actions.php000064400000001203151542060100006703 0ustar00<?php

add_action(
	'wpcf7_update_option',
	'wpcf7_config_validator_update_option',
	10, 3
);

/**
 * Runs bulk validation after the reCAPTCHA integration option is updated.
 */
function wpcf7_config_validator_update_option( $name, $value, $old_option ) {
	if ( 'recaptcha' === $name ) {
		$contact_forms = WPCF7_ContactForm::find();

		$options = array(
			'include' => 'unsafe_email_without_protection',
		);

		foreach ( $contact_forms as $contact_form ) {
			$config_validator = new WPCF7_ConfigValidator( $contact_form, $options );
			$config_validator->restore();
			$config_validator->validate();
			$config_validator->save();
		}
	}
}
additional-settings.php000064400000001306151542060100011215 0ustar00<?php

trait WPCF7_ConfigValidator_AdditionalSettings {

	/**
	 * Runs error detection for the additional settings section.
	 */
	public function validate_additional_settings() {
		$section = 'additional_settings.body';

		if ( $this->supports( 'deprecated_settings' ) ) {
			$deprecated_settings_used =
				$this->contact_form->additional_setting( 'on_sent_ok' ) ||
				$this->contact_form->additional_setting( 'on_submit' );

			if ( $deprecated_settings_used ) {
				$this->add_error( $section, 'deprecated_settings',
					array(
						'message' => __( "Deprecated settings are used.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'deprecated_settings' );
			}
		}
	}

}
form.php000064400000016456151542060100006226 0ustar00<?php

trait WPCF7_ConfigValidator_Form {

	/**
	 * Runs error detection for the form section.
	 */
	public function validate_form() {
		$section = 'form.body';
		$form = $this->contact_form->prop( 'form' );

		if ( $this->supports( 'multiple_controls_in_label' ) ) {
			if ( $this->detect_multiple_controls_in_label( $section, $form ) ) {
				$this->add_error( $section, 'multiple_controls_in_label',
					array(
						'message' => __( "Multiple form controls are in a single label element.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'multiple_controls_in_label' );
			}
		}

		if ( $this->supports( 'unavailable_names' ) ) {
			$ng_names = $this->detect_unavailable_names( $section, $form );

			if ( $ng_names ) {
				$this->add_error( $section, 'unavailable_names',
					array(
						'message' =>
							/* translators: %names%: a list of form control names */
							__( "Unavailable names (%names%) are used for form controls.", 'contact-form-7' ),
						'params' => array( 'names' => implode( ', ', $ng_names ) ),
					)
				);
			} else {
				$this->remove_error( $section, 'unavailable_names' );
			}
		}

		if ( $this->supports( 'unavailable_html_elements' ) ) {
			if ( $this->detect_unavailable_html_elements( $section, $form ) ) {
				$this->add_error( $section, 'unavailable_html_elements',
					array(
						'message' => __( "Unavailable HTML elements are used in the form template.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'unavailable_html_elements' );
			}
		}

		if ( $this->supports( 'dots_in_names' ) ) {
			if ( $this->detect_dots_in_names( $section, $form ) ) {
				$this->add_error( $section, 'dots_in_names',
					array(
						'message' => __( "Dots are used in form-tag names.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'dots_in_names' );
			}
		}

		if ( $this->supports( 'colons_in_names' ) ) {
			if ( $this->detect_colons_in_names( $section, $form ) ) {
				$this->add_error( $section, 'colons_in_names',
					array(
						'message' => __( "Colons are used in form-tag names.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'colons_in_names' );
			}
		}

		if ( $this->supports( 'upload_filesize_overlimit' ) ) {
			if ( $this->detect_upload_filesize_overlimit( $section, $form ) ) {
				$this->add_error( $section, 'upload_filesize_overlimit',
					array(
						'message' => __( "Uploadable file size exceeds PHP’s maximum acceptable size.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'upload_filesize_overlimit' );
			}
		}
	}


	/**
	 * Detects errors of multiple form controls in a single label.
	 *
	 * @link https://contactform7.com/configuration-errors/multiple-controls-in-label/
	 */
	public function detect_multiple_controls_in_label( $section, $content ) {
		$pattern = '%<label(?:[ \t\n]+.*?)?>(.+?)</label>%s';

		if ( preg_match_all( $pattern, $content, $matches ) ) {
			$form_tags_manager = WPCF7_FormTagsManager::get_instance();

			foreach ( $matches[1] as $insidelabel ) {
				$tags = $form_tags_manager->scan( $insidelabel );
				$fields_count = 0;

				foreach ( $tags as $tag ) {
					$is_multiple_controls_container = wpcf7_form_tag_supports(
						$tag->type, 'multiple-controls-container'
					);

