Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

if (!defined('ABSPATH'))

[2] Fix | Delete

exit;

[3] Fix | Delete

[4] Fix | Delete

use NF_Exports_BulkSubmissionEmailParameters as BulkSubmissionEmailParameters;

[5] Fix | Delete

[6] Fix | Delete

/**

[7] Fix | Delete

* Email exported submissions as an attachment

[8] Fix | Delete

[9] Fix | Delete

class NF_Exports_BulkSubmissionEmail {

[10] Fix | Delete

[11] Fix | Delete

/**

[12] Fix | Delete

* Bulk Submission Email Parameters

[13] Fix | Delete

* @var BulkSubmissionEmailParameters

[14] Fix | Delete

[15] Fix | Delete

protected $bulkSubmissionEmailParameters;

[16] Fix | Delete

[17] Fix | Delete

/**

[18] Fix | Delete

* Comma delineated `To` addresses

[19] Fix | Delete

* @var string

[20] Fix | Delete

[21] Fix | Delete

protected $toAddresses;

[22] Fix | Delete

[23] Fix | Delete

/**

[24] Fix | Delete

* `From` address

[25] Fix | Delete

* @var string

[26] Fix | Delete

[27] Fix | Delete

protected $fromAddress;

[28] Fix | Delete

[29] Fix | Delete

/**

[30] Fix | Delete

* `Reply To` address

[31] Fix | Delete

* @var string

[32] Fix | Delete

[33] Fix | Delete

protected $replyTo;

[34] Fix | Delete

[35] Fix | Delete

/**

[36] Fix | Delete

* `Subject`

[37] Fix | Delete

* @var string

[38] Fix | Delete

[39] Fix | Delete

protected $subject;

[40] Fix | Delete

[41] Fix | Delete

/**

[42] Fix | Delete

* CSV string content, stored in array for multiple attachments

[43] Fix | Delete

* @var array

[44] Fix | Delete

[45] Fix | Delete

protected $content;

[46] Fix | Delete

[47] Fix | Delete

/**

[48] Fix | Delete

[49] Fix | Delete

* @var resource

[50] Fix | Delete

[51] Fix | Delete

protected $tempFile;

[52] Fix | Delete

[53] Fix | Delete

/**

[54] Fix | Delete

* Directory of final file location

[55] Fix | Delete

* @var string

[56] Fix | Delete

[57] Fix | Delete

protected $dir;

[58] Fix | Delete

[59] Fix | Delete

/**

[60] Fix | Delete

* Temp file name at time of upload, before renaming

[61] Fix | Delete

* @var string

[62] Fix | Delete

[63] Fix | Delete

protected $basename;

[64] Fix | Delete

[65] Fix | Delete

/**

[66] Fix | Delete

* Full file name with path as attached to email

[67] Fix | Delete

* @var string

[68] Fix | Delete

[69] Fix | Delete

protected $attachmentFilename;

[70] Fix | Delete

[71] Fix | Delete

/**

[72] Fix | Delete

* Instantiated with BulkSubmissionEmailParameters and string CSV content

[73] Fix | Delete

[74] Fix | Delete

* @param BulkSubmissionEmailParameters $bulkSubmissionEmailParameters

[75] Fix | Delete

* @param array $attachmentFilenames Array of string filenames ready for attachment

[76] Fix | Delete

[77] Fix | Delete

public function __construct($bulkSubmissionEmailParameters, array $attachmentFilenames) {

[78] Fix | Delete

$this->bulkSubmissionEmailParameters = $bulkSubmissionEmailParameters;

[79] Fix | Delete

$this->attachmentFilename = $attachmentFilenames;

[80] Fix | Delete

$this->setDefaults();

[81] Fix | Delete

}

[82] Fix | Delete

[83] Fix | Delete

/**

[84] Fix | Delete

* Set default properties

[85] Fix | Delete

[86] Fix | Delete

protected function setDefaults() {

[87] Fix | Delete

// set upload director to /uploads

[88] Fix | Delete

$dir = wp_upload_dir();

[89] Fix | Delete

$this->uploadDir = $dir['path'];

