<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Gets the email message from the user's mailbox to add as

[2] Fix | Delete

* a WordPress post. Mailbox connection information must be

[3] Fix | Delete

* configured under Settings > Writing

[4] Fix | Delete

*

[5] Fix | Delete

* @package WordPress

[6] Fix | Delete

*/

[7] Fix | Delete

[8] Fix | Delete

/** Make sure that the WordPress bootstrap has run before continuing. */

[9] Fix | Delete

require __DIR__ . '/wp-load.php';

[10] Fix | Delete

[11] Fix | Delete

/** This filter is documented in wp-admin/options.php */

[12] Fix | Delete

if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) {

[13] Fix | Delete

wp_die( __( 'This action has been disabled by the administrator.' ), 403 );

[14] Fix | Delete

}

[15] Fix | Delete

[16] Fix | Delete

$mailserver_url = get_option( 'mailserver_url' );

[17] Fix | Delete

[18] Fix | Delete

if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) {

[19] Fix | Delete

wp_die( __( 'This action has been disabled by the administrator.' ), 403 );

[20] Fix | Delete

}

[21] Fix | Delete

[22] Fix | Delete

/**

[23] Fix | Delete

* Fires to allow a plugin to do a complete takeover of Post by Email.

[24] Fix | Delete

*

[25] Fix | Delete

* @since 2.9.0

[26] Fix | Delete

*/

[27] Fix | Delete

do_action( 'wp-mail.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores

[28] Fix | Delete

[29] Fix | Delete

/** Get the POP3 class with which to access the mailbox. */

[30] Fix | Delete

require_once ABSPATH . WPINC . '/class-pop3.php';

[31] Fix | Delete

[32] Fix | Delete

/** Only check at this interval for new messages. */

[33] Fix | Delete

if ( ! defined( 'WP_MAIL_INTERVAL' ) ) {

[34] Fix | Delete

define( 'WP_MAIL_INTERVAL', 5 * MINUTE_IN_SECONDS );

[35] Fix | Delete

}

[36] Fix | Delete

[37] Fix | Delete

$last_checked = get_transient( 'mailserver_last_checked' );

[38] Fix | Delete

[39] Fix | Delete

if ( $last_checked ) {

[40] Fix | Delete

wp_die( __( 'Slow down cowboy, no need to check for new mails so often!' ) );

[41] Fix | Delete

}

[42] Fix | Delete

[43] Fix | Delete

set_transient( 'mailserver_last_checked', true, WP_MAIL_INTERVAL );

[44] Fix | Delete

[45] Fix | Delete

$time_difference = get_option( 'gmt_offset' ) * HOUR_IN_SECONDS;

[46] Fix | Delete

[47] Fix | Delete

$phone_delim = '::';

[48] Fix | Delete

[49] Fix | Delete

$pop3 = new POP3();

[50] Fix | Delete

[51] Fix | Delete

if ( ! $pop3->connect( get_option( 'mailserver_url' ), get_option( 'mailserver_port' ) ) || ! $pop3->user( get_option( 'mailserver_login' ) ) ) {

[52] Fix | Delete

wp_die( esc_html( $pop3->ERROR ) );

[53] Fix | Delete

}

[54] Fix | Delete

[55] Fix | Delete

$count = $pop3->pass( get_option( 'mailserver_pass' ) );

[56] Fix | Delete

[57] Fix | Delete

if ( false === $count ) {

[58] Fix | Delete

wp_die( esc_html( $pop3->ERROR ) );

[59] Fix | Delete

}

[60] Fix | Delete

[61] Fix | Delete

if ( 0 === $count ) {

[62] Fix | Delete

$pop3->quit();

[63] Fix | Delete

wp_die( __( 'There doesn&#8217;t seem to be any new mail.' ) );

[64] Fix | Delete

}

[65] Fix | Delete

[66] Fix | Delete

// Always run as an unauthenticated user.