					$is_zero_controls_container = wpcf7_form_tag_supports(
						$tag->type, 'zero-controls-container'
					);

					if ( $is_multiple_controls_container ) {
						$fields_count += count( $tag->values );

						if ( $tag->has_option( 'free_text' ) ) {
							$fields_count += 1;
						}
					} elseif ( $is_zero_controls_container ) {
						$fields_count += 0;
					} elseif ( ! empty( $tag->name ) ) {
						$fields_count += 1;
					}

					if ( 1 < $fields_count ) {
						return true;
					}
				}
			}
		}

		return false;
	}


	/**
	 * Detects errors of unavailable form-tag names.
	 *
	 * @link https://contactform7.com/configuration-errors/unavailable-names/
	 */
	public function detect_unavailable_names( $section, $content ) {
		$public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat',
			'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence',
			'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order',
			'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second',
			'name', 'category_name', 'tag', 'feed', 'author_name', 'static',
			'pagename', 'page_id', 'error', 'attachment', 'attachment_id',
			'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term',
			'cpage', 'post_type', 'embed',
		);

		$form_tags_manager = WPCF7_FormTagsManager::get_instance();

		$ng_named_tags = $form_tags_manager->filter( $content, array(
			'name' => $public_query_vars,
		) );

		$ng_names = array();

		foreach ( $ng_named_tags as $tag ) {
			$ng_names[] = sprintf( '"%s"', $tag->name );
		}

		if ( $ng_names ) {
			return array_unique( $ng_names );
		}

		return false;
	}


	/**
	 * Detects errors of unavailable HTML elements.
	 *
	 * @link https://contactform7.com/configuration-errors/unavailable-html-elements/
	 */
	public function detect_unavailable_html_elements( $section, $content ) {
		$pattern = '%(?:<form[\s\t>]|</form>)%i';

		if ( preg_match( $pattern, $content ) ) {
			return true;
		}

		return false;
	}


	/**
	 * Detects errors of dots in form-tag names.
	 *
	 * @link https://contactform7.com/configuration-errors/dots-in-names/
	 */
	public function detect_dots_in_names( $section, $content ) {
		$form_tags_manager = WPCF7_FormTagsManager::get_instance();

		$tags = $form_tags_manager->filter( $content, array(
			'feature' => 'name-attr',
		) );

		foreach ( $tags as $tag ) {
			if ( str_contains( $tag->raw_name, '.' ) ) {
				return true;
			}
		}

		return false;
	}


	/**
	 * Detects errors of colons in form-tag names.
	 *
	 * @link https://contactform7.com/configuration-errors/colons-in-names/
	 */
	public function detect_colons_in_names( $section, $content ) {
		$form_tags_manager = WPCF7_FormTagsManager::get_instance();

		$tags = $form_tags_manager->filter( $content, array(
			'feature' => 'name-attr',
		) );

		foreach ( $tags as $tag ) {
			if ( str_contains( $tag->raw_name, ':' ) ) {
				return true;
			}
		}

		return false;
	}


	/**
	 * Detects errors of uploadable file size overlimit.
	 *
	 * @link https://contactform7.com/configuration-errors/upload-filesize-overlimit
	 */
	public function detect_upload_filesize_overlimit( $section, $content ) {
		$upload_max_filesize = ini_get( 'upload_max_filesize' );

		if ( ! $upload_max_filesize ) {
			return false;
		}

		$upload_max_filesize = strtolower( $upload_max_filesize );
		$upload_max_filesize = trim( $upload_max_filesize );

		if ( ! preg_match( '/^(\d+)([kmg]?)$/', $upload_max_filesize, $matches ) ) {
			return false;
		}

		if ( 'k' === $matches[2] ) {
			$upload_max_filesize = (int) $matches[1] * KB_IN_BYTES;
		} elseif ( 'm' === $matches[2] ) {
			$upload_max_filesize = (int) $matches[1] * MB_IN_BYTES;
		} elseif ( 'g' === $matches[2] ) {
			$upload_max_filesize = (int) $matches[1] * GB_IN_BYTES;
		} else {
			$upload_max_filesize = (int) $matches[1];
		}

