1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2019 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <http://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Http\RequestHandlers; 21 22use Fisharebest\Webtrees\Exceptions\HttpAccessDeniedException; 23use Fisharebest\Webtrees\Exceptions\HttpNotFoundException; 24use Fisharebest\Webtrees\FlashMessages; 25use Fisharebest\Webtrees\GuestUser; 26use Fisharebest\Webtrees\Http\ViewResponseTrait; 27use Fisharebest\Webtrees\I18N; 28use Fisharebest\Webtrees\Services\CaptchaService; 29use Fisharebest\Webtrees\Services\MessageService; 30use Fisharebest\Webtrees\Services\UserService; 31use Fisharebest\Webtrees\Tree; 32use Psr\Http\Message\ResponseInterface; 33use Psr\Http\Message\ServerRequestInterface; 34use Psr\Http\Server\RequestHandlerInterface; 35 36use function assert; 37use function checkdnsrr; 38use function e; 39use function in_array; 40use function preg_match; 41use function preg_quote; 42use function redirect; 43use function route; 44 45/** 46 * Send a message from a visitor. 47 */ 48class ContactAction implements RequestHandlerInterface 49{ 50 use ViewResponseTrait; 51 52 /** @var CaptchaService */ 53 private $captcha_service; 54 55 /** @var MessageService */ 56 private $message_service; 57 58 /** @var UserService */ 59 private $user_service; 60 61 /** 62 * MessagePage constructor. 63 * 64 * @param CaptchaService $captcha_service 65 * @param MessageService $message_service 66 * @param UserService $user_service 67 */ 68 public function __construct( 69 CaptchaService $captcha_service, 70 MessageService $message_service, 71 UserService $user_service 72 ) { 73 $this->captcha_service = $captcha_service; 74 $this->user_service = $user_service; 75 $this->message_service = $message_service; 76 } 77 78 /** 79 * @param ServerRequestInterface $request 80 * 81 * @return ResponseInterface 82 */ 83 public function handle(ServerRequestInterface $request): ResponseInterface 84 { 85 $tree = $request->getAttribute('tree'); 86 assert($tree instanceof Tree); 87 88 $params = (array) $request->getParsedBody(); 89 $body = $params['body']; 90 $from_email = $params['from_email']; 91 $from_name = $params['from_name']; 92 $subject = $params['subject']; 93 $to = $params['to']; 94 $url = $params['url']; 95 $ip = $request->getAttribute('client-ip'); 96 $to_user = $this->user_service->findByUserName($to); 97 98 if ($to_user === null) { 99 throw new HttpNotFoundException(); 100 } 101 102 if (!in_array($to_user, $this->message_service->validContacts($tree), false)) { 103 throw new HttpAccessDeniedException('Invalid contact user id'); 104 } 105 106 $errors = $body === '' || $subject === '' || $from_email === '' || $from_name === ''; 107 108 if ($this->captcha_service->isRobot($request)) { 109 FlashMessages::addMessage(I18N::translate('Please try again.'), 'danger'); 110 $errors = true; 111 } 112 113 if (!preg_match('/^[^@]+@([^@]+)$/', $from_email, $match) || !checkdnsrr($match[1])) { 114 FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger'); 115 $errors = true; 116 } 117 118 $base_url = $request->getAttribute('base_url'); 119 120 if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) { 121 FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */ 122 I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger'); 123 $errors = true; 124 } 125 126 if ($errors) { 127 return redirect(route(ContactPage::class, [ 128 'body' => $body, 129 'from_email' => $from_email, 130 'from_name' => $from_name, 131 'subject' => $subject, 132 'to' => $to, 133 'tree' => $tree->name(), 134 'url' => $url, 135 ])); 136 } 137 138 $sender = new GuestUser($from_email, $from_name); 139 140 if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) { 141 FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success'); 142 143 $url = $url ?: route(TreePage::class, ['tree' => $tree->name()]); 144 145 return redirect($url); 146 } 147 148 FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger'); 149 150 $redirect_url = route(ContactPage::class, [ 151 'body' => $body, 152 'from_email' => $from_email, 153 'from_name' => $from_name, 154 'subject' => $subject, 155 'to' => $to, 156 'tree' => $tree->name(), 157 'url' => $url, 158 ]); 159 160 return redirect($redirect_url); 161 } 162} 163