--- ../cvs.drupal.org/contributions/modules/emailpage/emailpage.module 2004-10-26 06:08:05.000000000 -0400
+++ 4.5/modules/emailpage/emailpage.module 2004-11-18 20:05:32.000000000 -0500
@@ -1,10 +1,15 @@
"emailpage", 'title'=>t("email this page"),access=>1,'type'=>MENU_CALLBACK,'callback'=>'emailpage_page');
+ $items = array();
+
+ if(!$may_cache) {
+ $items[] = array('path' => 'emailpage', 'title' => t('email this page'), 'callback' => 'emailpage_page', 'access' => user_access('access content'), 'type' => MENU_CALLBACK);
}
+
return $items;
}
function emailpage_link($type, $node=0, $main=0) {
$links=array();
-
// This var is set in the settings section under the admin/modules/emailpage section
// It shows 'email this $nodetype' or 'email this page'
$e_l_t=variable_get('emailpage_link_type', 0);
- if($e_l_t) {
- if($type == "comment") {
- $e_l_t = "comment";
- $links[] = l(t("email this ".$e_l_t), "emailpage&nid=$node->nid&cid=$node->cid", array("title" => t("Email this page to a friend")), NULL);
- return $links;
- }
- $e_l_t=$node->type;
- } else $e_l_t="page";
-
- if($main) { // not on an index page
- if(variable_get('emailpage_show_on_main', 0)) {
- $links[] = l(t("email this ".$e_l_t), "emailpage&nid=$node->nid", array("title" => t("Email this page to a friend")), NULL);
- return $links;
- }
- } else { // not on a main page
- $links[] = l(t("email this ".$e_l_t), "emailpage&nid=$node->nid", array("title" => t("Email this page to a friend")), NULL); return $links;
+ switch($type) {
+ case "comment":
+ $links[] = l(t("email this comment"), "emailpage/$node->nid".($type=='comment'?'/'.$node->cid:''), array("title" => t("Email this comment to a friend")), NULL);
+ break;
+ case "node":
+ if($main && variable_get('emailpage_show_on_main', 0)) {
+ // if enabled, show link on teasers
+ $links[] = l(t("email this %name", array('%name'=>($e_l_t?$node->type:'page'))), "emailpage/$node->nid", array("title" => t("Email this ". ($e_l_t?$node->type:'page') ." to a friend")), NULL);
+ }
+ elseif(!$main) {
+ // show on main node view
+ $links[] = l(t("email this %name", array('%name'=>($e_l_t?$node->type:'page'))), "emailpage/$node->nid", array("title" => t("Email this ". ($e_l_t?$node->type:'page') ." to a friend")), NULL);
+ }
+ break;
+ case "page":
+ // this is for the main nav, usually displayed at the top
+ $links[] = l(t("email this page"), "emailpage", array("title" => t("Email this page to a friend")), NULL);
+ break;
}
+ return $links;
}
function emailpage_page() {
global $base_url;
-
// first we check to see if they have reached the emailpage_flood_control limit
// which is set in the settings.
if($_COOKIE['emailpage_flood_count'] >= variable_get('emailpage_flood_control', 10)) {
@@ -59,104 +66,84 @@ function emailpage_page() {
return;
}
- $host=parse_url($base_url);
+ $host = parse_url($base_url);
+
+ if($_SERVER['SERVER_NAME']!=$host['host']) {
+ // Someone is probably trying to cross post crap from another server, essentially using us for an open mail relay. How charming. Let's not do that mkay?