		$form_tags_manager = WPCF7_FormTagsManager::get_instance();

		$tags = $form_tags_manager->filter( $content, array(
			'basetype' => 'file',
		) );

		foreach ( $tags as $tag ) {
			if ( $upload_max_filesize < $tag->get_limit_option() ) {
				return true;
			}
		}

		return false;
	}

}
mail.php000064400000034377151542060100006207 0ustar00<?php

trait WPCF7_ConfigValidator_Mail {

	/**
	 * Replaces all mail-tags in the given content.
	 */
	public function replace_mail_tags( $content, $options = '' ) {
		$options = wp_parse_args( $options, array(
			'html' => false,
			'callback' =>
				array( $this, 'replace_mail_tags_with_minimum_input_callback' ),
		) );

		$content = new WPCF7_MailTaggedText( $content, $options );

		return $content->replace_tags();
	}


	/**
	 * Callback function for WPCF7_MailTaggedText. Replaces mail-tags with
	 * the most conservative inputs.
	 */
	public function replace_mail_tags_with_minimum_input_callback( $matches ) {
		// allow [[foo]] syntax for escaping a tag
		if ( $matches[1] === '[' and $matches[4] === ']' ) {
			return substr( $matches[0], 1, -1 );
		}

		$tag = $matches[0];
		$tagname = $matches[2];
		$values = $matches[3];

		$mail_tag = new WPCF7_MailTag( $tag, $tagname, $values );
		$field_name = $mail_tag->field_name();

		$example_email = 'example@example.com';
		$example_text = 'example';
		$example_blank = '';

		// for back-compat
		$field_name = preg_replace( '/^wpcf7\./', '_', $field_name );

		if ( '_site_admin_email' === $field_name ) {
			return get_bloginfo( 'admin_email', 'raw' );

		} elseif ( '_user_agent' === $field_name ) {
			return $example_text;

		} elseif ( '_user_email' === $field_name ) {
			return $this->contact_form->is_true( 'subscribers_only' )
				? $example_email
				: $example_blank;

		} elseif ( str_starts_with( $field_name, '_user_' ) ) {
			return $this->contact_form->is_true( 'subscribers_only' )
				? $example_text
				: $example_blank;

		} elseif ( str_starts_with( $field_name, '_' ) ) {
			return str_ends_with( $field_name, '_email' )
				? $example_email
				: $example_text;

		}

		static $opcalcset = array();

		if ( ! isset( $opcalcset[$this->contact_form->id()] ) ) {
			$opcalcset[$this->contact_form->id()] =
				new WPCF7_MailTag_OutputCalculator( $this->contact_form );
		}

		$opcalc = $opcalcset[$this->contact_form->id()];
		$op = $opcalc->calc_output( $mail_tag );

		if ( WPCF7_MailTag_OutputCalculator::email === $op ) {
			return $example_email;
		} elseif ( ! ( WPCF7_MailTag_OutputCalculator::blank & $op ) ) {
			return $example_text;
		} else {
			return $example_blank;
		}
	}


	/**
	 * Runs error detection for the mail sections.
	 */
	public function validate_mail( $template = 'mail' ) {
		if (
			$this->contact_form->is_true( 'demo_mode' ) or
			$this->contact_form->is_true( 'skip_mail' )
		) {
			return;
		}

		$components = (array) $this->contact_form->prop( $template );

		if ( ! $components ) {
			return;
		}

		if ( 'mail' !== $template and empty( $components['active'] ) ) {
			return;
		}

		$components = wp_parse_args( $components, array(
			'subject' => '',
			'sender' => '',
			'recipient' => '',
			'additional_headers' => '',
			'body' => '',
			'attachments' => '',
		) );

		$this->validate_mail_subject(
			$template,
			$components['subject']
		);

		$this->validate_mail_sender(
			$template,
			$components['sender']
		);

		$this->validate_mail_recipient(
			$template,
			$components['recipient']
		);

		$this->validate_mail_additional_headers(
			$template,
			$components['additional_headers']
		);

		$this->validate_mail_body(
			$template,
			$components['body']
		);

		$this->validate_mail_attachments(
			$template,
			$components['attachments']
		);
	}


