Files @ f43d1a4680a9
Branch filter:

Location: hot67beta/components/com_mailto/controller.php

f43d1a4680a9 4.0 KiB text/x-php Show Annotation Show as Raw Download as Raw
ethanzonca@localhost.localdomain
menubar 0 to 10
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
/**
 * @version		$Id: controller.php 11391 2009-01-04 13:35:50Z ian $
 * @package		Joomla
 * @subpackage	MailTo
 * @copyright	Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
 * @license		GNU/GPL, see LICENSE.php
 * Joomla! is free software. This version may have been modified pursuant to the
 * GNU General Public License, and as distributed it includes or is derivative
 * of works licensed under the GNU General Public License or other free or open
 * source software licenses. See COPYRIGHT.php for copyright notices and
 * details.
 */

// Check to ensure this file is included in Joomla!
defined('_JEXEC') or die( 'Restricted access' );

jimport('joomla.application.component.controller');

/**
 * @package		Joomla
 * @subpackage	MailTo
 */
class MailtoController extends JController
{

	/**
	 * Show the form so that the user can send the link to someone
	 *
	 * @access public
	 * @since 1.5
	 */
	function mailto()
	{
		$session =& JFactory::getSession();
		$session->set('com_mailto.formtime', time());
		JRequest::setVar( 'view', 'mailto' );
		$this->display();
	}

	/**
	 * Send the message and display a notice
	 *
	 * @access public
	 * @since 1.5
	 */
	function send()
	{
		global $mainframe;

		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );
		$session =& JFactory::getSession();
		$db	=& JFactory::getDBO();

		$timeout = $session->get('com_mailto.formtime', 0);
		if($timeout == 0 || time() - $timeout < 20) {
			JError::raiseNotice( 500, JText:: _ ('EMAIL_NOT_SENT' ));
			return $this->mailto();
		}

		jimport( 'joomla.mail.helper' );

		$SiteName 	= $mainframe->getCfg('sitename');
		$MailFrom 	= $mainframe->getCfg('mailfrom');
		$FromName 	= $mainframe->getCfg('fromname');

		$link 		= base64_decode( JRequest::getVar( 'link', '', 'post', 'base64' ) );

		// Verify that this is a local link
		if(!JURI::isInternal($link)) {
			//Non-local url...  
			JError::raiseNotice( 500, JText:: _ ('EMAIL_NOT_SENT' ));
			return $this->mailto();
		}

		// An array of e-mail headers we do not want to allow as input
		$headers = array (	'Content-Type:',
							'MIME-Version:',
							'Content-Transfer-Encoding:',
							'bcc:',
							'cc:');

		// An array of the input fields to scan for injected headers
		$fields = array ('mailto',
						 'sender',
						 'from',
						 'subject',
						 );

		/*
		 * Here is the meat and potatoes of the header injection test.  We
		 * iterate over the array of form input and check for header strings.
		 * If we find one, send an unauthorized header and die.
		 */
		foreach ($fields as $field)
		{
			foreach ($headers as $header)
			{
				if (strpos($_POST[$field], $header) !== false)
				{
					JError::raiseError(403, '');
				}
			}
		}

		/*
		 * Free up memory
		 */
		unset ($headers, $fields);

		$email 				= JRequest::getString('mailto', '', 'post');
		$sender 			= JRequest::getString('sender', '', 'post');
		$from 				= JRequest::getString('from', '', 'post');
		$subject_default 	= JText::sprintf('Item sent by', $sender);
		$subject 			= JRequest::getString('subject', $subject_default, 'post');

		// Check for a valid to address
		$error	= false;
		if ( ! $email  || ! JMailHelper::isEmailAddress($email) )
		{
			$error	= JText::sprintf('EMAIL_INVALID', $email);
			JError::raiseWarning(0, $error );
		}

		// Check for a valid from address
		if ( ! $from || ! JMailHelper::isEmailAddress($from) )
		{
			$error	= JText::sprintf('EMAIL_INVALID', $from);
			JError::raiseWarning(0, $error );
		}

		if ( $error )
		{
			return $this->mailto();
		}

		// Build the message to send
		$msg	= JText :: _('EMAIL_MSG');
		$body	= sprintf( $msg, $SiteName, $sender, $from, $link);

		// Clean the email data
		$subject = JMailHelper::cleanSubject($subject);
		$body	 = JMailHelper::cleanBody($body);
		$sender	 = JMailHelper::cleanAddress($sender);

		// Send the email
		if ( JUtility::sendMail($from, $sender, $email, $subject, $body) !== true )
		{
			JError::raiseNotice( 500, JText:: _ ('EMAIL_NOT_SENT' ));
			return $this->mailto();
		}

		JRequest::setVar( 'view', 'sent' );
		$this->display();
	}
}
Server instance: zserverv-756375 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support