[90] Fix | Delete

}

[91] Fix | Delete

[92] Fix | Delete

/**

[93] Fix | Delete

* Generate email, attach content, submit email

[94] Fix | Delete

[95] Fix | Delete

public function handle() {

[96] Fix | Delete

$this->sanitizeAddressFields();

[97] Fix | Delete

[98] Fix | Delete

$headers = $this->getHeaders();

[99] Fix | Delete

[100] Fix | Delete

$attachments = $this->getAttachments();

[101] Fix | Delete

[102] Fix | Delete

$message = apply_filters('ninja_forms_action_email_message', $this->bulkSubmissionEmailParameters->getEmailSubject());

[103] Fix | Delete

[104] Fix | Delete

try {

[105] Fix | Delete

[106] Fix | Delete

$sent = wp_mail($this->toAddresses, strip_tags($this->bulkSubmissionEmailParameters->getEmailSubject()), $message, $headers, $attachments);

[107] Fix | Delete

} catch (Exception $e) {

[108] Fix | Delete

[109] Fix | Delete

$sent = false;

[110] Fix | Delete

}

[111] Fix | Delete

}

[112] Fix | Delete

[113] Fix | Delete

/**

[114] Fix | Delete

* Put every email address through a sanitizing method

[115] Fix | Delete

[116] Fix | Delete

protected function sanitizeAddressFields() {

[117] Fix | Delete

$incomingToAddresses = $this->bulkSubmissionEmailParameters->getEmailTo();

[118] Fix | Delete

[119] Fix | Delete

$emailAddresses = explode(',', $incomingToAddresses);

[120] Fix | Delete

[121] Fix | Delete

// Loop over our email addresses.

[122] Fix | Delete

foreach ($emailAddresses as $email) {

[123] Fix | Delete

[124] Fix | Delete

[125] Fix | Delete

$sanitized = $this->sanitizeEmail($email);

[126] Fix | Delete

[127] Fix | Delete

// Build our array of the email addresses.

[128] Fix | Delete

$sanitizedArray[] = $sanitized;

[129] Fix | Delete

}

[130] Fix | Delete

$this->toAddresses = implode(',', $sanitizedArray);

[131] Fix | Delete

[132] Fix | Delete

// Sanitized our array of settings.

[133] Fix | Delete

[134] Fix | Delete

$this->fromAddress = $this->sanitizeEmail($this->bulkSubmissionEmailParameters->getEmailFrom());

[135] Fix | Delete

[136] Fix | Delete

$this->replyTo = $this->bulkSubmissionEmailParameters->getEmailReplyTo();

[137] Fix | Delete

}

[138] Fix | Delete

[139] Fix | Delete

/**

[140] Fix | Delete

* Sanitize a given email address

[141] Fix | Delete

[142] Fix | Delete

* @param string $incoming

[143] Fix | Delete

* @return string

[144] Fix | Delete

[145] Fix | Delete

protected function sanitizeEmail($incoming) {

[146] Fix | Delete

[147] Fix | Delete

// Trim values in case there is a value with spaces/tabs/etc to remove whitespace

[148] Fix | Delete

$trimmed = trim($incoming);

[149] Fix | Delete

[150] Fix | Delete

if (empty($trimmed)) {

[151] Fix | Delete

return '';

[152] Fix | Delete

}

[153] Fix | Delete

[154] Fix | Delete

$matches = [];

[155] Fix | Delete

if (false !== strpos($trimmed, '<') && false !== strpos($trimmed, '>')) {

[156] Fix | Delete

preg_match('/(?:<)([^>]*)(?:>)/', $trimmed, $matches);

[157] Fix | Delete

[158] Fix | Delete

$return = $matches[1];

[159] Fix | Delete

} else {

[160] Fix | Delete

[161] Fix | Delete

$return = $trimmed;

[162] Fix | Delete

}

[163] Fix | Delete

[164] Fix | Delete

// skip if email is invalid

[165] Fix | Delete

if (!is_email($return)) {

[166] Fix | Delete

return '';

[167] Fix | Delete

}

[168] Fix | Delete

[169] Fix | Delete

return $return;