	/**
	 * Runs error detection for the mail subject section.
	 */
	public function validate_mail_subject( $template, $content ) {
		$section = sprintf( '%s.subject', $template );

		if ( $this->supports( 'maybe_empty' ) ) {
			if ( $this->detect_maybe_empty( $section, $content ) ) {
				$this->add_error( $section, 'maybe_empty',
					array(
						'message' => __( "There is a possible empty field.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'maybe_empty' );
			}
		}
	}


	/**
	 * Runs error detection for the mail sender section.
	 */
	public function validate_mail_sender( $template, $content ) {
		$section = sprintf( '%s.sender', $template );

		if ( $this->supports( 'invalid_mailbox_syntax' ) ) {
			if ( $this->detect_invalid_mailbox_syntax( $section, $content ) ) {
				$this->add_error( $section, 'invalid_mailbox_syntax',
					array(
						'message' => __( "Invalid mailbox syntax is used.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'invalid_mailbox_syntax' );
			}
		}

		if ( $this->supports( 'email_not_in_site_domain' ) ) {
			$this->remove_error( $section, 'email_not_in_site_domain' );

			if ( ! $this->has_error( $section, 'invalid_mailbox_syntax' ) ) {
				$sender = $this->replace_mail_tags( $content );
				$sender = wpcf7_strip_newline( $sender );

				if ( ! wpcf7_is_email_in_site_domain( $sender ) ) {
					$this->add_error( $section, 'email_not_in_site_domain',
						array(
							'message' => __( "Sender email address does not belong to the site domain.", 'contact-form-7' ),
						)
					);
				}
			}
		}
	}


	/**
	 * Runs error detection for the mail recipient section.
	 */
	public function validate_mail_recipient( $template, $content ) {
		$section = sprintf( '%s.recipient', $template );

		if ( $this->supports( 'invalid_mailbox_syntax' ) ) {
			if ( $this->detect_invalid_mailbox_syntax( $section, $content ) ) {
				$this->add_error( $section, 'invalid_mailbox_syntax',
					array(
						'message' => __( "Invalid mailbox syntax is used.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'invalid_mailbox_syntax' );
			}
		}

		if ( $this->supports( 'unsafe_email_without_protection' ) ) {
			$this->remove_error( $section, 'unsafe_email_without_protection' );

			if ( ! $this->has_error( $section, 'invalid_mailbox_syntax' ) ) {
				if (
					$this->detect_unsafe_email_without_protection( $section, $content )
				) {
					$this->add_error( $section, 'unsafe_email_without_protection',
						array(
							'message' => __( "Unsafe email config is used without sufficient protection.", 'contact-form-7' ),
						)
					);
				}
			}
		}
	}


	/**
	 * Runs error detection for the mail additional headers section.
	 */
	public function validate_mail_additional_headers( $template, $content ) {
		$section = sprintf( '%s.additional_headers', $template );

		$invalid_mail_headers = array();
		$invalid_mailbox_fields = array();
		$unsafe_email_fields = array();

		foreach ( explode( "\n", $content ) as $header ) {
			$header = trim( $header );

			if ( '' === $header ) {
				continue;
			}

			$is_valid_header = preg_match(
				'/^([0-9A-Za-z-]+):(.*)$/',
				$header,
				$matches
			);

			if ( ! $is_valid_header ) {
				$invalid_mail_headers[] = $header;
				continue;
			}

			$header_name = $matches[1];
			$header_value = trim( $matches[2] );

			if (
				in_array(
					strtolower( $header_name ), array( 'reply-to', 'cc', 'bcc' )
				) and
				'' !== $header_value and
				$this->detect_invalid_mailbox_syntax( $section, $header_value )
			) {
				$invalid_mailbox_fields[] = $header_name;
				continue;
			}

			if (
				in_array( strtolower( $header_name ), array( 'cc', 'bcc' ) ) and
				$this->detect_unsafe_email_without_protection( $section, $header_value )
			) {
				$unsafe_email_fields[] = $header_name;
			}
		}

		if ( $this->supports( 'invalid_mail_header' ) ) {
			if ( ! empty( $invalid_mail_headers ) ) {
				$this->add_error( $section, 'invalid_mail_header',
					array(
						'message' => __( "There are invalid mail header fields.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'invalid_mail_header' );
			}
		}

