From 7df4a24abdeb91c7ebc1be33c32738a29fbc0ad7 Mon Sep 17 00:00:00 2001 From: muli Date: Wed, 24 Aug 2022 07:59:58 +0200 Subject: [PATCH 1/8] fix: Fixed broken replacement for newlines. --- assets/php/contact_form.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/php/contact_form.php b/assets/php/contact_form.php index d0c8e33c..89ba09cb 100644 --- a/assets/php/contact_form.php +++ b/assets/php/contact_form.php @@ -16,7 +16,7 @@ function sanitize_text(string $name, string $type) { function prepare_message_body($message) { // Replace HTML-Entities with actual carriage returns and line feeds $message = str_replace(" ", "\r", $message); - $message = str_replace(" ", "\r", $message); + $message = str_replace(" ", "\n", $message); // Ensure line breaks via carriage return + line feed $message = str_replace("\r\n", "\n", $message); From aebb53e5c1a4c5e39504b65694e62e3eb3e65c97 Mon Sep 17 00:00:00 2001 From: muli Date: Wed, 24 Aug 2022 08:03:27 +0200 Subject: [PATCH 2/8] fix: Fixed undefined variables error. --- assets/php/contact_form.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/assets/php/contact_form.php b/assets/php/contact_form.php index 89ba09cb..c2fb8572 100644 --- a/assets/php/contact_form.php +++ b/assets/php/contact_form.php @@ -6,14 +6,13 @@ function sanitize_text(string $name, string $type) { 'text' => FILTER_SANITIZE_SPECIAL_CHARS, 'email' => FILTER_SANITIZE_EMAIL, ); - $text = trim($text); - $text = filter_var($_POST[$name], $filters[$type]); + $text = filter_var(trim($_POST[$name]), $filters[$type]); $text = stripslashes($text); return $text; } -function prepare_message_body($message) { +function prepare_message_body(string $message, string $name) { // Replace HTML-Entities with actual carriage returns and line feeds $message = str_replace(" ", "\r", $message); $message = str_replace(" ", "\n", $message); @@ -38,7 +37,7 @@ function send_message_to_office($subject, $message, $name, $email) { return mail( getenv('WTF_CONTACT_TO'), "=?UTF-8?B?" . base64_encode($subject) . "?=", - prepare_message_body($message), + prepare_message_body($message, $name), $additional_headers = array( "From" => getenv('WTF_CONTACT_FROM'), "Reply-To" => $email, From 590cbfbb65d5a615acb396f90fc03207f6896a82 Mon Sep 17 00:00:00 2001 From: muli Date: Wed, 24 Aug 2022 08:03:54 +0200 Subject: [PATCH 3/8] feat: Type hinting all the way. --- assets/php/contact_form.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/assets/php/contact_form.php b/assets/php/contact_form.php index c2fb8572..9b2c73cb 100644 --- a/assets/php/contact_form.php +++ b/assets/php/contact_form.php @@ -33,7 +33,7 @@ function prepare_message_body(string $message, string $name) { * mail(): Braucht auf dem Server einen korrekt konfigurierten Mailserver * phpmailer: Bibliothek, der per Composer installiert wird. Tut ganz gut mit SMTP. */ -function send_message_to_office($subject, $message, $name, $email) { +function send_message_to_office(string $subject, string $message, string $name, string $email) { return mail( getenv('WTF_CONTACT_TO'), "=?UTF-8?B?" . base64_encode($subject) . "?=", @@ -48,7 +48,7 @@ function send_message_to_office($subject, $message, $name, $email) { ); } -function send_response($response_data) { +function send_response(array $response_data) { $json = json_encode($response_data); if ($json === false) { // Avoid echo of empty string (which is invalid JSON), and From 42b9b3a62eeca1e600e5a8a71490c80177df88ed Mon Sep 17 00:00:00 2001 From: Brain Date: Wed, 24 Aug 2022 14:35:01 +0200 Subject: [PATCH 4/8] Set the return path via the envelope sender --- assets/php/contact_form.