? sites/default/files
? sites/default/private
? sites/default/settings.php
Index: modules/contact/contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v
retrieving revision 1.125
diff -u -p -r1.125 contact.module
--- modules/contact/contact.module 31 Aug 2009 18:40:00 -0000 1.125
+++ modules/contact/contact.module 2 Sep 2009 01:24:56 -0000
@@ -45,6 +45,10 @@ function contact_permission() {
'title' => t('Access site-wide contact form'),
'description' => t('Send feedback to administrators via e-mail using the site-wide contact form.'),
),
+ 'access personal contact form' => array(
+ 'title' => t('Access personal contact form'),
+ 'description' => t('Send e-mail to registered users via their personal contact form.'),
+ ),
);
}
@@ -124,15 +128,24 @@ function contact_menu() {
*/
function _contact_personal_tab_access($account) {
global $user;
- if (!isset($account->contact)) {
- $account->contact = FALSE;
+
+ // User administrators always have access to the contact form.
+ if (user_access('administer users')) {
+ return TRUE;
}
- return
- $account && $user->uid &&
- (
- ($user->uid != $account->uid && $account->contact) ||
- user_access('administer users')
- );
+
+ // Do not show the contact form when it is turned off.
+ if (empty($account->contact)) {
+ return FALSE;
+ }
+
+ // Show the form if the user is allowed to access it.
+ if (user_access('access personal contact form')) {
+ return TRUE;
+ }
+
+ // For privacy, do not show the contact form by default.
+ return FALSE;
}
/**
Index: modules/contact/contact.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.pages.inc,v
retrieving revision 1.23
diff -u -p -r1.23 contact.pages.inc
--- modules/contact/contact.pages.inc 20 Jul 2009 18:51:33 -0000 1.23
+++ modules/contact/contact.pages.inc 2 Sep 2009 01:24:56 -0000
@@ -12,7 +12,7 @@
*/
function contact_site_page() {
if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) {
- $output = t("You cannot send more than %number messages per hour. Please try again later.", array('%number' => variable_get('contact_hourly_threshold', 3)));
+ $output = t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
}
elseif (!db_query("SELECT COUNT(cid) FROM {contact}")->fetchField()) {
if (user_access('administer site-wide contact form')) {
@@ -154,15 +154,26 @@ function contact_site_form_submit($form,
function contact_personal_page($account) {
global $user;
- if (!valid_email_address($user->mail)) {
- $output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit", array('query' => 'destination=' . drupal_get_destination()))));
- }
- elseif (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) {
- $output = t("You cannot send more than %number messages per hour. Please try again later.", array('%number' => variable_get('contact_hourly_threshold', 3)));
+ if ($user->uid == 0) {
+ if (flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3))) {
+ drupal_set_title($account->name);
+ $output = drupal_get_form('contact_personal_form', $account);
+ }
+ else {
+ $output = t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
+ }
}
else {
- drupal_set_title($account->name);
- $output = drupal_get_form('contact_personal_form', $account);
+ if (!isset($user->mail) || !valid_email_address($user->mail)) {
+ $output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit", array('query' => 'destination=' . drupal_get_destination()))));
+ }
+ elseif (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) {
+ $output = t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
+ }
+ else {
+ drupal_set_title($account->name);
+ $output = drupal_get_form('contact_personal_form', $account);
+ }
}
return $output;
@@ -173,12 +184,29 @@ function contact_personal_page($account)
*/
function contact_personal_form(&$form_state, $recipient) {
global $user;
- $form['#token'] = $user->name . $user->mail;
+ if (!$user->uid == 0) {
+ $form['#token'] = $user->name . $user->mail;
+ $form['from'] = array(
+ '#type' => 'item',
+ '#title' => t('From'),
+ '#markup' => check_plain($user->name) . ' <' . check_plain($user->mail) . '>',
+ );
+ }
+ else {
+ $form['from'] = array(
+ '#type' => 'textfield',
+ '#title' => t('From'),
+ '#maxlength' => 255,
+ '#required' => TRUE,
+ );
+ $form['mail'] = array(
+ '#type' => 'textfield',
+ '#title' => t('E-mail'),
+ '#maxlength' => 255,
+ '#required' => TRUE,
+ );
+ }
$form['recipient'] = array('#type' => 'value', '#value' => $recipient);
- $form['from'] = array('#type' => 'item',
- '#title' => t('From'),
- '#markup' => theme('username', $user) . ' <' . check_plain($user->mail) . '>',
- );
$form['to'] = array('#type' => 'item',
'#title' => t('To'),
'#markup' => theme('username', $recipient),
@@ -193,9 +221,13 @@ function contact_personal_form(&$form_st
'#rows' => 15,
'#required' => TRUE,
);
- $form['copy'] = array('#type' => 'checkbox',
+ $form['copy'] = array(
+ '#type' => 'checkbox',
'#title' => t('Send yourself a copy.'),
+ '#default_value' => FALSE,
+ '#access' => $user->uid,
);
+ drupal_add_js(drupal_get_path('module', 'contact') . '/contact.js');
$form['submit'] = array('#type' => 'submit',
'#value' => t('Send message'),
);
@@ -203,6 +235,17 @@ function contact_personal_form(&$form_st
}
/**
+ * Validate the user contact page form submission.
+ */
+function contact_personal_form_validate($form, &$form_state) {
+ global $user;
+
+ if ($user->uid == 0 && !valid_email_address($form_state['values']['mail'])) {
+ form_set_error('mail', t('You must enter a valid e-mail address.'));
+ }
+}
+
+/**
* Form submission handler for contact_personal_form().