		if ( $this->supports( 'invalid_mailbox_syntax' ) ) {
			if ( ! empty( $invalid_mailbox_fields ) ) {
				foreach ( $invalid_mailbox_fields as $header_name ) {
					$this->add_error( $section, 'invalid_mailbox_syntax',
						array(
							'message' => __( "Invalid mailbox syntax is used in the %name% field.", 'contact-form-7' ),
							'params' => array( 'name' => $header_name ),
						)
					);
				}
			} else {
				$this->remove_error( $section, 'invalid_mailbox_syntax' );
			}
		}

		if ( $this->supports( 'unsafe_email_without_protection' ) ) {
			if ( ! empty( $unsafe_email_fields ) ) {
				$this->add_error( $section, 'unsafe_email_without_protection',
					array(
						'message' => __( "Unsafe email config is used without sufficient protection.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'unsafe_email_without_protection' );
			}
		}
	}


	/**
	 * Runs error detection for the mail body section.
	 */
	public function validate_mail_body( $template, $content ) {
		$section = sprintf( '%s.body', $template );

		if ( $this->supports( 'maybe_empty' ) ) {
			if ( $this->detect_maybe_empty( $section, $content ) ) {
				$this->add_error( $section, 'maybe_empty',
					array(
						'message' => __( "There is a possible empty field.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'maybe_empty' );
			}
		}
	}


	/**
	 * Runs error detection for the mail attachments section.
	 */
	public function validate_mail_attachments( $template, $content ) {
		$section = sprintf( '%s.attachments', $template );

		$total_size = 0;
		$files_not_found = array();
		$files_out_of_content = array();

		if ( '' !== $content ) {
			$attachables = array();

			$tags = $this->contact_form->scan_form_tags(
				array( 'type' => array( 'file', 'file*' ) )
			);

			foreach ( $tags as $tag ) {
				$name = $tag->name;

				if ( ! str_contains( $content, "[{$name}]" ) ) {
					continue;
				}

				$limit = (int) $tag->get_limit_option();

				if ( empty( $attachables[$name] ) or $attachables[$name] < $limit ) {
					$attachables[$name] = $limit;
				}
			}

			$total_size = array_sum( $attachables );

			foreach ( explode( "\n", $content ) as $line ) {
				$line = trim( $line );

				if ( '' === $line or str_starts_with( $line, '[' ) ) {
					continue;
				}

				if ( $this->detect_file_not_found( $section, $line ) ) {
					$files_not_found[] = $line;
				} elseif ( $this->detect_file_not_in_content_dir( $section, $line ) ) {
					$files_out_of_content[] = $line;
				} else {
					$total_size += (int) @filesize( $path );
				}
			}
		}

		if ( $this->supports( 'file_not_found' ) ) {
			if ( ! empty( $files_not_found ) ) {
				foreach ( $files_not_found as $line ) {
					$this->add_error( $section, 'file_not_found',
						array(
							'message' => __( "Attachment file does not exist at %path%.", 'contact-form-7' ),
							'params' => array( 'path' => $line ),
						)
					);
				}
			} else {
				$this->remove_error( $section, 'file_not_found' );
			}
		}

		if ( $this->supports( 'file_not_in_content_dir' ) ) {
			if ( ! empty( $files_out_of_content ) ) {
				$this->add_error( $section, 'file_not_in_content_dir',
					array(
						'message' => __( "It is not allowed to use files outside the wp-content directory.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'file_not_in_content_dir' );
			}
		}

		if ( $this->supports( 'attachments_overweight' ) ) {
			$max = 25 * MB_IN_BYTES; // 25 MB

			if ( $max < $total_size ) {
				$this->add_error( $section, 'attachments_overweight',
					array(
						'message' => __( "The total size of attachment files is too large.", 'contact-form-7' ),
					)
				);
			} else {
				$this->remove_error( $section, 'attachments_overweight' );
			}
		}
	}


