. */ declare(strict_types=1); namespace Fisharebest\Webtrees\Http\RequestHandlers; use Fisharebest\Webtrees\Exceptions\HttpAccessDeniedException; use Fisharebest\Webtrees\Exceptions\HttpNotFoundException; use Fisharebest\Webtrees\FlashMessages; use Fisharebest\Webtrees\GuestUser; use Fisharebest\Webtrees\Http\ViewResponseTrait; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Services\CaptchaService; use Fisharebest\Webtrees\Services\MessageService; use Fisharebest\Webtrees\Services\UserService; use Fisharebest\Webtrees\Tree; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\RequestHandlerInterface; use function assert; use function checkdnsrr; use function e; use function in_array; use function preg_match; use function preg_quote; use function redirect; use function route; /** * Send a message from a visitor. */ class ContactAction implements RequestHandlerInterface { use ViewResponseTrait; /** @var CaptchaService */ private $captcha_service; /** @var MessageService */ private $message_service; /** @var UserService */ private $user_service; /** * MessagePage constructor. * * @param CaptchaService $captcha_service * @param MessageService $message_service * @param UserService $user_service */ public function __construct( CaptchaService $captcha_service, MessageService $message_service, UserService $user_service ) { $this->captcha_service = $captcha_service; $this->user_service = $user_service; $this->message_service = $message_service; } /** * @param ServerRequestInterface $request * * @return ResponseInterface */ public function handle(ServerRequestInterface $request): ResponseInterface { $tree = $request->getAttribute('tree'); assert($tree instanceof Tree); $params = (array) $request->getParsedBody(); $body = $params['body']; $from_email = $params['from_email']; $from_name = $params['from_name']; $subject = $params['subject']; $to = $params['to']; $url = $params['url']; $ip = $request->getAttribute('client-ip'); $to_user = $this->user_service->findByUserName($to); if ($to_user === null) { throw new HttpNotFoundException(); } if (!in_array($to_user, $this->message_service->validContacts($tree), false)) { throw new HttpAccessDeniedException('Invalid contact user id'); } $errors = $body === '' || $subject === '' || $from_email === '' || $from_name === ''; if ($this->captcha_service->isRobot($request)) { FlashMessages::addMessage(I18N::translate('Please try again.'), 'danger'); $errors = true; } if (!preg_match('/^[^@]+@([^@]+)$/', $from_email, $match) || !checkdnsrr($match[1])) { FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger'); $errors = true; } $base_url = $request->getAttribute('base_url'); if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) { FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */ I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger'); $errors = true; } if ($errors) { return redirect(route(ContactPage::class, [ 'body' => $body, 'from_email' => $from_email, 'from_name' => $from_name, 'subject' => $subject, 'to' => $to, 'tree' => $tree->name(), 'url' => $url, ])); } $sender = new GuestUser($from_email, $from_name); if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) { FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success'); $url = $url ?: route(TreePage::class, ['tree' => $tree->name()]); return redirect($url); } FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger'); $redirect_url = route(ContactPage::class, [ 'body' => $body, 'from_email' => $from_email, 'from_name' => $from_name, 'subject' => $subject, 'to' => $to, 'tree' => $tree->name(), 'url' => $url, ]); return redirect($redirect_url); } }