1<?php 2/** 3 * Gets the email message from the user's mailbox to add as 4 * a WordPress post. Mailbox connection information must be 5 * configured under Settings > Writing 6 * 7 * @package WordPress 8 */ 9 10/** Make sure that the WordPress bootstrap has run before continuing. */ 11require __DIR__ . '/wp-load.php'; 12 13/** This filter is documented in wp-admin/options.php */ 14if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) { 15 wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); 16} 17 18$mailserver_url = get_option( 'mailserver_url' ); 19 20if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) { 21 wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); 22} 23 24/** 25 * Fires to allow a plugin to do a complete takeover of Post by Email. 26 * 27 * @since 2.9.0 28 */ 29do_action( 'wp-mail.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 30 31/** Get the POP3 class with which to access the mailbox. */ 32require_once ABSPATH . WPINC . '/class-pop3.php'; 33 34/** Only check at this interval for new messages. */ 35if ( ! defined( 'WP_MAIL_INTERVAL' ) ) { 36 define( 'WP_MAIL_INTERVAL', 5 * MINUTE_IN_SECONDS ); 37} 38 39$last_checked = get_transient( 'mailserver_last_checked' ); 40 41if ( $last_checked ) { 42 wp_die( __( 'Slow down cowboy, no need to check for new mails so often!' ) ); 43} 44 45set_transient( 'mailserver_last_checked', true, WP_MAIL_INTERVAL ); 46 47$time_difference = get_option( 'gmt_offset' ) * HOUR_IN_SECONDS; 48 49$phone_delim = '::'; 50 51$pop3 = new POP3(); 52 53if ( ! $pop3->connect( get_option( 'mailserver_url' ), get_option( 'mailserver_port' ) ) || ! $pop3->user( get_option( 'mailserver_login' ) ) ) { 54 wp_die( esc_html( $pop3->ERROR ) ); 55} 56 57$count = $pop3->pass( get_option( 'mailserver_pass' ) ); 58 59if ( false === $count ) { 60 wp_die( esc_html( $pop3->ERROR ) ); 61} 62 63if ( 0 === $count ) { 64 $pop3->quit(); 65 wp_die( __( 'There doesn’t seem to be any new mail.' ) ); 66} 67 68for ( $i = 1; $i <= $count; $i++ ) { 69 70 $message = $pop3->get( $i ); 71 72 $bodysignal = false; 73 $boundary = ''; 74 $charset = ''; 75 $content = ''; 76 $content_type = ''; 77 $content_transfer_encoding = ''; 78 $post_author = 1; 79 $author_found = false; 80 foreach ( $message as $line ) { 81 // Body signal. 82 if ( strlen( $line ) < 3 ) { 83 $bodysignal = true; 84 } 85 if ( $bodysignal ) { 86 $content .= $line; 87 } else { 88 if ( preg_match( '/Content-Type: /i', $line ) ) { 89 $content_type = trim( $line ); 90 $content_type = substr( $content_type, 14, strlen( $content_type ) - 14 ); 91 $content_type = explode( ';', $content_type ); 92 if ( ! empty( $content_type[1] ) ) { 93 $charset = explode( '=', $content_type[1] ); 94 $charset = ( ! empty( $charset[1] ) ) ? trim( $charset[1] ) : ''; 95 } 96 $content_type = $content_type[0]; 97 } 98 if ( preg_match( '/Content-Transfer-Encoding: /i', $line ) ) { 99 $content_transfer_encoding = trim( $line ); 100 $content_transfer_encoding = substr( $content_transfer_encoding, 27, strlen( $content_transfer_encoding ) - 27 ); 101 $content_transfer_encoding = explode( ';', $content_transfer_encoding ); 102 $content_transfer_encoding = $content_transfer_encoding[0]; 103 } 104 if ( ( 'multipart/alternative' === $content_type ) && ( false !== strpos( $line, 'boundary="' ) ) && ( '' === $boundary ) ) { 105 $boundary = trim( $line ); 106 $boundary = explode( '"', $boundary ); 107 $boundary = $boundary[1]; 108 } 109 if ( preg_match( '/Subject: /i', $line ) ) { 110 $subject = trim( $line ); 111 $subject = substr( $subject, 9, strlen( $subject ) - 9 ); 112 // Captures any text in the subject before $phone_delim as the subject. 113 if ( function_exists( 'iconv_mime_decode' ) ) { 114 $subject = iconv_mime_decode( $subject, 2, get_option( 'blog_charset' ) ); 115 } else { 116 $subject = wp_iso_descrambler( $subject ); 117 } 118 $subject = explode( $phone_delim, $subject ); 119 $subject = $subject[0]; 120 } 121 122 /* 123 * Set the author using the email address (From or Reply-To, the last used) 124 * otherwise use the site admin. 