+ watchdog('warning', t('Detected malicious attempt to cross post email submission to emailpage.module from IP: %ip and Referer: %ref.', array('%ip'=>$_SERVER['REMOTE_ADDR'], '%ref'=>$_SERVER['HTTP_REFERER'])));
+ print theme('page', theme('error', t('Cross posts are not allowed')));
+ return;
+ }
// Check we have the $node-nid needed to send the page
// and the comment fragment if they email a comment
- if(!$_COOKIE['referer']) {
- if($_GET['nid']) {
- if($_GET['cid']) { // this takes care of links to specific comments
- $nodelink=$base_url.'/'.url('node/view/'.$_GET['nid']."#comment-".$_GET['cid']);
- } else {
- $nodelink=$base_url.'/'.url('node/view/'.$_GET['nid']);
- }
- // Set the refering page in a cookie
- // 5mins should be enuf for anyone to put in a valid email address ;-)
- setcookie('referer', $nodelink, time()+300, '/', ".".$host['host']);
+ if(arg(1)) {
+ if(arg(2)) {
+ // this takes care of links to specific comments
+ $nodelink=$base_url.'/'.url('node/'.arg(1)."#comment-".arg(2));
} else {
- $nodelink=$base_url;
+ $nodelink=$base_url.'/'.url('node/'.arg(1));
}
+ } else {
+ $nodelink = $_SERVER['HTTP_REFERER'];
}
-
-
// we need to check if the form has been posted..
- if($_POST) {
- if(!user_validate_mail($_POST['edit']['emailpage_addy']) && $_POST['edit']['emailpage_sender'] && $_COOKIE['referer']) { // all is well, so lets send it!
+ if($_POST['op']) {
+ $edit = $_POST['edit'];
+ if(!user_validate_mail($edit['emailpage_addy']) && $edit['emailpage_sender']) {
+ // all is well, so lets send it!
$headers="Reply-To: ".variable_get('emailpage_sender_addy', "")."\r\nFrom: ".variable_get('emailpage_sender_addy', "")."\r\n";
- mail($_POST['edit']['emailpage_addy'], $_POST['edit']['emailpage_sender']." ".variable_get('emailpage_subject_line', "thought you'd like to see this"), $_COOKIE['referer']."\n\n".$_POST['edit']['emailpage_sender']." ".wordwrap(variable_get('emailpage_message',"someone thought you would like this page\n"), 72), $headers);
-
- // Delete the cookie
- // If we dont do this, sending other pages becomes messy.
- setcookie('referer', "", time()-3600, '/', ".".$host['host']);
+ mail($edit['emailpage_addy'], $edit['emailpage_sender']." ".variable_get('emailpage_subject_line', "thought you'd like to see this"), $edit['referer']."\n\n".$edit['emailpage_sender']." ".wordwrap(variable_get('emailpage_message',"someone thought you would like this page\n"), 72), $headers);
// Increase the emailpage_flood_control cookie (check settings)
- setcookie('emailpage_flood_count', $_COOKIE['emailpage_flood_count']+1, time()+7200, '/', ".".$host['host']);
+ // this could maybe be change to a db counter to prevent spoofing cookie values by script kiddies
+ setcookie('emailpage_flood_count', $_COOKIE['emailpage_flood_count']+1, time()+7200, '/', ".".$_SERVER['HTTP_HOST']);
$content=variable_get('emailpage_success_msg', "Success!");
variable_set('emailpage_total', variable_get('emailpage_total', 0)+1);
- drupal_goto();
- return;
-
- } else {
-
- $error="You must supply your name and a valid email address
";
- $form.=form_textfield(t("Your Name"), "emailpage_sender", $_POST['edit']['emailpage_sender'], 20, 30);
- $form.=form_textfield(t("Address to send to"), "emailpage_addy", $_POST['edit']['emailpage_addy'], 20, 30);
- $form.=form_submit("Send it Now!","");
- $content.=$error;
- $content.=form($form, "post", url("emailpage"));
- $content.="Example Email
\n";
- $content.="Subject: [Your Name] ".variable_get('emailpage_subject_line', "thought you'd like to see this")."
\n\n".$nodelink."
\n\n[Your Name] ".nl2br(variable_get('emailpage_message',"someone thought you would like this page\n"))."
