X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/11be8dc178e77d0b46189bbd8e33a216a9b90942..8d3bb1a5dcfdea9857d3c88c3751f09593e34dc8:/wp-mail.php diff --git a/wp-mail.php b/wp-mail.php index 2966dc36..b5af05ab 100644 --- a/wp-mail.php +++ b/wp-mail.php @@ -10,20 +10,54 @@ /** Make sure that the WordPress bootstrap has run before continuing. */ require(dirname(__FILE__) . '/wp-load.php'); +/** This filter is documented in wp-admin/options.php */ +if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) + wp_die( __( 'This action has been disabled by the administrator.' ) ); + +$mailserver_url = get_option( 'mailserver_url' ); + +if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) { + wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); +} + +/** + * Fires to allow a plugin to do a complete takeover of Post by Email. + * + * @since 2.9.0 + */ +do_action( 'wp-mail.php' ); + /** Get the POP3 class with which to access the mailbox. */ require_once( ABSPATH . WPINC . '/class-pop3.php' ); -$time_difference = absint(get_option('gmt_offset')) * 3600; +/** Only check at this interval for new messages. */ +if ( !defined('WP_MAIL_INTERVAL') ) + define('WP_MAIL_INTERVAL', 300); // 5 minutes + +$last_checked = get_transient('mailserver_last_checked'); + +if ( $last_checked ) + wp_die(__('Slow down cowboy, no need to check for new mails so often!')); + +set_transient('mailserver_last_checked', true, WP_MAIL_INTERVAL); + +$time_difference = get_option('gmt_offset') * HOUR_IN_SECONDS; $phone_delim = '::'; $pop3 = new POP3(); -if ( ! $pop3->connect(get_option('mailserver_url'), get_option('mailserver_port') ) || - ! $pop3->user(get_option('mailserver_login')) || - ( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) { - $pop3->quit(); - wp_die( ( 0 === $count ) ? __("There doesn't seem to be any new mail.") : wp_specialchars($pop3->ERROR) ); +if ( !$pop3->connect( get_option('mailserver_url'), get_option('mailserver_port') ) || !$pop3->user( get_option('mailserver_login') ) ) + wp_die( esc_html( $pop3->ERROR ) ); + +$count = $pop3->pass( get_option('mailserver_pass') ); + +if( false === $count ) + wp_die( esc_html( $pop3->ERROR ) ); + +if( 0 === $count ) { + $pop3->quit(); + wp_die( __('There doesn’t seem to be any new mail.') ); } for ( $i = 1; $i <= $count; $i++ ) { @@ -38,9 +72,8 @@ for ( $i = 1; $i <= $count; $i++ ) { $content_transfer_encoding = ''; $post_author = 1; $author_found = false; - $dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); foreach ($message as $line) { - // body signal + // Body signal. if ( strlen($line) < 3 ) $bodysignal = true; if ( $bodysignal ) { @@ -80,9 +113,11 @@ for ( $i = 1; $i <= $count; $i++ ) { $subject = $subject[0]; } - // Set the author using the email address (From or Reply-To, the last used) - // otherwise use the site admin - if ( preg_match('/(From|Reply-To): /', $line) ) { + /* + * Set the author using the email address (From or Reply-To, the last used) + * otherwise use the site admin. + */ + if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) { if ( preg_match('|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches) ) $author = $matches[0]; else @@ -90,45 +125,20 @@ for ( $i = 1; $i <= $count; $i++ ) { $author = sanitize_email($author); if ( is_email($author) ) { echo '

' . sprintf(__('Author is %s'), $author) . '