125 */ 126 if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) { 127 if ( preg_match( '|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches ) ) { 128 $author = $matches[0]; 129 } else { 130 $author = trim( $line ); 131 } 132 $author = sanitize_email( $author ); 133 if ( is_email( $author ) ) { 134 /* translators: %s: Post author email address. */ 135 echo '<p>' . sprintf( __( 'Author is %s' ), $author ) . '</p>'; 136 $userdata = get_user_by( 'email', $author ); 137 if ( ! empty( $userdata ) ) { 138 $post_author = $userdata->ID; 139 $author_found = true; 140 } 141 } 142 } 143 144 if ( preg_match( '/Date: /i', $line ) ) { // Of the form '20 Mar 2002 20:32:37 +0100'. 145 $ddate = str_replace( 'Date: ', '', trim( $line ) ); 146 // Remove parenthesised timezone string if it exists, as this confuses strtotime(). 147 $ddate = preg_replace( '!\s*\(.+\)\s*$!', '', $ddate ); 148 $ddate_timestamp = strtotime( $ddate ); 149 $post_date = gmdate( 'Y-m-d H:i:s', $ddate_timestamp + $time_difference ); 150 $post_date_gmt = gmdate( 'Y-m-d H:i:s', $ddate_timestamp ); 151 } 152 } 153 } 154 155 // Set $post_status based on $author_found and on author's publish_posts capability. 156 if ( $author_found ) { 157 $user = new WP_User( $post_author ); 158 $post_status = ( $user->has_cap( 'publish_posts' ) ) ? 'publish' : 'pending'; 159 } else { 160 // Author not found in DB, set status to pending. Author already set to admin. 161 $post_status = 'pending'; 162 } 163 164 $subject = trim( $subject ); 165 166 if ( 'multipart/alternative' === $content_type ) { 167 $content = explode( '--' . $boundary, $content ); 168 $content = $content[2]; 169 170 // Match case-insensitive content-transfer-encoding. 171 if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim ) ) { 172 $content = explode( $delim[0], $content ); 173 $content = $content[1]; 174 } 175 $content = strip_tags( $content, '<img><p><br><i><b><u><em><strong><strike><font><span><div>' ); 176 } 177 $content = trim( $content ); 178 179 /** 180 * Filters the original content of the email. 181 * 182 * Give Post-By-Email extending plugins full access to the content, either 183 * the raw content, or the content of the last quoted-printable section. 184 * 185 * @since 2.8.0 186 * 187 * @param string $content The original email content. 188 */ 189 $content = apply_filters( 'wp_mail_original_content', $content ); 190 191 if ( false !== stripos( $content_transfer_encoding, 'quoted-printable' ) ) { 192 $content = quoted_printable_decode( $content ); 193 } 194 195 if ( function_exists( 'iconv' ) && ! empty( $charset ) ) { 196 $content = iconv( $charset, get_option( 'blog_charset' ), $content ); 197 } 198 199 // Captures any text in the body after $phone_delim as the body. 200 $content = explode( $phone_delim, $content ); 201 $content = empty( $content[1] ) ? $content[0] : $content[1]; 202 203 $content = trim( $content ); 204 205 /** 206 * Filters the content of the post submitted by email before saving. 207 * 208 * @since 1.2.0 209 * 210 * @param string $content The email content. 211 */ 212 $post_content = apply_filters( 'phone_content', $content ); 213 214 $post_title = xmlrpc_getposttitle( $content ); 215 216 if ( '' === trim( $post_title ) ) { 217 $post_title = $subject; 218 } 219 220 $post_category = array( get_option( 'default_email_category' ) ); 221 222 $post_data = compact( 'post_content', 'post_title', 'post_date', 'post_date_gmt', 'post_author', 'post_category', 'post_status' ); 223 $post_data = wp_slash( $post_data ); 224 225 $post_ID = wp_insert_post( $post_data ); 226 if ( is_wp_error( $post_ID ) ) { 227 echo "\n" . $post_ID->get_error_message(); 228 } 229 230 // We couldn't post, for whatever reason. Better move forward to the next email. 231 if ( empty( $post_ID ) ) { 232 continue; 233 } 234 235 /** 236 * Fires after a post submitted by email is published. 237 * 238 * @since 1.2.0 239 * 240 * @param int $post_ID The post ID. 241 */ 242 do_action( 'publish_phone', $post_ID ); 243 244 echo "\n<p><strong>" . __( 'Author:' ) . '</strong> ' . esc_html( $post_author ) . '</p>'; 245 echo "\n<p><strong>" . __( 'Posted title:' ) . '</strong> ' . esc_html( $post_title ) . '</p>'; 246 247 if ( ! $pop3->delete( $i ) ) { 248 echo '<p>' . sprintf( 249 /* translators: %s: POP3 error. */ 250 __( 'Oops: %s' ), 251 esc_html( $pop3->ERROR ) 252 ) . '</p>'; 253 $pop3->reset(); 254 exit; 255 } else { 256 echo '<p>' . sprintf( 257 /* translators: %s: The message ID. */ 258 __( 'Mission complete. Message %s deleted.' ), 259 '<strong>' . $i . '</strong>' 260 ) . '</p>'; 261 } 262} 263 264$pop3->quit(); 265