? 58224.022.patch
? 58224.023.patch
? 58224.patch
? sites/all/modules/coder
? sites/default/files
? sites/default/private
? sites/default/settings.php
Index: modules/contact/contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v
retrieving revision 1.120
diff -u -p -r1.120 contact.module
--- modules/contact/contact.module 12 Aug 2009 12:36:04 -0000 1.120
+++ modules/contact/contact.module 20 Aug 2009 19:56:40 -0000
@@ -45,6 +45,10 @@ function contact_permission() {
'title' => t('Access site-wide contact form'),
'description' => t('Send feedback to administrators via e-mail using the site-wide contact form.'),
),
+ 'access personal contact form' => array(
+ 'title' => t('Access personal contact form'),
+ 'description' => t('Send e-mail to registered users via their personal contact form.'),
+ ),
);
}
@@ -115,15 +119,24 @@ function contact_menu() {
*/
function _contact_personal_tab_access($account) {
global $user;
- if (!isset($account->contact)) {
- $account->contact = FALSE;
+
+ // User administrators always have access to the contact form.
+ if (user_access('administer users')) {
+ return TRUE;
}
- return
- $account && $user->uid &&
- (
- ($user->uid != $account->uid && $account->contact) ||
- user_access('administer users')
- );
+
+ // Do not show the contact form when it is turned off.
+ if (empty($account->contact)) {
+ return FALSE;
+ }
+
+ // Show the form if the user is allowed to access it.
+ if (user_access('access personal contact form')) {
+ return TRUE;
+ }
+
+ // For privacy, do not show the contact form by default.
+ return FALSE;
}
/**
Index: modules/contact/contact.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.pages.inc,v
retrieving revision 1.23
diff -u -p -r1.23 contact.pages.inc
--- modules/contact/contact.pages.inc 20 Jul 2009 18:51:33 -0000 1.23
+++ modules/contact/contact.pages.inc 20 Aug 2009 19:56:40 -0000
@@ -12,7 +12,7 @@
*/
function contact_site_page() {
if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) {
- $output = t("You cannot send more than %number messages per hour. Please try again later.", array('%number' => variable_get('contact_hourly_threshold', 3)));
+ $output = t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
}
elseif (!db_query("SELECT COUNT(cid) FROM {contact}")->fetchField()) {
if (user_access('administer site-wide contact form')) {
@@ -154,17 +154,27 @@ function contact_site_form_submit($form,
function contact_personal_page($account) {
global $user;
- if (!valid_email_address($user->mail)) {
- $output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit", array('query' => 'destination=' . drupal_get_destination()))));
- }
- elseif (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) {
- $output = t("You cannot send more than %number messages per hour. Please try again later.", array('%number' => variable_get('contact_hourly_threshold', 3)));
+ if ($user->uid == 0) {
+ if (flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3))) {
+ drupal_set_title($account->name);
+ $output = drupal_get_form('contact_personal_form', $account);
+ }
+ else {
+ $output = t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
+ }
}
else {
- drupal_set_title($account->name);
- $output = drupal_get_form('contact_personal_form', $account);
+ if (!isset($user->mail) || !valid_email_address($user->mail)) {
+ $output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit", array('query' => 'destination=' . drupal_get_destination()))));
+ }
+ elseif (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) {
+ $output = t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
+ }
+ else {
+ drupal_set_title($account->name);
+ $output = drupal_get_form('contact_personal_form', $account);
+ }
}
-
return $output;
}
@@ -173,12 +183,29 @@ function contact_personal_page($account)
*/
function contact_personal_form(&$form_state, $recipient) {
global $user;
- $form['#token'] = $user->name . $user->mail;
+ if (!$user->uid == 0) {
+ $form['#token'] = $user->name . $user->mail;