	/**
	 * Detects errors of invalid mailbox syntax.
	 *
	 * @link https://contactform7.com/configuration-errors/invalid-mailbox-syntax/
	 */
	public function detect_invalid_mailbox_syntax( $section, $content ) {
		$content = $this->replace_mail_tags( $content );
		$content = wpcf7_strip_newline( $content );

		if ( ! wpcf7_is_mailbox_list( $content ) ) {
			return true;
		}

		return false;
	}


	/**
	 * Detects errors of empty message fields.
	 *
	 * @link https://contactform7.com/configuration-errors/maybe-empty/
	 */
	public function detect_maybe_empty( $section, $content ) {
		$content = $this->replace_mail_tags( $content );
		$content = wpcf7_strip_newline( $content );

		if ( '' === $content ) {
			return true;
		}

		return false;
	}


	/**
	 * Detects errors of nonexistent attachment files.
	 *
	 * @link https://contactform7.com/configuration-errors/file-not-found/
	 */
	public function detect_file_not_found( $section, $content ) {
		$path = path_join( WP_CONTENT_DIR, $content );

		if ( ! is_readable( $path ) or ! is_file( $path ) ) {
			return true;
		}

		return false;
	}


	/**
	 * Detects errors of attachment files out of the content directory.
	 *
	 * @link https://contactform7.com/configuration-errors/file-not-in-content-dir/
	 */
	public function detect_file_not_in_content_dir( $section, $content ) {
		$path = path_join( WP_CONTENT_DIR, $content );

		if ( ! wpcf7_is_file_path_in_content_dir( $path ) ) {
			return true;
		}

		return false;
	}


	/**
	 * Detects errors of that unsafe email config is used without
	 * sufficient protection.
	 *
	 * @link https://contactform7.com/configuration-errors/unsafe-email-without-protection/
	 */
	public function detect_unsafe_email_without_protection( $section, $content ) {
		static $is_recaptcha_active = null;

		if ( null === $is_recaptcha_active ) {
			$is_recaptcha_active = call_user_func( function () {
				$service = WPCF7_RECAPTCHA::get_instance();
				return $service->is_active();
			} );
		}

		if ( $is_recaptcha_active ) {
			return false;
		}

		$example_email = 'user-specified@example.com';

		// Replace mail-tags connected to an email type form-tag first.
		$content = $this->replace_mail_tags( $content, array(
			'callback' => function ( $matches ) use ( $example_email ) {
				// allow [[foo]] syntax for escaping a tag
				if ( $matches[1] === '[' and $matches[4] === ']' ) {
					return substr( $matches[0], 1, -1 );
				}

				$tag = $matches[0];
				$tagname = $matches[2];
				$values = $matches[3];

				$mail_tag = new WPCF7_MailTag( $tag, $tagname, $values );
				$field_name = $mail_tag->field_name();

				$form_tags = $this->contact_form->scan_form_tags(
					array( 'name' => $field_name )
				);

				if ( $form_tags ) {
					$form_tag = new WPCF7_FormTag( $form_tags[0] );

					if ( 'email' === $form_tag->basetype ) {
						return $example_email;
					}
				}

				return $tag;
			},
		) );

		// Replace remaining mail-tags.
		$content = $this->replace_mail_tags( $content );

		$content = wpcf7_strip_newline( $content );

		if ( str_contains( $content, $example_email ) ) {
			return true;
		}

		return false;
	}

}
messages.php000064400000002230151542060100007053 0ustar00<?php

trait WPCF7_ConfigValidator_Messages {

	/**
	 * Runs error detection for the messages section.
	 */
	public function validate_messages() {
		$messages = (array) $this->contact_form->prop( 'messages' );

		if ( ! $messages ) {
			return;
		}

		if (
			isset( $messages['captcha_not_match'] ) and
			! wpcf7_use_really_simple_captcha()
		) {
			unset( $messages['captcha_not_match'] );
		}

		foreach ( $messages as $key => $message ) {
			$section = sprintf( 'messages.%s', $key );

			if ( $this->supports( 'html_in_message' ) ) {
				if ( $this->detect_html_in_message( $section, $message ) ) {
					$this->add_error( $section, 'html_in_message',
						array(
							'message' => __( "HTML tags are used in a message.", 'contact-form-7' ),
						)
					);
				} else {
					$this->remove_error( $section, 'html_in_message' );
				}
			}
		}
	}


	/**
	 * Detects errors of HTML uses in a message.
	 *
	 * @link https://contactform7.com/configuration-errors/html-in-message/
	 */
	public function detect_html_in_message( $section, $content ) {
		$stripped = wp_strip_all_tags( $content );

		if ( $stripped !== $content ) {
			return true;
		}

		return false;
	}

}
validator.php000064400000020137151542060100007237 0ustar00<?php

require_once path_join( __DIR__, 'form.php' );
require_once path_join( __DIR__, 'mail.php' );
require_once path_join( __DIR__, 'messages.php' );
require_once path_join( __DIR__, 'additional-settings.php' );
require_once path_join( __DIR__, 'actions.php' );


