X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/449d082fcc4873c1f7d363a0d9f7409be7f6e77d..a7cd4c052013b423c6301153f68c7fdbaa2a447b:/wp-mail.php diff --git a/wp-mail.php b/wp-mail.php index 2966dc36..6775de8a 100644 --- a/wp-mail.php +++ b/wp-mail.php @@ -10,20 +10,48 @@ /** Make sure that the WordPress bootstrap has run before continuing. */ require(dirname(__FILE__) . '/wp-load.php'); +/** This filter is documented in wp-admin/options.php */ +if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) + wp_die( __( 'This action has been disabled by the administrator.' ) ); + +/** + * Fires to allow a plugin to do a complete takeover of Post by Email. + * + * @since 2.9.0 + */ +do_action( 'wp-mail.php' ); + /** Get the POP3 class with which to access the mailbox. */ require_once( ABSPATH . WPINC . '/class-pop3.php' ); -$time_difference = absint(get_option('gmt_offset')) * 3600; +/** Only check at this interval for new messages. */ +if ( !defined('WP_MAIL_INTERVAL') ) + define('WP_MAIL_INTERVAL', 300); // 5 minutes + +$last_checked = get_transient('mailserver_last_checked'); + +if ( $last_checked ) + wp_die(__('Slow down cowboy, no need to check for new mails so often!')); + +set_transient('mailserver_last_checked', true, WP_MAIL_INTERVAL); + +$time_difference = get_option('gmt_offset') * HOUR_IN_SECONDS; $phone_delim = '::'; $pop3 = new POP3(); -if ( ! $pop3->connect(get_option('mailserver_url'), get_option('mailserver_port') ) || - ! $pop3->user(get_option('mailserver_login')) || - ( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) { - $pop3->quit(); - wp_die( ( 0 === $count ) ? __("There doesn't seem to be any new mail.") : wp_specialchars($pop3->ERROR) ); +if ( !$pop3->connect( get_option('mailserver_url'), get_option('mailserver_port') ) || !$pop3->user( get_option('mailserver_login') ) ) + wp_die( esc_html( $pop3->ERROR ) ); + +$count = $pop3->pass( get_option('mailserver_pass') ); + +if( false === $count ) + wp_die( esc_html( $pop3->ERROR ) ); + +if( 0 === $count ) { + $pop3->quit(); + wp_die( __('There doesn’t seem to be any new mail.') ); } for ( $i = 1; $i <= $count; $i++ ) { @@ -40,7 +68,7 @@ for ( $i = 1; $i <= $count; $i++ ) { $author_found = false; $dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); foreach ($message as $line) { - // body signal + // Body signal. if ( strlen($line) < 3 ) $bodysignal = true; if ( $bodysignal ) { @@ -80,9 +108,11 @@ for ( $i = 1; $i <= $count; $i++ ) { $subject = $subject[0]; } - // Set the author using the email address (From or Reply-To, the last used) - // otherwise use the site admin - if ( preg_match('/(From|Reply-To): /', $line) ) { + /* + * Set the author using the email address (From or Reply-To, the last used) + * otherwise use the site admin. + */ + if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) { if ( preg_match('|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches) ) $author = $matches[0]; else @@ -90,15 +120,11 @@ for ( $i = 1; $i <= $count; $i++ ) { $author = sanitize_email($author); if ( is_email($author) ) { echo '

' . sprintf(__('Author is %s'), $author) . '

'; - $userdata = get_user_by_email($author); - if ( empty($userdata) ) { - $author_found = false; - } else { + $userdata = get_user_by('email', $author); + if ( ! empty( $userdata ) ) { $post_author = $userdata->ID; $author_found = true; } - } else { - $author_found = false; } } @@ -138,7 +164,7 @@ for ( $i = 1; $i <= $count; $i++ ) { $user = new WP_User($post_author); $post_status = ( $user->has_cap('publish_posts') ) ? 'publish' : 'pending'; } else { - // Author not found in DB, set status to pending. Author already set to admin. + // Author not found in DB, set status to pending. Author already set to admin. $post_status = 'pending'; } @@ -147,7 +173,8 @@ for ( $i = 1; $i <= $count; $i++ ) { if ( $content_type == 'multipart/alternative' ) { $content = explode('--'.$boundary, $content); $content = $content[2]; - // match case-insensitive content-transfer-encoding + + // Match case-insensitive content-transfer-encoding. if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim) ) { $content = explode($delim[0], $content); $content = $content[1]; @@ -156,6 +183,18 @@ for ( $i = 1; $i <= $count; $i++ ) { } $content = trim($content); + /** + * Filter the original content of the email. + * + * Give Post-By-Email extending plugins full access to the content, either + * the raw content, or the content of the last quoted-printable section. + * + * @since 2.8.0 + * + * @param string $content The original email content. + */ + $content = apply_filters( 'wp_mail_original_content', $content ); + if ( false !== stripos($content_transfer_encoding, "quoted-printable") ) { $content = quoted_printable_decode($content); } @@ -170,7 +209,14 @@ for ( $i = 1; $i <= $count; $i++ ) { $content = trim($content); - $post_content = apply_filters('phone_content', $content); + /** + * Filter the content of the post submitted by email before saving. + * + * @since 1.2.0 + * + * @param string $content The email content. + */ + $post_content = apply_filters( 'phone_content', $content ); $post_title = xmlrpc_getposttitle($content); @@ -179,7 +225,7 @@ for ( $i = 1; $i <= $count; $i++ ) { $post_category = array(get_option('default_email_category')); $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); - $post_data = add_magic_quotes($post_data); + $post_data = wp_slash($post_data); $post_ID = wp_insert_post($post_data); if ( is_wp_error( $post_ID ) ) @@ -189,21 +235,26 @@ for ( $i = 1; $i <= $count; $i++ ) { if ( empty( $post_ID ) ) continue; - do_action('publish_phone', $post_ID); + /** + * Fires after a post submitted by email is published. + * + * @since 1.2.0 + * + * @param int $post_ID The post ID. + */ + do_action( 'publish_phone', $post_ID ); - echo "\n

" . sprintf(__('Author: %s'), wp_specialchars($post_author)) . '

'; - echo "\n

" . sprintf(__('Posted title: %s'), wp_specialchars($post_title)) . '

'; + echo "\n

" . sprintf(__('Author: %s'), esc_html($post_author)) . '

'; + echo "\n

" . sprintf(__('Posted title: %s'), esc_html($post_title)) . '

'; if(!$pop3->delete($i)) { - echo '

' . sprintf(__('Oops: %s'), wp_specialchars($pop3->ERROR)) . '

'; + echo '

' . sprintf(__('Oops: %s'), esc_html($pop3->ERROR)) . '

'; $pop3->reset(); exit; } else { - echo '

' . sprintf(__('Mission complete. Message %s deleted.'), $i) . '

'; + echo '

' . sprintf(__('Mission complete. Message %s deleted.'), $i) . '

'; } } $pop3->quit(); - -?>