+ $form['from'] = array(
+ '#type' => 'item',
+ '#title' => t('From'),
+ '#markup' => check_plain($user->name) . ' <' . check_plain($user->mail) . '>',
+ );
+ }
+ else {
+ $form['from'] = array(
+ '#type' => 'textfield',
+ '#title' => t('From'),
+ '#maxlength' => 255,
+ '#required' => TRUE,
+ );
+ $form['mail'] = array(
+ '#type' => 'textfield',
+ '#title' => t('E-mail'),
+ '#maxlength' => 255,
+ '#required' => TRUE,
+ );
+ }
$form['recipient'] = array('#type' => 'value', '#value' => $recipient);
- $form['from'] = array('#type' => 'item',
- '#title' => t('From'),
- '#markup' => theme('username', $user) . ' <' . check_plain($user->mail) . '>',
- );
$form['to'] = array('#type' => 'item',
'#title' => t('To'),
'#markup' => theme('username', $recipient),
@@ -193,9 +220,13 @@ function contact_personal_form(&$form_st
'#rows' => 15,
'#required' => TRUE,
);
- $form['copy'] = array('#type' => 'checkbox',
+ $form['copy'] = array(
+ '#type' => 'checkbox',
'#title' => t('Send yourself a copy.'),
+ '#default_value' => FALSE,
+ '#access' => $user->uid,
);
+ drupal_add_js(drupal_get_path('module', 'contact') . '/contact.js');
$form['submit'] = array('#type' => 'submit',
'#value' => t('Send message'),
);
@@ -203,6 +234,17 @@ function contact_personal_form(&$form_st
}
/**
+ * Validate the user contact page form submission.
+ */
+function contact_personal_form_validate($form, &$form_state) {
+ global $user;
+
+ if ($user->uid == 0 && !valid_email_address($form_state['values']['mail'])) {
+ form_set_error('mail', t('You must enter a valid e-mail address.'));
+ }
+}
+
+/**
* Form submission handler for contact_personal_form().
*/
function contact_personal_form_submit($form, &$form_state) {
@@ -212,25 +254,30 @@ function contact_personal_form_submit($f
// Send from the current user to the requested user.
$to = $account->mail;
- $from = $user->mail;
+ if (!$user->uid == 0) {
+ $from = $user->mail;
+ }
+ else {
+ $from = variable_get('site_mail');
+ }
// Save both users and all form values for email composition.
- $values = $form_state['values'];
- $values['account'] = $account;
- $values['user'] = $user;
+ $form_state['values']['account'] = $account;
+ $form_state['values']['user'] = $user;
// Send the e-mail in the requested user language.
- drupal_mail('contact', 'user_mail', $to, user_preferred_language($account), $values, $from);
+ drupal_mail('contact', 'user_mail', $to, user_preferred_language($account), $form_state['values'], $from);
// Send a copy if requested, using current page language.
if ($form_state['values']['copy']) {
- drupal_mail('contact', 'user_copy', $from, $language, $values, $from);
+ drupal_mail('contact', 'user_copy', $from, $language, $form_state['values'], $from);
}
flood_register_event('contact');
- watchdog('mail', '%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name));
+ watchdog('mail', '%name-from sent %name-to an e-mail.', array('%name-from' => $from, '%name-to' => $account->name));
drupal_set_message(t('Your message has been sent.'));
- // Back to the requested users profile page.
- $form_state['redirect'] = "user/$account->uid";
+ // Back to the requested users profile page or the homepage if the
+ // user does not have access to user profiles.
+ $form_state['redirect'] = user_access('access user profiles') ? "user/$account->uid" : '';
}
Index: modules/contact/contact.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.test,v
retrieving revision 1.28
diff -u -p -r1.28 contact.test
--- modules/contact/contact.test 31 Jul 2009 19:01:01 -0000 1.28
+++ modules/contact/contact.test 20 Aug 2009 19:56:40 -0000
@@ -290,7 +290,7 @@ class ContactSitewideTestCase extends Dr
}
$this->drupalPost('admin/settings/permissions', $edit, t('Save permissions'));
- $this->assertText(t('The changes have been saved.'), t(' [permission] Saved changes.'));
+ $this->assertText(t('The changes have been saved.'), t('[permission] Saved changes.'));
}
}
@@ -314,7 +314,7 @@ class ContactPersonalTestCase extends Dr
* Test personal contact form.