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/assets/php/contact_form.php b/assets/php/contact_form.php index 9b2c73cb..d6b93a66 100644 --- a/assets/php/contact_form.php +++ b/assets/php/contact_form.php @@ -34,17 +34,25 @@ function prepare_message_body(string $message, string $name) { * phpmailer: Bibliothek, der per Composer installiert wird. Tut ganz gut mit SMTP. */ function send_message_to_office(string $subject, string $message, string $name, string $email) { + $returnPath = filter_var(getenv('WTF_RETURN_PATH'), FILTER_VALIDATE_EMAIL); + $to = filter_var(getenv('WTF_CONTACT_TO'), FILTER_VALIDATE_EMAIL); + + if (!$returnPath || !$to) { + error_log('Address for "To" or "Return-Path" is invalid'); + return false; + } + return mail( - getenv('WTF_CONTACT_TO'), + $to, "=?UTF-8?B?" . base64_encode($subject) . "?=", prepare_message_body($message, $name), - $additional_headers = array( + array( "From" => getenv('WTF_CONTACT_FROM'), "Reply-To" => $email, - "Return-Path" => getenv('WTF_RETURN_PATH'), "Content-Type" => "text/plain; charset=utf-8", "Content-Transfer-Encoding" => "base64", ), + "-f $returnPath" ); } From f9229b5998dcdd3bc09e9a0002c7df1146c87b20 Mon Sep 17 00:00:00 2001 From: Brain Date: Wed, 24 Aug 2022 15:13:39 +0200 Subject: [PATCH 5/8] Make ajax URL relative to webroot and variable name more unique --- assets/js/contact_form.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/assets/js/contact_form.js b/assets/js/contact_form.js index 1d8bf657..758a934c 100644 --- a/assets/js/contact_form.js +++ b/assets/js/contact_form.js @@ -1,4 +1,4 @@ -const ajaxUrl = '../php/contact_form.php'; +const contactFormAjaxUrl = '/php/contact_form.php'; const contact_form = document.getElementsByClassName('content__contact_form')[0]; const subject = document.getElementsByClassName('contact_form__subject')[0]; const message = document.getElementsByClassName('contact_form__message')[0]; @@ -11,7 +11,7 @@ const feedback = document.getElementsByClassName('contact_form__feedback')[0]; window.addEventListener('DOMContentLoaded', function(event) { let formData = new FormData(); formData.append('action', 'start_session'); - fetch(ajaxUrl, { + fetch(contactFormAjaxUrl, { method: 'POST', mode: 'same-origin', body: formData, @@ -39,7 +39,7 @@ contact_form.addEventListener('submit', function(event) { return; } - fetch(ajaxUrl, { + fetch(contactFormAjaxUrl, { method: 'POST', mode: 'same-origin', body: formData, From 0882053a427b813662197f33d9824385f2660510 Mon Sep 17 00:00:00 2001 From: Brain Date: Wed, 24 Aug 2022 15:15:08 +0200 Subject: [PATCH 6/8] Handle request errors --- assets/js/contact_form.js | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/assets/js/contact_form.js b/assets/js/contact_form.js index 758a934c..fd2db687 100644 --- a/assets/js/contact_form.js +++ b/assets/js/contact_form.js @@ -16,10 +16,19 @@ window.addEventListener('DOMContentLoaded', function(event) { mode: 'same-origin', body: formData, }) - .then(response => response.json()) + .then(response => { + if (!response.ok) { + throw new Error('Response was not OK'); + } + + return response.json(); + }) .then(json => { console.log(json); }) + .catch(error => { + console.error('Could not start the session:', error); + }); }); contact_form.addEventListener('submit', function(event) { From 3b14c0159158f402279b25145bbf1df1327ba104 Mon Sep 17 00:00:00 2001 From: Brain Date: Wed, 24 Aug 2022 15:27:20 +0200 Subject: [PATCH 7/8] Only load or do things if necessary --- assets/js/contact_form.js | 32 ++++++++++++++++++++------------ assets/js/contact_form_toggle.js | 4 +++- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/assets/js/contact_form.js b/assets/js/contact_form.js index fd2db687..43681f61 100644 --- a/assets/js/contact_form.js +++ b/assets/js/contact_form.js @@ -1,14 +1,14 @@ const contactFormAjaxUrl = '/php/contact_form.php'; -const contact_form = document.getElementsByClassName('content__contact_form')[0]; -const subject = document.getElementsByClassName('contact_form__subject')[0]; -const message = document.getElementsByClassName('contact_form__message')[0]; -const name = document.getElementsByClassName('contact_form__name')[0]; -const email = document.getElementsByClassName('contact_form__email')[0]; -const captcha = document.getElementsByClassName('contact_form__captcha')[0]; -const now = (new Date().getTime()/1000).toFixed(); -const feedback = document.getElementsByClassName('contact_form__feedback')[0]; -window.addEventListener('DOMContentLoaded', function(event) { +window.addEventListener('DOMContentLoaded', function() { + const contact_form = document.getElementsByClassName('content__contact_form')[0]; + if (contact_form) { + contact_form.addEventListener('submit', wtf_submitContactForm, false); + wtf_startContactFormSession(); + } +}); + +function wtf_startContactFormSession() { let formData = new FormData(); formData.append('action', 'start_session'); fetch(contactFormAjaxUrl, { @@ -29,10 +29,17 @@ window.addEventListener('DOMContentLoaded', function(event) { .catch(error => { console.error('Could not start the session:', error); }); -}); +} -contact_form.addEventListener('submit', function(event) { +function wtf_submitContactForm(event) { event.preventDefault(); + + const subject = document.getElementsByClassName('contact_form__subject')[0]; + const message = document.getElementsByClassName('contact_form__message')[0]; + const name = document.getElementsByClassName('contact_form__name')[0]; + const email = document.getElementsByClassName('contact_form__email')[0]; + const captcha = document.getElementsByClassName('contact_form__captcha')[0]; + let formData = new FormData(); formData.append('action', 'handle_form'); formData.append('subject', subject.value); @@ -55,6 +62,7 @@ contact_form.addEventListener('submit', function(event) { }) .then(response => response.json()) .then(json => { + const feedback = document.getElementsByClassName('contact_form__feedback')[0]; console.log(json); if (json.errors) { feedback.classList.remove('--success'); @@ -84,4 +92,4 @@ contact_form.addEventListener('submit', function(event) { } }) .catch(error => console.log(error)); -}, false); +} diff --git a/assets/js/contact_form_toggle.js b/assets/js/contact_form_toggle.js index b2dce0c2..00ca58c5 100644 --- a/assets/js/contact_form_toggle.js +++ b/assets/js/contact_form_toggle.js @@ -1,5 +1,7 @@ /* Unhide contact form if JS is enabled */ window.addEventListener('DOMContentLoaded', (event) => { const contact_form_wrapper = document.getElementsByClassName('content__contact_form_wrapper')[0]; - contact_form_wrapper.style.setProperty('display', 'block'); + if (contact_form_wrapper) { + contact_form_wrapper.style.setProperty('display', 'block'); + } }); From ddc89d5bd63ab7320aaf57f0ed8c892ab402a530 Mon Sep 17 00:00:00 2001 From: muli Date: Wed, 24 Aug 2022 20:05:02 +0200 Subject: [PATCH 8/8] fix: Don't load contact_form.js and contact_from_toggle.js on all pages. --- templates/layout.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/layout.html b/templates/layout.html index 79dd07cd..7a890eab 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -63,7 +63,7 @@ __ ____________________ {% if 'manifest.json'|asseturl is defined -%} {%- endif %} - {% if '/js/contact_form_toggle.js'|asseturl is defined -%} + {% if '/js/contact_form_toggle.js'|asseturl is defined and this.title == 'Kontakt' -%} {%- endif %} @@ -131,7 +131,7 @@ __ ____________________ {%- if '/js/nav_toggle.js'|asseturl is defined -%} {%- endif %} - {% if '/js/contact_form_toggle.js'|asseturl is defined -%} + {% if '/js/contact_form_toggle.js'|asseturl is defined and this.title == 'Kontakt' -%} {%- endif %}