AAAAmailto.php000066600000001106151372506440006553 0ustar00registerDefaultTask('mailto'); $controller->execute(JRequest::getCmd('task')); //$controller->redirect(); mailto.xml000066600000002164151372506440006571 0ustar00 com_mailto Joomla! Project April 2006 (C) 2005 - 2014 Open Source Matters. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt admin@joomla.org www.joomla.org 2.5.0 COM_MAILTO_XML_DESCRIPTION controller.php index.html mailto.php views language/en-GB.com_mailto.ini index.html controller.php000066600000007175151372506440007465 0ustar00set('com_mailto.formtime', time()); JRequest::setVar('view', 'mailto'); $this->display(); } /** * Send the message and display a notice * * @access public * @since 1.5 */ function send() { // Check for request forgeries JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); $app = JFactory::getApplication(); $session = JFactory::getSession(); $db = JFactory::getDbo(); $timeout = $session->get('com_mailto.formtime', 0); if ($timeout == 0 || time() - $timeout < 20) { JError::raiseNotice(500, JText:: _ ('COM_MAILTO_EMAIL_NOT_SENT')); return $this->mailto(); } $SiteName = $app->getCfg('sitename'); $MailFrom = $app->getCfg('mailfrom'); $FromName = $app->getCfg('fromname'); $link = MailtoHelper::validateHash(JRequest::getCMD('link', '', 'post')); // Verify that this is a local link if (!$link || !JURI::isInternal($link)) { //Non-local url... JError::raiseNotice(500, JText:: _ ('COM_MAILTO_EMAIL_NOT_SENT')); return $this->mailto(); } // An array of email headers we do not want to allow as input $headers = array ( 'Content-Type:', 'MIME-Version:', 'Content-Transfer-Encoding:', 'bcc:', 'cc:'); // An array of the input fields to scan for injected headers $fields = array( 'mailto', 'sender', 'from', 'subject', ); /* * Here is the meat and potatoes of the header injection test. We * iterate over the array of form input and check for header strings. * If we find one, send an unauthorized header and die. */ foreach ($fields as $field) { foreach ($headers as $header) { if (strpos($_POST[$field], $header) !== false) { JError::raiseError(403, ''); } } } /* * Free up memory */ unset ($headers, $fields); $email = JRequest::getString('mailto', '', 'post'); $sender = JRequest::getString('sender', '', 'post'); $from = JRequest::getString('from', '', 'post'); $subject_default = JText::sprintf('COM_MAILTO_SENT_BY', $sender); $subject = JRequest::getString('subject', $subject_default, 'post'); // Check for a valid to address $error = false; if (! $email || ! JMailHelper::isEmailAddress($email)) { $error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $email); JError::raiseWarning(0, $error); } // Check for a valid from address if (! $from || ! JMailHelper::isEmailAddress($from)) { $error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $from); JError::raiseWarning(0, $error); } if ($error) { return $this->mailto(); } // Build the message to send $msg = JText :: _('COM_MAILTO_EMAIL_MSG'); $body = sprintf($msg, $SiteName, $sender, $from, $link); // Clean the email data $subject = JMailHelper::cleanSubject($subject); $body = JMailHelper::cleanBody($body); $sender = JMailHelper::cleanAddress($sender); // Send the email if (JFactory::getMailer()->sendMail($from, $sender, $email, $subject, $body) !== true) { JError::raiseNotice(500, JText:: _ ('COM_MAILTO_EMAIL_NOT_SENT')); return $this->mailto(); } JRequest::setVar('view', 'sent'); $this->display(); } } helpers/.htaccess000066600000000177151372506440010024 0ustar00 Order allow,deny Deny from all helpers/index.html000066600000000037151372506440010216 0ustar00 helpers/mailto.php000066600000003420151372506440010216 0ustar00get('com_mailto.links', array()); if(!isset($mailto_links[$hash])) { $mailto_links[$hash] = new stdClass(); } $mailto_links[$hash]->link = $url; $mailto_links[$hash]->expiry = time(); $session->set('com_mailto.links', $mailto_links); return $hash; } /** * Checks if a URL is a Flash file * * @param string * @return URL */ public static function validateHash($hash) { $retval = false; $session = JFactory::getSession(); self::cleanHashes(); $mailto_links = $session->get('com_mailto.links', array()); if(isset($mailto_links[$hash])) { $retval = $mailto_links[$hash]->link; } return $retval; } /** * Cleans out old hashes * * @since 1.6.1 */ public static function cleanHashes($lifetime = 1440) { // flag for if we've cleaned on this cycle static $cleaned = false; if(!$cleaned) { $past = time() - $lifetime; $session = JFactory::getSession(); $mailto_links = $session->get('com_mailto.links', array()); foreach($mailto_links as $index=>$link) { if($link->expiry < $past) { unset($mailto_links[$index]); } } $session->set('com_mailto.links', $mailto_links); $cleaned = true; } } } .htaccess000066600000000177151372506440006362 0ustar00 Order allow,deny Deny from all index.html000066600000000037151372506440006554 0ustar00 views/sent/tmpl/index.html000066600000000037151372506440011636 0ustar00 views/sent/tmpl/default.php000066600000001123151372506440011773 0ustar00

views/sent/tmpl/.htaccess000066600000000177151372506440011444 0ustar00 Order allow,deny Deny from all views/sent/.htaccess000066600000000177151372506440010470 0ustar00 Order allow,deny Deny from all views/sent/view.html.php000066600000000553151372506440011316 0ustar00 Mailto Andrew Eddie 13 Mar 2006 Copyright (C) 2005 - 2014 Open Source Matters. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt admin@joomla.org www.joomla.org COM_MAILTO_XML_DESCRIPTION views/sent/index.html000066600000000037151372506440010662 0ustar00 views/mailto/view.html.php000066600000002414151372506440011630 0ustar00getData(); if ($data === false) { return false; } $this->set('data' , $data); parent::display($tpl); } function &getData() { $user = JFactory::getUser(); $data = new stdClass(); $data->link = urldecode(JRequest::getVar('link', '', 'method', 'base64')); if ($data->link == '') { JError::raiseError(403, JText::_('COM_MAILTO_LINK_IS_MISSING')); $false = false; return $false; } // Load with previous data, if it exists $mailto = JRequest::getString('mailto', '', 'post'); $sender = JRequest::getString('sender', '', 'post'); $from = JRequest::getString('from', '', 'post'); $subject = JRequest::getString('subject', '', 'post'); if ($user->get('id') > 0) { $data->sender = $user->get('name'); $data->from = $user->get('email'); } else { $data->sender = $sender; $data->from = $from; } $data->subject = $subject; $data->mailto = $mailto; return $data; } } views/mailto/index.html000066600000000037151372506440011176 0ustar00 views/mailto/metadata.xml000066600000000043151372506440011500 0ustar00 views/mailto/.htaccess000066600000000177151372506440011004 0ustar00 Order allow,deny Deny from all views/mailto/tmpl/.htaccess000066600000000177151372506440011760 0ustar00 Order allow,deny Deny from all views/mailto/tmpl/index.html000066600000000037151372506440012152 0ustar00 views/mailto/tmpl/default.php000066600000005267151372506440012324 0ustar00 get('data'); ?>

views/index.html000066600000000037151372506440007711 0ustar00 views/.htaccess000066600000000177151372506440007517 0ustar00 Order allow,deny Deny from all