*/
function testPersonalContact() {
- $admin_user = $this->drupalCreateUser(array('administer site-wide contact form'));
+ $admin_user = $this->drupalCreateUser(array('administer site-wide contact form', 'administer permissions'));
$this->drupalLogin($admin_user);
// Enable the personal contact form.
@@ -329,7 +329,7 @@ class ContactPersonalTestCase extends Dr
$this->drupalLogout();
// Create web users and attempt to use personal contact forms with default set to true.
- $web_user1 = $this->drupalCreateUser(array());
+ $web_user1 = $this->drupalCreateUser(array('access personal contact form'));
$web_user2 = $this->drupalCreateUser(array());
$this->drupalLogin($web_user1);
@@ -358,7 +358,6 @@ class ContactPersonalTestCase extends Dr
// Submit contact form one over limit.
$this->drupalGet('user/' . $web_user2->uid . '/contact');
$this->assertRaw(t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => $flood_control)), t('Message threshold reached.'));
-
$this->drupalLogout();
$this->drupalLogin($admin_user);
@@ -373,12 +372,62 @@ class ContactPersonalTestCase extends Dr
$this->drupalLogout();
// Create web users and attempt to use personal contact forms with default set to false.
- $web_user3 = $this->drupalCreateUser(array());
+ $web_user3 = $this->drupalCreateUser(array('access personal contact form'));
$web_user4 = $this->drupalCreateUser(array());
$this->drupalLogin($web_user3);
$this->drupalGet('user/' . $web_user4->uid . '/contact');
$this->assertResponse(403, t('Access to personal contact form denied.'));
+ $this->drupalLogout();
+
+ // Give anonymous user permissions to access personal contact form
+ $this->drupalLogin($admin_user);
+ $this->setPermissions('anonymous user', array('access personal contact form' => TRUE));
+ $this->drupalLogout();
+
+ $this->drupalGet('user/' . $web_user2->uid . '/contact');
+ $this->assertResponse(200, t('Access to personal contact form granted.'));
+
+ // Disable personal contact form by default
+ $this->drupalLogin($admin_user);
+ $edit = array();
+ $edit['contact_default_status'] = FALSE;
+ $this->drupalPost('admin/settings/contact', $edit, t('Save configuration'));
+ $this->assertText(t('The configuration options have been saved.'), t('Setting successfully saved.'));
+ $this->drupalLogout();
+
+ // Attempt to access personal contact form as anonymous user
+ $web_user5 = $this->drupalCreateUser();
+ $this->drupalGet('user/' . $web_user5->uid . '/contact');
+ $this->assertResponse(403, t('Access to personal contact form denied.'));
+
+
+ }
+ /**
+ * Set permissions
+ *
+ * @param $role
+ * User role to set permissions for.
+ *
+ * @param $permissions
+ * Key-value array of permissions to set.
+ */
+ function setPermissions($role, $permissions) {
+ // Get role id (rid) for specified role.
+ $rid = db_result(db_query("SELECT rid FROM {role} WHERE name = '%s'", array($role)));
+ if ($rid === FALSE) {
+ $this->fail(t('[permission] Role "' . $role . '" not found.'));
+ }
+
+ // Create edit array from permissions
+ $edit = array();
+ foreach ($permissions as $name => $value) {
+ $edit[$rid . '[' . $name . ']'] = $value;
+ }
+
+ $this->drupalPost('admin/settings/permissions', $edit, t('Save permissions'));
+ $this->assertText(t('The changes have been saved.'), t('[permission] Saved changes.'));
}
+
}