--- contact.module.orig 2007-02-05 20:22:27.000000000 +0000 +++ contact.module 2007-02-05 20:34:38.000000000 +0000 @@ -323,32 +323,36 @@ function contact_user_page() { function contact_mail_user($recipient) { global $user; - $form['#token'] = $user->name . $user->mail; - $form['from'] = array('#type' => 'item', - '#title' => t('From'), - '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>', - ); - $form['to'] = array('#type' => 'item', - '#title' => t('To'), - '#value' => check_plain($recipient->name), - ); - $form['subject'] = array('#type' => 'textfield', - '#title' => t('Subject'), - '#maxlength' => 50, - '#required' => TRUE, - ); - $form['message'] = array('#type' => 'textarea', - '#title' => t('Message'), - '#rows' => 15, - '#required' => TRUE, - ); - $form['copy'] = array('#type' => 'checkbox', - '#title' => t('Send yourself a copy.'), - ); - $form['submit'] = array('#type' => 'submit', - '#value' => t('Send e-mail'), - ); - return $form; + if ($recipient->status == 1 || user_access('administer users')) { + $form['#token'] = $user->name . $user->mail; + $form['from'] = array('#type' => 'item', + '#title' => t('From'), + '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>', + ); + $form['to'] = array('#type' => 'item', + '#title' => t('To'), + '#value' => check_plain($recipient->name), + ); + $form['subject'] = array('#type' => 'textfield', + '#title' => t('Subject'), + '#maxlength' => 50, + '#required' => TRUE, + ); + $form['message'] = array('#type' => 'textarea', + '#title' => t('Message'), + '#rows' => 15, + '#required' => TRUE, + ); + $form['copy'] = array('#type' => 'checkbox', + '#title' => t('Send yourself a copy.'), + ); + $form['submit'] = array('#type' => 'submit', + '#value' => t('Send e-mail'), + ); + return $form; + } else { + drupal_access_denied(); + } } /** @@ -357,46 +361,52 @@ function contact_mail_user($recipient) { function contact_mail_user_submit($form_id, $form_values) { global $user; - $account = user_load(array('uid' => arg(1), 'status' => 1)); - // Compose the body: - $message[] = "$account->name,"; - $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => url("user/$user->uid", NULL, NULL, TRUE), '!form-url' => url($_GET['q'], NULL, NULL, TRUE), '!site' => variable_get('site_name', 'Drupal'))); - $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", NULL, NULL, TRUE))); - $message[] = t('Message:'); - $message[] = $form_values['message']; - - // Tidy up the body: - foreach ($message as $key => $value) { - $message[$key] = wordwrap($value); - } - - // Prepare all fields: - $to = $account->mail; - $from = $user->mail; - - // Format the subject: - $subject = '['. variable_get('site_name', 'Drupal') .'] '. $form_values['subject']; - - // Prepare the body: - $body = implode("\n\n", $message); + $account = user_load(array('uid' => arg(1))); + // check if the recipient account is enabled or the sender is an administrator + if ($account->status == 1 || user_access('administer users')) { + // Compose the body: + $message[] = "$account->name,"; + $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => url("user/$user->uid", NULL, NULL, TRUE), '!form-url' => url($_GET['q'], NULL, NULL, TRUE), '!site' => variable_get('site_name', 'Drupal'))); + $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", NULL, NULL, TRUE))); + $message[] = t('Message:'); + $message[] = $form_values['message']; + + // Tidy up the body: + foreach ($message as $key => $value) { + $message[$key] = wordwrap($value); + } - // Send the e-mail: - drupal_mail('contact-user-mail', $to, $subject, $body, $from); + // Prepare all fields: + $to = $account->mail; + $from = $user->mail; + + // Format the subject: + $subject = '['. variable_get('site_name', 'Drupal') .'] '. $form_values['subject']; + + // Prepare the body: + $body = implode("\n\n", $message); + + // Send the e-mail: + drupal_mail('contact-user-mail', $to, $subject, $body, $from); + + // Send a copy if requested: + if ($form_values['copy']) { + drupal_mail('contact-user-copy', $from, $subject, $body, $from); + } - // Send a copy if requested: - if ($form_values['copy']) { - drupal_mail('contact-user-copy', $from, $subject, $body, $from); + // Log the operation: + flood_register_event('contact'); + watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name))); + + // Set a status message: + drupal_set_message(t('The message has been sent.')); + + // Jump to the user's profile page: + return "user/$account->uid"; + } else { + // Don't allow message to be sent + drupal_access_denied(); } - - // Log the operation: - flood_register_event('contact'); - watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name))); - - // Set a status message: - drupal_set_message(t('The message has been sent.')); - - // Jump to the user's profile page: - return "user/$account->uid"; } /**