'; - $userdata = get_user_by_email($author); - if ( empty($userdata) ) { - $author_found = false; - } else { + $userdata = get_user_by('email', $author); + if ( ! empty( $userdata ) ) { $post_author = $userdata->ID; $author_found = true; } - } else { - $author_found = false; } } - if (preg_match('/Date: /i', $line)) { // of the form '20 Mar 2002 20:32:37' - $ddate = trim($line); - $ddate = str_replace('Date: ', '', $ddate); - if (strpos($ddate, ',')) { - $ddate = trim(substr($ddate, strpos($ddate, ',') + 1, strlen($ddate))); - } - $date_arr = explode(' ', $ddate); - $date_time = explode(':', $date_arr[3]); - - $ddate_H = $date_time[0]; - $ddate_i = $date_time[1]; - $ddate_s = $date_time[2]; - - $ddate_m = $date_arr[1]; - $ddate_d = $date_arr[0]; - $ddate_Y = $date_arr[2]; - for ( $j = 0; $j < 12; $j++ ) { - if ( $ddate_m == $dmonths[$j] ) { - $ddate_m = $j+1; - } - } - - $time_zn = intval($date_arr[4]) * 36; - $ddate_U = gmmktime($ddate_H, $ddate_i, $ddate_s, $ddate_m, $ddate_d, $ddate_Y); - $ddate_U = $ddate_U - $time_zn; - $post_date = gmdate('Y-m-d H:i:s', $ddate_U + $time_difference); - $post_date_gmt = gmdate('Y-m-d H:i:s', $ddate_U); + if ( preg_match( '/Date: /i', $line ) ) { // of the form '20 Mar 2002 20:32:37 +0100' + $ddate = str_replace( 'Date: ', '', trim( $line ) ); + $ddate = preg_replace( '!\s*\(.+\)\s*$!', '', $ddate ); // remove parenthesised timezone string if it exists, as this confuses strtotime + $ddate_U = strtotime( $ddate ); + $post_date = gmdate( 'Y-m-d H:i:s', $ddate_U + $time_difference ); + $post_date_gmt = gmdate( 'Y-m-d H:i:s', $ddate_U ); } } } @@ -138,7 +148,7 @@ for ( $i = 1; $i <= $count; $i++ ) { $user = new WP_User($post_author); $post_status = ( $user->has_cap('publish_posts') ) ? 'publish' : 'pending'; } else { - // Author not found in DB, set status to pending. Author already set to admin. + // Author not found in DB, set status to pending. Author already set to admin. $post_status = 'pending'; } @@ -147,7 +157,8 @@ for ( $i = 1; $i <= $count; $i++ ) { if ( $content_type == 'multipart/alternative' ) { $content = explode('--'.$boundary, $content); $content = $content[2]; - // match case-insensitive content-transfer-encoding + + // Match case-insensitive content-transfer-encoding. if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim) ) { $content = explode($delim[0], $content); $content = $content[1]; @@ -156,6 +167,18 @@ for ( $i = 1; $i <= $count; $i++ ) { } $content = trim($content); + /** + * Filters the original content of the email. + * + * Give Post-By-Email extending plugins full access to the content, either + * the raw content, or the content of the last quoted-printable section. + * + * @since 2.8.0 + * + * @param string $content The original email content. + */ + $content = apply_filters( 'wp_mail_original_content', $content ); + if ( false !== stripos($content_transfer_encoding, "quoted-printable") ) { $content = quoted_printable_decode($content); } @@ -170,7 +193,14 @@ for ( $i = 1; $i <= $count; $i++ ) { $content = trim($content); - $post_content = apply_filters('phone_content', $content); + /** + * Filters the content of the post submitted by email before saving. + * + * @since 1.2.0 + * + * @param string $content The email content. + */ + $post_content = apply_filters( 'phone_content', $content ); $post_title = xmlrpc_getposttitle($content); @@ -179,7 +209,7 @@ for ( $i = 1; $i <= $count; $i++ ) { $post_category = array(get_option('default_email_category')); $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); - $post_data = add_magic_quotes($post_data); + $post_data = wp_slash($post_data); $post_ID = wp_insert_post($post_data); if ( is_wp_error( $post_ID ) ) @@ -189,21 +219,34 @@ for ( $i = 1; $i <= $count; $i++ ) { if ( empty( $post_ID ) ) continue; - do_action('publish_phone', $post_ID); + /** + * Fires after a post submitted by email is published. + * + * @since 1.2.0 + * + * @param int $post_ID The post ID. + */ + do_action( 'publish_phone', $post_ID ); - echo "\n

" . sprintf(__('Author: %s'), wp_specialchars($post_author)) . '

'; - echo "\n

" . sprintf(__('Posted title: %s'), wp_specialchars($post_title)) . '

'; + echo "\n

" . __( 'Author:' ) . ' ' . esc_html( $post_author ) . '

'; + echo "\n

" . __( 'Posted title:' ) . ' ' . esc_html( $post_title ) . '

'; if(!$pop3->delete($i)) { - echo '

' . sprintf(__('Oops: %s'), wp_specialchars($pop3->ERROR)) . '

'; + echo '

' . sprintf( + /* translators: %s: POP3 error */ + __( 'Oops: %s' ), + esc_html( $pop3->ERROR ) + ) . '

'; $pop3->reset(); exit; } else { - echo '

' . sprintf(__('Mission complete. Message %s deleted.'), $i) . '

'; + echo '

' . sprintf( + /* translators: %s: the message ID */ + __( 'Mission complete. Message %s deleted.' ), + '' . $i . '' + ) . '

'; } } $pop3->quit(); - -?>