; private $response = ''; private $invalid_fields = array(); private $meta = array(); private $consent = array(); private $spam_log = array(); private $result_props = array(); /** * Returns the singleton instance of this class. */ public static function get_instance( $contact_form = null, $options = '' ) { if ( $contact_form instanceof WPCF7_ContactForm ) { if ( empty( self::$instance ) ) { self::$instance = new self( $contact_form, $options ); self::$instance->proceed(); return self::$instance; } else { return null; } } else { if ( empty( self::$instance ) ) { return null; } else { return self::$instance; } } } /** * Returns true if this submission is created via WP REST API. */ public static function is_restful() { return wp_is_serving_rest_request(); } /** * Constructor. */ private function __construct( WPCF7_ContactForm $contact_form, $options = '' ) { $options = wp_parse_args( $options, array( 'skip_mail' => false, ) ); $this->contact_form = $contact_form; $this->skip_mail = (bool) $options['skip_mail']; } /** * Destructor. */ public function __destruct() { $this->remove_uploaded_files(); } /** * The main logic of submission. */ private function proceed() { $callback = function () { $contact_form = $this->contact_form; $this->setup_meta_data(); $this->setup_posted_data(); if ( $this->is( 'init' ) and ! $this->validate() ) { $this->set_status( 'validation_failed' ); $this->set_response( $contact_form->message( 'validation_error' ) ); } if ( $this->is( 'init' ) and ! $this->accepted() ) { $this->set_status( 'acceptance_missing' ); $this->set_response( $contact_form->message( 'accept_terms' ) ); } if ( $this->is( 'init' ) and $this->spam() ) { $this->set_status( 'spam' ); $this->set_response( $contact_form->message( 'spam' ) ); } if ( $this->is( 'init' ) and ! $this->unship_uploaded_files() ) { $this->set_status( 'validation_failed' ); $this->set_response( $contact_form->message( 'validation_error' ) ); } if ( $this->is( 'init' ) ) { $abort = ! $this->before_send_mail(); if ( $abort ) { if ( $this->is( 'init' ) ) { $this->set_status( 'aborted' ); } if ( '' === $this->get_response() ) { $this->set_response( $contact_form->filter_message( __( "Sending mail has been aborted.", 'contact-form-7' ) ) ); } } elseif ( $this->mail() ) { $this->set_status( 'mail_sent' ); $this->set_response( $contact_form->message( 'mail_sent_ok' ) ); do_action( 'wpcf7_mail_sent', $contact_form ); } else { $this->set_status( 'mail_failed' ); $this->set_response( $contact_form->message( 'mail_sent_ng' ) ); do_action( 'wpcf7_mail_failed', $contact_form ); } } }; wpcf7_switch_locale( $this->contact_form->locale(), $callback ); } /** * Returns the current status property. */ public function get_status() { return $this->status; } /** * Sets the status property. * * @param string $status The status. */ public function set_status( $status ) { if ( preg_match( '/^[a-z][0-9a-z_]+$/', $status ) ) { $this->status = $status; return true; } return false; } /** * Returns true if the specified status is identical to the current * status property. * * @param string $status The status to compare. */ public function is( $status ) { return $this->status === $status; } /** * Returns an associative array of submission result properties. * * @return array Submission result properties. */ public function get_result() { $result = array_merge( $this->result_props, array( 'status' => $this->get_status(), 'message' => $this->get_response(), ) ); if ( $this->is( 'validation_failed' ) ) { $result['invalid_fields'] = $this->get_invalid_fields(); } switch ( $this->get_status() ) { case 'init': case 'validation_failed': case 'acceptance_missing': case 'spam': $result['posted_data_hash'] = ''; break; default: $result['posted_data_hash'] = $this->get_posted_data_hash(); break; } $result = apply_filters( 'wpcf7_submission_result', $result, $this ); return $result; } /** * Adds items to the array of submission result properties. * * @param string|array|object $data Value to add to result properties. * @return array Added result properties. */ public function add_result_props( $data = '' ) { $data = wp_parse_args( $data, array() ); $this->result_props = array_merge( $this->result_props, $data ); return $data; } /** * Retrieves the response property. * * @return string The current response property value. */ public function get_response() { return $this->response; } /** * Sets the response property. * * @param string $response New response property value. */ public function set_response( $response ) { $this->response = $response; return true; } /** * Retrieves the