Index: modules/contact/contact.module =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v retrieving revision 1.85 diff -u -F^function -r1.85 contact.module --- modules/contact/contact.module 28 May 2007 06:08:42 -0000 1.85 +++ modules/contact/contact.module 28 May 2007 23:54:00 -0000 @@ -35,7 +35,7 @@ function contact_help($section) { * Implementation of hook_perm */ function contact_perm() { - return array('access site-wide contact form'); + return array('access site-wide contact form', 'access personal contact forms'); } /** * Implementation of hook_menu(). @@ -104,7 +104,7 @@ function _contact_user_tab_access($accou return $account && ( - ($user->uid != $account->uid && $account->contact) || + ($user->uid != $account->uid && $account->contact && user_access('access personal contact forms')) || user_access('administer users') ); } @@ -312,7 +312,7 @@ function contact_admin_settings() { function contact_user_page($account) { global $user; - if (!valid_email_address($user->mail)) { + if ($user->uid && !valid_email_address($user->mail)) { $output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit"))); } else if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3))) { @@ -328,11 +328,26 @@ function contact_user_page($account) { function contact_mail_user($recipient) { global $user; - $form['#token'] = $user->name . $user->mail; - $form['from'] = array('#type' => 'item', - '#title' => t('From'), - '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>', - ); + + if ($user->uid) { + $form['#token'] = $user->name . $user->mail; + $form['from'] = array('#type' => 'item', + '#title' => t('From'), + '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>', + ); + } + else { + $form['name'] = array('#type' => 'textfield', + '#title' => t('Your name'), + '#maxlength' => 255, + '#required' => TRUE, + ); + $form['mail'] = array('#type' => 'textfield', + '#title' => t('Your e-mail address'), + '#maxlength' => 255, + '#required' => TRUE, + ); + } $form['to'] = array('#type' => 'item', '#title' => t('To'), '#value' => check_plain($recipient->name), @@ -347,15 +362,31 @@ function contact_mail_user($recipient) { '#rows' => 15, '#required' => TRUE, ); - $form['copy'] = array('#type' => 'checkbox', - '#title' => t('Send yourself a copy.'), - ); + // We do not allow anonymous users to send themselves a copy + // because it can be abused to spam people. + if ($user->uid) { + $form['copy'] = array('#type' => 'checkbox', + '#title' => t('Send yourself a copy.'), + ); + } $form['submit'] = array('#type' => 'submit', '#value' => t('Send e-mail'), ); return $form; } + +/** + * Validate the personal contact page form submission. + */ +function contact_mail_user_validate($form, &$form_state, $form_values) { + global $user; + + if (!$user->uid && !valid_email_address($form_values['mail'])) { + form_set_error('mail', t('You must enter a valid e-mail address.')); + } +} + /** * Process the personal contact page form submission. */ @@ -365,7 +396,12 @@ function contact_mail_user_submit($form, $account = user_load(array('uid' => arg(1), 'status' => 1)); // Compose the body: $message[] = "$account->name,"; - $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => url("user/$user->uid", array('absolute' => TRUE)), '!form-url' => url($_GET['q'], array('absolute' => TRUE)), '!site' => variable_get('site_name', 'Drupal'))); + if ($user->uid) { + $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => url("user/$user->uid", array('absolute' => TRUE)), '!form-url' => url($_GET['q'], array('absolute' => TRUE)), '!site' => variable_get('site_name', 'Drupal'))); + } + else { + $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $form_values['name'], '!name-url' => $form_values['mail'], '!form-url' => url($_GET['q'], array('absolute' => TRUE)), '!site' => variable_get('site_name', 'Drupal'))); + } $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", array('absolute' => TRUE)))); $message[] = t('Message:'); $message[] = $form_values['message']; @@ -377,7 +413,12 @@ function contact_mail_user_submit($form, // Prepare all fields: $to = $account->mail; - $from = $user->mail; + if ($user->uid) { + $from = $user->mail; + } + else { + $from = $form_values['mail']; + } // Format the subject: $subject = '['. variable_get('site_name', 'Drupal') .'] '. $form_values['subject']; @@ -389,13 +430,18 @@ function contact_mail_user_submit($form, drupal_mail('contact-user-mail', $to, $subject, $body, $from); // Send a copy if requested: - if ($form_values['copy']) { + if (isset($form_values['copy'])) { drupal_mail('contact-user-copy', $from, $subject, $body, $from); } // Log the operation: flood_register_event('contact'); - watchdog('mail', '%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)); + if ($user->uid) { + watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name))); + } + else { + watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $form_values['name'] . ', ' . $form_values['mail'] . ',', '%name-to' => $account->name))); + } // Set a status message: drupal_set_message(t('The message has been sent.')); @@ -433,7 +479,9 @@ function contact_mail_page() { } if (count($categories) > 0) { - $form['#token'] = $user->name . $user->mail; + if ($user->uid) { + $form['#token'] = $user->name . $user->mail; + } $form['contact_information'] = array('#value' => filter_xss_admin(variable_get('contact_form_information', t('You can leave a message using the contact form below.')))); $form['name'] = array('#type' => 'textfield', '#title' => t('Your name'),