*/
function contact_personal_form_submit($form, &$form_state) {
@@ -212,25 +255,30 @@ function contact_personal_form_submit($f
// Send from the current user to the requested user.
$to = $account->mail;
- $from = $user->mail;
+ if (!$user->uid == 0) {
+ $from = $user->mail;
+ }
+ else {
+ $from = variable_get('site_mail');
+ }
// Save both users and all form values for email composition.
- $values = $form_state['values'];
- $values['account'] = $account;
- $values['user'] = $user;
+ $form_state['values']['account'] = $account;
+ $form_state['values']['user'] = $user;
// Send the e-mail in the requested user language.
- drupal_mail('contact', 'user_mail', $to, user_preferred_language($account), $values, $from);
+ drupal_mail('contact', 'user_mail', $to, user_preferred_language($account), $form_state['values'], $from);
// Send a copy if requested, using current page language.
if ($form_state['values']['copy']) {
- drupal_mail('contact', 'user_copy', $from, $language, $values, $from);
+ drupal_mail('contact', 'user_copy', $from, $language, $form_state['values'], $from);
}
flood_register_event('contact');
- watchdog('mail', '%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name));
+ watchdog('mail', '%name-from sent %name-to an e-mail.', array('%name-from' => $from, '%name-to' => $account->name));
drupal_set_message(t('Your message has been sent.'));
- // Back to the requested users profile page.
- $form_state['redirect'] = "user/$account->uid";
+ // Back to the requested users profile page or the homepage if the
+ // user does not have access to user profiles.
+ $form_state['redirect'] = user_access('access user profiles') ? "user/$account->uid" : '';
}
Index: modules/contact/contact.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.test,v
retrieving revision 1.30
diff -u -p -r1.30 contact.test
--- modules/contact/contact.test 31 Aug 2009 18:40:00 -0000 1.30
+++ modules/contact/contact.test 2 Sep 2009 01:24:56 -0000
@@ -45,8 +45,7 @@ class ContactSitewideTestCase extends Dr
$this->assertResponse(200);
$this->assertText(t('The contact form has not been configured.'));
- // Add categories.
- // Test invalid recipients.
+ // Add categories and test invalid recipients.
$invalid_recipients = array('invalid', 'invalid@', 'invalid@site.', '@site.', '@site.com');
foreach ($invalid_recipients as $invalid_recipient) {
$this->addCategory($this->randomName(16), $invalid_recipient, '', FALSE);
@@ -314,7 +313,7 @@ class ContactPersonalTestCase extends Dr
* Test personal contact form.
*/
function testPersonalContact() {
- $admin_user = $this->drupalCreateUser(array('administer site-wide contact form'));
+ $admin_user = $this->drupalCreateUser(array('administer site-wide contact form', 'administer permissions'));
$this->drupalLogin($admin_user);
// Enable the personal contact form.
@@ -329,14 +328,12 @@ class ContactPersonalTestCase extends Dr
$this->drupalLogout();
// Create web users and attempt to use personal contact forms with default set to true.
- $web_user1 = $this->drupalCreateUser(array());
+ $web_user1 = $this->drupalCreateUser(array('access personal contact form'));
$web_user2 = $this->drupalCreateUser(array());
$this->drupalLogin($web_user1);
-
$this->drupalGet('user/' . $web_user2->uid . '/contact');
$this->assertResponse(200, t('Access to personal contact form granted.'));
-
$edit = array();
$edit['subject'] = $this->randomName(16);
$edit['message'] = $this->randomName(64);
@@ -358,12 +355,10 @@ class ContactPersonalTestCase extends Dr
// Submit contact form one over limit.
$this->drupalGet('user/' . $web_user2->uid . '/contact');
$this->assertRaw(t('You cannot send more than %number messages per hour. Please try again later.', array('%number' => $flood_control)), t('Message threshold reached.'));
-
$this->drupalLogout();
+ // Login as administrative user and disable the personal contact form.
$this->drupalLogin($admin_user);
-
- // Disable the personal contact form.
$edit = array();
$edit['contact_default_status'] = FALSE;
$this->drupalPost('admin/structure/contact/settings', $edit, t('Save configuration'));
@@ -373,12 +368,23 @@ class ContactPersonalTestCase extends Dr
$this->drupalLogout();
// Create web users and attempt to use personal contact forms with default set to false.
- $web_user3 = $this->drupalCreateUser(array());
+ $web_user3 = $this->drupalCreateUser(array('access personal contact form'));
$web_user4 = $this->drupalCreateUser(array());
-
$this->drupalLogin($web_user3);
-
$this->drupalGet('user/' . $web_user4->uid . '/contact');
$this->assertResponse(403, t('Access to personal contact form denied.'));
+ $this->drupalLogout();
+
+ // Give anonymous user permissions to access personal contact form.
+ user_role_set_permissions('anonymous user', array('access personal contact form'));
+
+ // Attempt to access old users personal contact form as an anonymous user.
+ $this->drupalGet('user/' . $web_user2->uid . '/contact');
+ $this->assertResponse(200, t('Access to personal contact form granted.'));
+
+ // Attempt to access a new users personal contact form as an anonymous user.
+ $web_user5 = $this->drupalCreateUser();
+ $this->drupalGet('user/' . $web_user5->uid . '/contact');
+ $this->assertResponse(403, t('Access to personal contact form denied.'));
}
}