/**
 * Configuration validator.
 *
 * @link https://contactform7.com/configuration-errors/
 */
class WPCF7_ConfigValidator {

	/**
	 * The plugin version in which important updates happened last time.
	 */
	const last_important_update = '5.8.1';

	const error_codes = array(
		'maybe_empty',
		'invalid_mailbox_syntax',
		'email_not_in_site_domain',
		'html_in_message',
		'multiple_controls_in_label',
		'file_not_found',
		'unavailable_names',
		'invalid_mail_header',
		'deprecated_settings',
		'file_not_in_content_dir',
		'unavailable_html_elements',
		'attachments_overweight',
		'dots_in_names',
		'colons_in_names',
		'upload_filesize_overlimit',
		'unsafe_email_without_protection',
	);

	use WPCF7_ConfigValidator_Form;
	use WPCF7_ConfigValidator_Mail;
	use WPCF7_ConfigValidator_Messages;
	use WPCF7_ConfigValidator_AdditionalSettings;

	private $contact_form;
	private $errors = array();
	private $include;
	private $exclude;


	/**
	 * Returns a URL linking to the documentation page for the error type.
	 */
	public static function get_doc_link( $child_page = '' ) {
		$url = __( 'https://contactform7.com/configuration-errors/',
			'contact-form-7'
		);

		if ( '' !== $child_page ) {
			$child_page = strtr( $child_page, '_', '-' );

			$url = sprintf( '%s/%s', untrailingslashit( $url ), $child_page );
		}

		return esc_url( $url );
	}


	/**
	 * Constructor.
	 */
	public function __construct( WPCF7_ContactForm $contact_form, $options = '' ) {
		$options = wp_parse_args( $options, array(
			'include' => null,
			'exclude' => null,
		) );

		$this->contact_form = $contact_form;

		if ( isset( $options['include'] ) ) {
			$this->include = (array) $options['include'];
		}

		if ( isset( $options['exclude'] ) ) {
			$this->exclude = (array) $options['exclude'];
		}
	}


	/**
	 * Returns the contact form object that is tied to this validator.
	 */
	public function contact_form() {
		return $this->contact_form;
	}


	/**
	 * Returns true if no error has been detected.
	 */
	public function is_valid() {
		return ! $this->count_errors();
	}


	/**
	 * Returns true if the given error code is supported by this instance.
	 */
	public function supports( $error_code ) {
		if ( isset( $this->include ) ) {
			$supported_codes = array_intersect( self::error_codes, $this->include );
		} else {
			$supported_codes = self::error_codes;
		}

		if ( isset( $this->exclude ) ) {
			$supported_codes = array_diff( $supported_codes, $this->exclude );
		}

		return in_array( $error_code, $supported_codes, true );
	}


	/**
	 * Counts detected errors.
	 */
	public function count_errors( $options = '' ) {
		$options = wp_parse_args( $options, array(
			'section' => '',
			'code' => '',
		) );

		$count = 0;

		foreach ( $this->errors as $key => $errors ) {
			if ( preg_match( '/^mail_[0-9]+\.(.*)$/', $key, $matches ) ) {
				$key = sprintf( 'mail.%s', $matches[1] );
			}

			if ( $options['section']
			and $key !== $options['section']
			and preg_replace( '/\..*$/', '', $key, 1 ) !== $options['section'] ) {
				continue;
			}

			foreach ( $errors as $error ) {
				if ( empty( $error ) ) {
					continue;
				}

				if ( $options['code'] and $error['code'] !== $options['code'] ) {
					continue;
				}

				$count += 1;
			}
		}

		return $count;
	}


	/**
	 * Collects messages for detected errors.
	 */
	public function collect_error_messages() {
		$error_messages = array();

		foreach ( $this->errors as $section => $errors ) {
			$error_messages[$section] = array();

			foreach ( $errors as $error ) {
				if ( empty( $error['args']['message'] ) ) {
					$message = $this->get_default_message( $error['code'] );
				} elseif ( empty( $error['args']['params'] ) ) {
					$message = $error['args']['message'];
				} else {
					$message = $this->build_message(
						$error['args']['message'],
						$error['args']['params']
					);
				}