contact form property. * * @return WPCF7_ContactForm A contact form object. */ public function get_contact_form() { return $this->contact_form; } /** * Search an invalid field by field name. * * @param string $name The field name. * @return array|bool An associative array of validation error * or false when no invalid field. */ public function get_invalid_field( $name ) { return $this->invalid_fields[$name] ?? false; } /** * Retrieves all invalid fields. * * @return array Invalid fields. */ public function get_invalid_fields() { return $this->invalid_fields; } /** * Retrieves meta information. * * @param string $name Name of the meta information. * @return string|null The meta information of the given name if it exists, * null otherwise. */ public function get_meta( $name ) { return $this->meta[$name] ?? null; } /** * Collects meta information about this submission. */ private function setup_meta_data() { $this->meta = array( 'timestamp' => time(), 'remote_ip' => $this->get_remote_ip_addr(), 'remote_port' => $_SERVER['REMOTE_PORT'] ?? '', 'user_agent' => substr( $_SERVER['HTTP_USER_AGENT'] ?? '', 0, 254 ), 'url' => $this->get_request_url(), 'unit_tag' => wpcf7_sanitize_unit_tag( $_POST['_wpcf7_unit_tag'] ?? '' ), 'container_post_id' => absint( $_POST['_wpcf7_container_post'] ?? 0 ), 'current_user_id' => get_current_user_id(), 'do_not_store' => $this->contact_form->is_true( 'do_not_store' ), ); return $this->meta; } /** * Retrieves user input data through this submission. * * @param string $name Optional field name. * @return string|array|null The user input of the field, or array of all * fields values if no field name specified. */ public function get_posted_data( $name = '' ) { if ( ! empty( $name ) ) { return $this->posted_data[$name] ?? null; } return $this->posted_data; } /** * Retrieves a user input string value through the specified field. * * @param string $name Field name. * @return string The user input. If the input is an array, * the first item in the array. */ public function get_posted_string( $name ) { $data = $this->get_posted_data( $name ); $data = wpcf7_array_flatten( $data ); if ( empty( $data ) ) { return ''; } // Returns the first array item. return trim( reset( $data ) ); } /** * Constructs posted data property based on user input values. */ private function setup_posted_data() { $posted_data = array_filter( (array) $_POST, static function ( $key ) { return ! str_starts_with( $key, '_' ); }, ARRAY_FILTER_USE_KEY ); $posted_data = wp_unslash( $posted_data ); $posted_data = $this->sanitize_posted_data( $posted_data ); $tags = $this->contact_form->scan_form_tags( array( 'feature' => array( 'name-attr', '! not-for-mail', ), ) ); $tags = array_reduce( $tags, static function ( $carry, $tag ) { if ( $tag->name and ! isset( $carry[$tag->name] ) ) { $carry[$tag->name] = $tag; } return $carry; }, array() ); foreach ( $tags as $tag ) { $value_orig = $value = $posted_data[$tag->name] ?? ''; if ( wpcf7_form_tag_supports( $tag->type, 'selectable-values' ) ) { $value = ( '' === $value ) ? array() : (array) $value; if ( WPCF7_USE_PIPE ) { $pipes = $this->contact_form->get_pipes( $tag->name ); $value = array_map( static function ( $value ) use ( $pipes ) { return $pipes->do_pipe( $value ); }, $value ); } } $value = apply_filters( "wpcf7_posted_data_{$tag->type}", $value, $value_orig, $tag ); $posted_data[$tag->name] = $value; if ( $tag->has_option( 'consent_for:storage' ) and empty( $value ) ) { $this->meta['do_not_store'] = true; } } $this->posted_data = apply_filters( 'wpcf7_posted_data', $posted_data ); $this->posted_data_hash = $this->create_posted_data_hash(); return $this->posted_data; } /** * Sanitizes user input data. */ private function sanitize_posted_data( $value ) { if ( is_array( $value ) ) { $value = array_map( array( $this, 'sanitize_posted_data' ), $value ); } elseif ( is_string( $value ) ) { $value = wp_check_invalid_utf8( $value ); $value = wp_kses_no_null( $value ); $value = wpcf7_strip_whitespaces( $value ); } return $value; } /** * Returns the time-dependent variable for hash creation. * * @return float Float value rounded up to the next highest integer. */ private function posted_data_hash_tick() { return ceil( time() / ( HOUR_IN_SECONDS / 2 ) ); } /** * Creates a hash string based on posted data, the remote IP address, * contact form location, and window of time. * * @param string $tick Optional. If not specified, result of * posted_data_hash_tick() will be used. * @return string The hash. */ private function create_posted_data_hash( $tick = '' ) { if ( '' === $tick ) { $tick = $this->posted_data_hash_tick(); } $hash = wp_hash( wpcf7_flat_join( array_merge( array( $tick, $this->get_meta( 'remote_ip' ), $this->get_meta( 'unit_tag' ), ), $this->posted_data ) ), 'wpcf7_submission' ); return $hash; } /** * Returns the hash string created for this submission. * * @return string The current hash for the submission. */ public function get_posted_data_hash() { return $this->posted_data_hash; } /** * Verifies that the given string is equivalent to the posted data hash. * * @param string $hash Optional. This value will be compared to the * current posted data hash for the submission. If not * specified, the value of $_POST['_wpcf7_posted_data_hash'] * will be used. * @return int|bool 1 if $hash is created 0-30 minutes ago, * 2 if $hash is created 30-60 minutes ago, * false if $hash is invalid. */ public function verify_posted_data_hash( $hash = '' ) { if ( '' === $hash and ! empty( $_POST['_wpcf7_posted_data_hash'] ) ) { $hash = trim( $_POST['_wpcf7_posted_data_hash'] ); } if ( '' === $hash ) { return false; } $tick = $this->posted_data_hash_tick(); // Hash created 0-30 minutes ago. $expected_1 = $this->create_posted_data_hash( $tick ); if ( hash_equals( $expected_1, $hash ) ) { return 1; } // Hash created 30-60 minutes ago. $expected_2 = $this->create_posted_data_hash( $tick - 1 ); if ( hash_equals( $expected_2, $hash ) ) { return 2; } return false; } /** * Retrieves the remote IP address of this submission. */ private function get_remote_ip_addr() { $ip_addr = ''; if ( isset( $_SERVER['REMOTE_ADDR'] ) and WP_Http::is_ip_address( $_SERVER['REMOTE_ADDR'] ) ) { $ip_addr = $_SERVER['REMOTE_ADDR']; } return apply_filters( 'wpcf7_remote_ip_addr', $ip_addr ); } /** * Retrieves the request URL of this submission. */ private function get_request_url() { $home_url = untrailingslashit( home_url() ); if ( self::is_restful() ) { $referer = trim( $_SERVER['HTTP_REFERER'] ?? '' ); if ( $referer and str_starts_with( $referer, $home_url ) ) { return sanitize_url( $referer ); } } $url = preg_replace( '%(?<!:|/)/.*$%', '', $home_url ) . wpcf7_get_request_uri(); return $url; } /** * Runs user input validation. * * @return bool True if no invalid field is found. */ private function validate() { if ( $this->invalid_fields ) { return false; } $result = new WPCF7_Validation(); $this->contact_form->validate_schema( array( 'text' => true, 'file' => false, 'field' => array(), ), $result ); $tags = $this->contact_form->scan_form_tags( array( 'feature' => '! file-uploading', ) ); foreach ( $tags as $tag ) { $type = $tag->type; $result = apply_filters( "wpcf7_validate_{$type}", $result, $tag ); } $result = apply_filters( 'wpcf7_validate', $result, $tags ); $this->invalid_fields = $result->get_invalid_fields(); return $result->is_valid(); } /** * Returns true if user consent is obtained. */ private function accepted() { return apply_filters( 'wpcf7_acceptance', true, $this ); } /** * Adds user consent data to this submission. * * @param string $name Field name. * @param string $conditions Conditions of consent. */ public function add_consent( $name, $conditions ) { $this->consent[$name] = $conditions; return true; } /** * Collects user consent data. * * @return array User consent data. */ public function collect_consent() { return (array) $this->consent; } /** * Executes spam protections. * * @return bool True if spam captured. */ private function spam() { $spam = false; $skip_spam_check = apply_filters( 'wpcf7_skip_spam_check', $this->skip_spam_check, $this ); if ( $skip_spam_check ) { return $spam; } if ( $this->contact_form->is_true( 'subscribers_only' ) and current_user_can( 'wpcf7_submit', $this->contact_form->id() ) ) { return $spam; } $user_agent = (string) $this->get_meta( 'user_agent' ); if ( strlen( $user_agent ) < 2 ) { $spam = true; $this->add_spam_log( array( 'agent' => 'wpcf7', 'reason' => __( "User-Agent string is unnaturally short.", 'contact-form-7' ), ) ); } if ( ! $this->verify_nonce() ) { $spam = true; $this->add_spam_log( array( 'agent' => 'wpcf7', 'reason' => __( "Submitted nonce is invalid.", 'contact-form-7' ), ) ); } return apply_filters( 'wpcf7_spam', $spam, $this ); } /** * Adds a spam log. * * @link https://contactform7.com/2019/05/31/why-is-this-message-marked-spam/ */ public function add_spam_log( $data = '' ) { $data = wp_parse_args( $data, array( 'agent' => '', 'reason' => '', ) ); $this->spam_log[] = $data; } /** * Retrieves the spam logging data. * * @return array Spam logging data. */ public function get_spam_log() { return $this->spam_log; } /** * Verifies that a correct security