diff --git a/modules/contact/contact.pages.inc b/modules/contact/contact.pages.inc index ba8918b..fcca290 100644 --- a/modules/contact/contact.pages.inc +++ b/modules/contact/contact.pages.inc @@ -76,6 +76,25 @@ function contact_site_form($form, &$form_state) { '#default_value' => $user->uid ? $user->mail : '', '#required' => TRUE, ); + + // Do not allow authenticated users to alter the name or e-mail values to + // prevent the impersonation of other users. + if ($user->uid){ + // Change form elements to values. + $form['name']['#type'] = $form['mail']['#type'] = 'value'; + + // Display read-only name and e-mail address to the user. + $form['name_display'] = array( + '#type' => 'item', + '#title' => t('Your name'), + '#markup' => format_username($user), + ); + $form['mail_display'] = array( + '#type' => 'item', + '#title' => t('Your e-mail address'), + '#markup' => $user->mail, + ); + } $form['subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), @@ -95,8 +114,8 @@ function contact_site_form($form, &$form_state) { '#title' => t('Message'), '#required' => TRUE, ); - // We do not allow anonymous users to send themselves a copy - // because it can be abused to spam people. + // Do not allow anonymous users to send themselves a copy because it can be + // abused to spam people. $form['copy'] = array( '#type' => 'checkbox', '#title' => t('Send yourself a copy.'), @@ -141,6 +160,7 @@ function contact_site_form_submit($form, &$form_state) { // Save the anonymous user information to a cookie for reuse. if (!$user->uid) { + $values['sender']->name .= ' (' . t('Unverified') . ')'; user_cookie_save(array_intersect_key($values, array_flip(array('name', 'mail')))); } @@ -218,6 +238,25 @@ function contact_personal_form($form, &$form_state, $recipient) { '#default_value' => $user->uid ? $user->mail : '', '#required' => TRUE, ); + + // Do not allow authenticated users to alter the name or e-mail values to + // prevent the impersonation of other users. + if (!empty($user->uid)){ + // Change form elements to values. + $form['name']['#type'] = $form['mail']['#type'] = 'value'; + + // Display read-only name and e-mail address to the user. + $form['name_display'] = array( + '#type' => 'item', + '#title' => t('Your name'), + '#markup' => format_username($user), + ); + $form['mail_display'] = array( + '#type' => 'item', + '#title' => t('Your e-mail address'), + '#markup' => $user->mail, + ); + } $form['to'] = array( '#type' => 'item', '#title' => t('To'), @@ -235,7 +274,7 @@ function contact_personal_form($form, &$form_state, $recipient) { '#rows' => 15, '#required' => TRUE, ); - // We do not allow anonymous users to send themselves a copy + // Do not allow anonymous users to send themselves a copy // because it can be abused to spam people. $form['copy'] = array( '#type' => 'checkbox', @@ -276,6 +315,7 @@ function contact_personal_form_submit($form, &$form_state) { // Save the anonymous user information to a cookie for reuse. if (!$user->uid) { + $values['sender']->name .= ' (' . t('Unverified') . ')'; user_cookie_save(array_intersect_key($values, array_flip(array('name', 'mail')))); } diff --git a/modules/contact/contact.test b/modules/contact/contact.test index 48c8bb0..6c56cfb 100644 --- a/modules/contact/contact.test +++ b/modules/contact/contact.test @@ -161,6 +161,20 @@ class ContactSitewideTestCase extends DrupalWebTestCase { } /** + * Tests that name and email fields are not present for authenticated users. + */ + function testContactSiteWideTextfieldsLoggedInTestCase() { + $this->drupalLogin($this->drupalCreateUser(array('access site-wide contact form'))); + $this->drupalGet('contact'); + + // Ensure that there is no textfield for name. + $this->assertFalse($this->xpath('//input[@name=:name]', array(':name' => 'name'))); + + // Ensure that there is no textfield for email. + $this->assertFalse($this->xpath('//input[@name=:name]', array(':name' => 'mail'))); + } + + /** * Tests auto-reply on the site-wide contact form. */ function testAutoReply() { @@ -175,6 +189,10 @@ class ContactSitewideTestCase extends DrupalWebTestCase { $this->addCategory('bar', 'bar@example.com', $bar_autoreply, FALSE); $this->addCategory('no_autoreply', 'bar@example.com', '', FALSE); + // Log the current user out in order to test the name and e-mail fields. + $this->drupalLogout(); + user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access site-wide contact form')); + // Test the auto-reply for category 'foo'. $email = $this->randomName(32) . '@example.com'; $subject = $this->randomName(64);