				$link = '';

				if ( ! empty( $error['args']['link'] ) ) {
					$link = $error['args']['link'];
				}

				$error_messages[$section][] = array(
					'message' => $message,
					'link' => esc_url( $link ),
				);
			}
		}

		return $error_messages;
	}


	/**
	 * Builds an error message by replacing placeholders.
	 */
	public function build_message( $message, $params = '' ) {
		$params = wp_parse_args( $params, array() );

		foreach ( $params as $key => $val ) {
			if ( ! preg_match( '/^[0-9A-Za-z_]+$/', $key ) ) { // invalid key
				continue;
			}

			$placeholder = '%' . $key . '%';

			if ( false !== stripos( $message, $placeholder ) ) {
				$message = str_ireplace( $placeholder, $val, $message );
			}
		}

		return $message;
	}


	/**
	 * Returns a default message that is used when the message for the error
	 * is not specified.
	 */
	public function get_default_message( $code = '' ) {
		return __( "Configuration error is detected.", 'contact-form-7' );
	}


	/**
	 * Returns true if the specified section has the specified error.
	 *
	 * @param string $section The section where the error detected.
	 * @param string $code The unique code of the error.
	 */
	public function has_error( $section, $code ) {
		if ( empty( $this->errors[$section] ) ) {
			return false;
		}

		foreach ( (array) $this->errors[$section] as $error ) {
			if ( isset( $error['code'] ) and $error['code'] === $code ) {
				return true;
			}
		}

		return false;
	}


	/**
	 * Adds a validation error.
	 *
	 * @param string $section The section where the error detected.
	 * @param string $code The unique code of the error.
	 * @param string|array $args Optional options for the error.
	 */
	public function add_error( $section, $code, $args = '' ) {
		$args = wp_parse_args( $args, array(
			'message' => '',
			'params' => array(),
		) );

		$available_error_codes = (array) apply_filters(
			'wpcf7_config_validator_available_error_codes',
			self::error_codes,
			$this->contact_form
		);

		if ( ! in_array( $code, $available_error_codes, true ) ) {
			return false;
		}

		if ( ! isset( $args['link'] ) ) {
			$args['link'] = self::get_doc_link( $code );
		}

		if ( ! isset( $this->errors[$section] ) ) {
			$this->errors[$section] = array();
		}

		$this->errors[$section][] = array(
			'code' => $code,
			'args' => $args,
		);

		return true;
	}


	/**
	 * Removes an error.
	 *
	 * @param string $section The section where the error detected.
	 * @param string $code The unique code of the error.
	 */
	public function remove_error( $section, $code ) {
		if ( empty( $this->errors[$section] ) ) {
			return;
		}

		foreach ( (array) $this->errors[$section] as $key => $error ) {
			if ( isset( $error['code'] ) and $error['code'] === $code ) {
				unset( $this->errors[$section][$key] );
			}
		}

		if ( empty( $this->errors[$section] ) ) {
			unset( $this->errors[$section] );
		}
	}


	/**
	 * The main validation runner.
	 *
	 * @return bool True if there is no error detected.
	 */
	public function validate() {
		$this->validate_form();
		$this->validate_mail( 'mail' );
		$this->validate_mail( 'mail_2' );
		$this->validate_messages();
		$this->validate_additional_settings();

		do_action( 'wpcf7_config_validator_validate', $this );

		return $this->is_valid();
	}


	/**
	 * Saves detected errors as a post meta data.
	 */
	public function save() {
		if ( $this->contact_form->initial() ) {
			return;
		}

		delete_post_meta( $this->contact_form->id(), '_config_validation' );

		if ( $this->errors ) {
			update_post_meta(
				$this->contact_form->id(), '_config_validation', $this->errors
			);
		}
	}


	/**
	 * Restore errors from the database.
	 */
	public function restore() {
		$config_errors = get_post_meta(
			$this->contact_form->id(), '_config_validation', true
		);

		foreach ( (array) $config_errors as $section => $errors ) {
			if ( empty( $errors ) ) {
				continue;
			}

			foreach ( (array) $errors as $error ) {
				if ( ! empty( $error['code'] ) ) {
					$code = $error['code'];
					$args = isset( $error['args'] ) ? $error['args'] : '';
					$this->add_error( $section, $code, $args );
				}
			}
		}
	}

}