[170] Fix | Delete

}

[171] Fix | Delete

[172] Fix | Delete

/**

[173] Fix | Delete

* Construct and return header array

[174] Fix | Delete

[175] Fix | Delete

* Note that variable headers are run through sanitize_header method

[176] Fix | Delete

* @return array

[177] Fix | Delete

[178] Fix | Delete

private function getHeaders() {

[179] Fix | Delete

$contentHeaders = [];

[180] Fix | Delete

[181] Fix | Delete

$contentHeaders[] = 'Content-Type: text/html';

[182] Fix | Delete

$contentHeaders[] = 'charset=UTF-8';

[183] Fix | Delete

$contentHeaders[] = 'X-Ninja-Forms:ninja-forms'; // Flag for transactional email.

[184] Fix | Delete

[185] Fix | Delete

$contentHeaders[] = $this->formatAddress('from', $this->fromAddress);

[186] Fix | Delete

[187] Fix | Delete

$headers = array_merge($contentHeaders, $this->constructRecipientsHeader());

[188] Fix | Delete

[189] Fix | Delete

return $headers;

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete

/**

[193] Fix | Delete

* Sanitize header to prevent attacker is able to create new headers using charecter encoding.

[194] Fix | Delete

[195] Fix | Delete

* @param string $header

[196] Fix | Delete

* @return void

[197] Fix | Delete

[198] Fix | Delete

protected function sanitize_header($header){

[199] Fix | Delete

return preg_replace( '=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $header );

[200] Fix | Delete

}

[201] Fix | Delete

[202] Fix | Delete

/**

[203] Fix | Delete

* Construct and return attachments

[204] Fix | Delete

* @return array

[205] Fix | Delete

[206] Fix | Delete

private function getAttachments() {

[207] Fix | Delete

[208] Fix | Delete

$attachments = $this->attachmentFilename;

[209] Fix | Delete

[210] Fix | Delete

return $attachments;

[211] Fix | Delete

}

[212] Fix | Delete

[213] Fix | Delete

/**

[214] Fix | Delete

* Format Reply-To, CC, and BCC address header

[215] Fix | Delete

* @return array

[216] Fix | Delete

[217] Fix | Delete

private function constructRecipientsHeader() {

[218] Fix | Delete

$headers = [];

[219] Fix | Delete

[220] Fix | Delete

// Could include `cc` and `bcc` in future

[221] Fix | Delete

$recipientParameters = array(

[222] Fix | Delete

'Reply-to' => $this->bulkSubmissionEmailParameters->getEmailReplyTo(),

[223] Fix | Delete

);

[224] Fix | Delete

[225] Fix | Delete

foreach ($recipientParameters as $type => $email) {

[226] Fix | Delete

[227] Fix | Delete

if (!$email) {

[228] Fix | Delete

continue;

[229] Fix | Delete

}

[230] Fix | Delete

[231] Fix | Delete

$headers[] = $this->formatAddress($type, $email);

[232] Fix | Delete

}

[233] Fix | Delete

[234] Fix | Delete

return $headers;

[235] Fix | Delete

}

[236] Fix | Delete

[237] Fix | Delete

/**

[238] Fix | Delete

* Format address for header

[239] Fix | Delete

[240] Fix | Delete

* @param string $type

[241] Fix | Delete

* @param string $email

[242] Fix | Delete

* @param string $name

[243] Fix | Delete

* @return string

[244] Fix | Delete

[245] Fix | Delete

private function formatAddress($type, $email, $name = '') {

[246] Fix | Delete

$formattedType = ucfirst($type);

[247] Fix | Delete

[248] Fix | Delete

if (!$name) {

[249] Fix | Delete

$name = $email;

[250] Fix | Delete

}

[251] Fix | Delete

$recipient = "$formattedType: $name <$email>";

[252] Fix | Delete

[253] Fix | Delete

return $this->sanitize_header($recipient);

[254] Fix | Delete

}

[255] Fix | Delete

[256] Fix | Delete

}

[257] Fix | Delete

[258] Fix | Delete