[67] Fix | Delete

wp_set_current_user( 0 );

[68] Fix | Delete

[69] Fix | Delete

for ( $i = 1; $i <= $count; $i++ ) {

[70] Fix | Delete

[71] Fix | Delete

$message = $pop3->get( $i );

[72] Fix | Delete

[73] Fix | Delete

$bodysignal = false;

[74] Fix | Delete

$boundary = '';

[75] Fix | Delete

$charset = '';

[76] Fix | Delete

$content = '';

[77] Fix | Delete

$content_type = '';

[78] Fix | Delete

$content_transfer_encoding = '';

[79] Fix | Delete

$post_author = 1;

[80] Fix | Delete

$author_found = false;

[81] Fix | Delete

foreach ( $message as $line ) {

[82] Fix | Delete

// Body signal.

[83] Fix | Delete

if ( strlen( $line ) < 3 ) {

[84] Fix | Delete

$bodysignal = true;

[85] Fix | Delete

}

[86] Fix | Delete

if ( $bodysignal ) {

[87] Fix | Delete

$content .= $line;

[88] Fix | Delete

} else {

[89] Fix | Delete

if ( preg_match( '/Content-Type: /i', $line ) ) {

[90] Fix | Delete

$content_type = trim( $line );

[91] Fix | Delete

$content_type = substr( $content_type, 14, strlen( $content_type ) - 14 );

[92] Fix | Delete

$content_type = explode( ';', $content_type );

[93] Fix | Delete

if ( ! empty( $content_type[1] ) ) {

[94] Fix | Delete

$charset = explode( '=', $content_type[1] );

[95] Fix | Delete

$charset = ( ! empty( $charset[1] ) ) ? trim( $charset[1] ) : '';

[96] Fix | Delete

}

[97] Fix | Delete

$content_type = $content_type[0];

[98] Fix | Delete

}

[99] Fix | Delete

if ( preg_match( '/Content-Transfer-Encoding: /i', $line ) ) {

[100] Fix | Delete

$content_transfer_encoding = trim( $line );

[101] Fix | Delete

$content_transfer_encoding = substr( $content_transfer_encoding, 27, strlen( $content_transfer_encoding ) - 27 );

[102] Fix | Delete

$content_transfer_encoding = explode( ';', $content_transfer_encoding );

[103] Fix | Delete

$content_transfer_encoding = $content_transfer_encoding[0];

[104] Fix | Delete

}

[105] Fix | Delete

if ( ( 'multipart/alternative' === $content_type ) && ( false !== strpos( $line, 'boundary="' ) ) && ( '' === $boundary ) ) {

[106] Fix | Delete

$boundary = trim( $line );

[107] Fix | Delete

$boundary = explode( '"', $boundary );

[108] Fix | Delete

$boundary = $boundary[1];

[109] Fix | Delete

}

[110] Fix | Delete

if ( preg_match( '/Subject: /i', $line ) ) {

[111] Fix | Delete

$subject = trim( $line );

[112] Fix | Delete

$subject = substr( $subject, 9, strlen( $subject ) - 9 );

[113] Fix | Delete

// Captures any text in the subject before $phone_delim as the subject.

[114] Fix | Delete

if ( function_exists( 'iconv_mime_decode' ) ) {

[115] Fix | Delete

$subject = iconv_mime_decode( $subject, 2, get_option( 'blog_charset' ) );

[116] Fix | Delete

} else {

[117] Fix | Delete

$subject = wp_iso_descrambler( $subject );

[118] Fix | Delete

}

[119] Fix | Delete

$subject = explode( $phone_delim, $subject );

[120] Fix | Delete

$subject = $subject[0];

[121] Fix | Delete

}

[122] Fix | Delete

[123] Fix | Delete

/*

[124] Fix | Delete

* Set the author using the email address (From or Reply-To, the last used)

[125] Fix | Delete

* otherwise use the site admin.