";
- print theme("page", $content);
-
}
- }
+ else {
+ $error=theme('error', t('You must supply your name and a valid email address'));
+ }
+ }
- if(!$_POST) {
+ if($error || !$_POST['op']) {
+ $content = $error;
$form.=form_textfield(t("Your Name"), "emailpage_sender", $_POST['edit']['emailpage_sender'], 20, 30);
$form.=form_textfield(t("Address to send to"), "emailpage_addy", $_POST['edit']['emailpage_addy'], 20, 30);
- $form.=form_submit("Send it Now!","");
- $content.=form($form, "post", url("emailpage"));
+ $form.=form_hidden('referer', $nodelink);
+ $form.=form_submit("Send it Now!");
+ $content.=form($form);
$content.="Example Email
\n";
$content.="Subject: [Your Name] ".variable_get('emailpage_subject_line', "thought you'd like to see this")."
\n\n".$nodelink."
\n\n[Your Name] ".nl2br(variable_get('emailpage_message',"someone thought you would like this page\n"))."
";
-
- print theme("page", $content);
}
+
+ print theme("page", $content);
}
function emailpage_settings() {
-
global $base_url;
// only administrators can access this module
if (!user_access("admin emailpage")) {
- return message_access();
+ return message_access();
}
$host=parse_url($base_url);
$output="Total emails sent to date: ".variable_get('emailpage_total', 1)."
\n";
$output.=form_radios('Reset the Counter?', 'emailpage_total', variable_get('emailpage_total', 0), array(1 => "Yes", variable_get('emailpage_total', 0) => "No"));
- $output.=form_radios('Use node type to create link?', 'emailpage_link_type', variable_get('emailpage_link_type', 0), array(1 => "Yes", 0 => "No"), t("If yes, the link will read "email this nodetype", if no, it will just read "email this page""));
- $output.=form_radios('Show link on index pages?', 'emailpage_show_on_main', variable_get('emailpage_show_on_main', 0), array(1 => "Yes", 0 => "No"), t("If yes, the email this page link will show on all teasers on the index pages as well as the individual nodes"));
+ $output.=form_radios('Display node type in node links?', 'emailpage_link_type', variable_get('emailpage_link_type', 0), array(1 => "Yes", 0 => "No"), t("If yes, the link will read "email this nodetype", if no, it will just read "email this page""));
+ $output.=form_radios('Show link on teasers?', 'emailpage_show_on_main', variable_get('emailpage_show_on_main', 0), array(1 => "Yes", 0 => "No"), t("If yes, the email this page link will show on all teasers on the index pages as well as the individual nodes"));
$output.=form_select("Flood Control", "emailpage_flood_control", variable_get('emailpage_flood_control', 10), array(1 => "1", 2 => "2", 3 => "3", 4 => "4", 5 => "5", 6 => "6", 7 => "7", 8 => "8", 9 => "9", 10 => "10"), "How many times a user can use the form in a 2hr period. This prevents abusers from sending out unlimited amounts of unwanted mail from the emailpage module.");
$output.=form_textfield(t("Sender Address"), 'emailpage_sender_addy',
variable_get('emailpage_sender_addy', "NoReply@".$host['host']), 30, 40, "The address to send FROM");
$output.=form_textfield(t("Subject Line"), 'emailpage_subject_line',
variable_get('emailpage_subject_line', "thought you'd like to see this"), 30, 40, "The subject line will start with the senders name as the first word, you can edit the rest of the line above");
$output.=form_textarea(t("Message"), 'emailpage_message', variable_get('emailpage_message', " thought you would like to see the above page\n\n"), 40, 10, "The senders name will appear as the first word followed by the text in the textarea above");
+ $output.=form_textarea(t("Success Message"), 'emailpage_success_msg', variable_get('emailpage_success_msg', "Your email was sent. Thank you!"), 40, 10, "This text appears when the user has successfully sent the form");
$output.=form_textarea(t("Flood Control Error Msg"), 'emailpage_flood_error_msg', variable_get('emailpage_flood_error_msg', "Sorry, you have reached the maximum number of emails allowed per user. Please try later"), 40, 10, "This text appears if a user tries to email a page but has exceeded the flood control limit.");
return $output;
}
-
-
-
-
-
-
-
-
-
-
?>