nonce was used. */ private function verify_nonce() { if ( ! $this->contact_form->nonce_is_active() or ! is_user_logged_in() ) { return true; } $nonce = $_POST['_wpnonce'] ?? ''; return wpcf7_verify_nonce( $nonce ); } /** * Function called just before sending email. */ private function before_send_mail() { $abort = false; do_action_ref_array( 'wpcf7_before_send_mail', array( $this->contact_form, &$abort, $this, ) ); return ! $abort; } /** * Sends emails based on user input values and contact form email templates. */ private function mail() { $contact_form = $this->contact_form; $skip_mail = apply_filters( 'wpcf7_skip_mail', $this->skip_mail, $contact_form ); if ( $skip_mail ) { return true; } $result = WPCF7_Mail::send( $contact_form->prop( 'mail' ), 'mail' ); if ( $result ) { $additional_mail = array(); if ( $mail_2 = $contact_form->prop( 'mail_2' ) and $mail_2['active'] ) { $additional_mail['mail_2'] = $mail_2; } $additional_mail = apply_filters( 'wpcf7_additional_mail', $additional_mail, $contact_form ); foreach ( $additional_mail as $name => $template ) { WPCF7_Mail::send( $template, $name ); } return true; } return false; } /** * Retrieves files uploaded through this submission. */ public function uploaded_files() { return $this->uploaded_files; } /** * Adds a file to the uploaded files array. * * @param string $name Field name. * @param string|array $file_path File path or array of file paths. */ private function add_uploaded_file( $name, $file_path ) { if ( ! wpcf7_is_name( $name ) ) { return false; } $paths = (array) $file_path; $uploaded_files = array(); $hash_strings = array(); foreach ( $paths as $path ) { if ( @is_file( $path ) and @is_readable( $path ) ) { $uploaded_files[] = $path; $hash_strings[] = md5_file( $path ); } } $this->uploaded_files[$name] = $uploaded_files; if ( empty( $this->posted_data[$name] ) ) { $this->posted_data[$name] = implode( ' ', $hash_strings ); } } /** * Removes uploaded files. */ private function remove_uploaded_files() { foreach ( (array) $this->uploaded_files as $file_path ) { $paths = (array) $file_path; foreach ( $paths as $path ) { wpcf7_rmdir_p( $path ); if ( $dir = dirname( $path ) and false !== ( $files = scandir( $dir ) ) and ! array_diff( $files, array( '.', '..' ) ) ) { // remove parent dir if it's empty. rmdir( $dir ); } } } } /** * Moves uploaded files to the tmp directory and validates them. * * @return bool True if no invalid file is found. */ private function unship_uploaded_files() { $result = new WPCF7_Validation(); $tags = $this->contact_form->scan_form_tags( array( 'feature' => 'file-uploading', ) ); foreach ( $tags as $tag ) { if ( empty( $_FILES[$tag->name] ) ) { continue; } $file = $_FILES[$tag->name]; $options = array( 'tag' => $tag, 'name' => $tag->name, 'required' => $tag->is_required(), 'filetypes' => $tag->get_option( 'filetypes' ), 'limit' => $tag->get_limit_option(), 'schema' => $this->contact_form->get_schema(), ); $new_files = wpcf7_unship_uploaded_file( $file, $options ); if ( is_wp_error( $new_files ) ) { $result->invalidate( $tag, $new_files ); } else { $this->add_uploaded_file( $tag->name, $new_files ); } $result = apply_filters( "wpcf7_validate_{$tag->type}", $result, $tag, array( 'uploaded_files' => $new_files, ) ); } $this->invalid_fields = $result->get_invalid_fields(); return $result->is_valid(); } /** * Adds extra email attachment files that are independent from form fields. * * @param string|array $file_path A file path or an array of file paths. * @param string $template Optional. The name of the template to which * the files are attached. * @return bool True if it succeeds to attach a file at least, * or false otherwise. */ public function add_extra_attachments( $file_path, $template = 'mail' ) { if ( ! did_action( 'wpcf7_before_send_mail' ) ) { return false; } $extra_attachments = array(); foreach ( (array) $file_path as $path ) { $path = path_join( WP_CONTENT_DIR, $path ); if ( file_exists( $path ) ) { $extra_attachments[] = $path; } } if ( empty( $extra_attachments ) ) { return false; } if ( ! isset( $this->extra_attachments[$template] ) ) { $this->extra_attachments[$template] = array(); } $this->extra_attachments[$template] = array_merge( $this->extra_attachments[$template], $extra_attachments ); return true; } /** * Returns extra email attachment files. * * @param string $template An email template name. * @return array Array of file paths. */ public function extra_attachments( $template ) { if ( isset( $this->extra_attachments[$template] ) ) { return (array) $this->extra_attachments[$template]; } return array(); } }