[126] Fix | Delete

*/

[127] Fix | Delete

if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) {

[128] Fix | Delete

if ( preg_match( '|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches ) ) {

[129] Fix | Delete

$author = $matches[0];

[130] Fix | Delete

} else {

[131] Fix | Delete

$author = trim( $line );

[132] Fix | Delete

}

[133] Fix | Delete

$author = sanitize_email( $author );

[134] Fix | Delete

if ( is_email( $author ) ) {

[135] Fix | Delete

$userdata = get_user_by( 'email', $author );

[136] Fix | Delete

if ( ! empty( $userdata ) ) {

[137] Fix | Delete

$post_author = $userdata->ID;

[138] Fix | Delete

$author_found = true;

[139] Fix | Delete

}

[140] Fix | Delete

}

[141] Fix | Delete

}

[142] Fix | Delete

[143] Fix | Delete

if ( preg_match( '/Date: /i', $line ) ) { // Of the form '20 Mar 2002 20:32:37 +0100'.

[144] Fix | Delete

$ddate = str_replace( 'Date: ', '', trim( $line ) );

[145] Fix | Delete

// Remove parenthesised timezone string if it exists, as this confuses strtotime().

[146] Fix | Delete

$ddate = preg_replace( '!\s*\(.+\)\s*$!', '', $ddate );

[147] Fix | Delete

$ddate_timestamp = strtotime( $ddate );

[148] Fix | Delete

$post_date = gmdate( 'Y-m-d H:i:s', $ddate_timestamp + $time_difference );

[149] Fix | Delete

$post_date_gmt = gmdate( 'Y-m-d H:i:s', $ddate_timestamp );

[150] Fix | Delete

}

[151] Fix | Delete

}

[152] Fix | Delete

}

[153] Fix | Delete

[154] Fix | Delete

// Set $post_status based on $author_found and on author's publish_posts capability.

[155] Fix | Delete

if ( $author_found ) {

[156] Fix | Delete

$user = new WP_User( $post_author );

[157] Fix | Delete

$post_status = ( $user->has_cap( 'publish_posts' ) ) ? 'publish' : 'pending';

[158] Fix | Delete

} else {

[159] Fix | Delete

// Author not found in DB, set status to pending. Author already set to admin.

[160] Fix | Delete

$post_status = 'pending';

[161] Fix | Delete

}

[162] Fix | Delete

[163] Fix | Delete

$subject = trim( $subject );

[164] Fix | Delete

[165] Fix | Delete

if ( 'multipart/alternative' === $content_type ) {

[166] Fix | Delete

$content = explode( '--' . $boundary, $content );

[167] Fix | Delete

$content = $content[2];

[168] Fix | Delete

[169] Fix | Delete

// Match case-insensitive content-transfer-encoding.

[170] Fix | Delete

if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim ) ) {

[171] Fix | Delete

$content = explode( $delim[0], $content );

[172] Fix | Delete

$content = $content[1];

[173] Fix | Delete

}

[174] Fix | Delete

$content = strip_tags( $content, '<img><p><br><i><b><u><em><strong><strike><font><span><div>' );

[175] Fix | Delete

}

[176] Fix | Delete

$content = trim( $content );

[177] Fix | Delete

[178] Fix | Delete

/**

[179] Fix | Delete

* Filters the original content of the email.

[180] Fix | Delete

*

[181] Fix | Delete

* Give Post-By-Email extending plugins full access to the content, either

[182] Fix | Delete

* the raw content, or the content of the last quoted-printable section.

[183] Fix | Delete

*

[184] Fix | Delete

* @since 2.8.0

[185] Fix | Delete

*

[186] Fix | Delete

* @param string $content The original email content.

[187] Fix | Delete

*/

[188] Fix | Delete

$content = apply_filters( 'wp_mail_original_content', $content );

[189] Fix | Delete

[190] Fix | Delete

if ( false !== stripos( $content_transfer_encoding, 'quoted-printable' ) ) {

[191] Fix | Delete

$content = quoted_printable_decode( $content );

[192] Fix | Delete

}

[193] Fix | Delete

[194] Fix | Delete

if ( function_exists( 'iconv' ) && ! empty( $charset ) ) {

[195] Fix | Delete

$content = iconv( $charset, get_option( 'blog_charset' ), $content );

[196] Fix | Delete

}

[197] Fix | Delete

[198] Fix | Delete

// Captures any text in the body after $phone_delim as the body.

[199] Fix | Delete

$content = explode( $phone_delim, $content );

[200] Fix | Delete

$content = empty( $content[1] ) ? $content[0] : $content[1];

[201] Fix | Delete

[202] Fix | Delete

$content = trim( $content );

[203] Fix | Delete

[204] Fix | Delete

/**

[205] Fix | Delete

* Filters the content of the post submitted by email before saving.

[206] Fix | Delete

*

[207] Fix | Delete

* @since 1.2.0

[208] Fix | Delete

*

[209] Fix | Delete

* @param string $content The email content.

[210] Fix | Delete

*/

[211] Fix | Delete

$post_content = apply_filters( 'phone_content', $content );

[212] Fix | Delete

[213] Fix | Delete

$post_title = xmlrpc_getposttitle( $content );

[214] Fix | Delete

[215] Fix | Delete

if ( '' === trim( $post_title ) ) {

[216] Fix | Delete

$post_title = $subject;

[217] Fix | Delete

}

[218] Fix | Delete

[219] Fix | Delete

$post_category = array( get_option( 'default_email_category' ) );

[220] Fix | Delete

[221] Fix | Delete

$post_data = compact( 'post_content', 'post_title', 'post_date', 'post_date_gmt', 'post_author', 'post_category', 'post_status' );

[222] Fix | Delete

$post_data = wp_slash( $post_data );

[223] Fix | Delete

[224] Fix | Delete

$post_ID = wp_insert_post( $post_data );

[225] Fix | Delete

if ( is_wp_error( $post_ID ) ) {

[226] Fix | Delete

echo "\n" . $post_ID->get_error_message();

[227] Fix | Delete

}

[228] Fix | Delete

[229] Fix | Delete

// We couldn't post, for whatever reason. Better move forward to the next email.

[230] Fix | Delete

if ( empty( $post_ID ) ) {

[231] Fix | Delete

continue;

[232] Fix | Delete

}

[233] Fix | Delete

[234] Fix | Delete

/**

[235] Fix | Delete

* Fires after a post submitted by email is published.

[236] Fix | Delete

*

[237] Fix | Delete

* @since 1.2.0

[238] Fix | Delete

*

[239] Fix | Delete

* @param int $post_ID The post ID.

[240] Fix | Delete

*/

[241] Fix | Delete

do_action( 'publish_phone', $post_ID );

[242] Fix | Delete

[243] Fix | Delete

echo "\n<p><strong>" . __( 'Author:' ) . '</strong> ' . esc_html( $post_author ) . '</p>';

[244] Fix | Delete

echo "\n<p><strong>" . __( 'Posted title:' ) . '</strong> ' . esc_html( $post_title ) . '</p>';

[245] Fix | Delete

[246] Fix | Delete

if ( ! $pop3->delete( $i ) ) {

[247] Fix | Delete

echo '<p>' . sprintf(

[248] Fix | Delete

/* translators: %s: POP3 error. */

[249] Fix | Delete

__( 'Oops: %s' ),

[250] Fix | Delete

esc_html( $pop3->ERROR )

[251] Fix | Delete

) . '</p>';

[252] Fix | Delete

$pop3->reset();

[253] Fix | Delete

exit;

[254] Fix | Delete

} else {

[255] Fix | Delete

echo '<p>' . sprintf(

[256] Fix | Delete

/* translators: %s: The message ID. */

[257] Fix | Delete

__( 'Mission complete. Message %s deleted.' ),

[258] Fix | Delete

'<strong>' . $i . '</strong>'

[259] Fix | Delete

) . '</p>';

[260] Fix | Delete

}

[261] Fix | Delete

}

[262] Fix | Delete

[263] Fix | Delete

$pop3->quit();

[264] Fix | Delete

[265] Fix | Delete