function forward_form_validate in Forward 5

Same name and namespace in other branches

1. 6 forward.module \forward_form_validate()
2. 7.3 forward.module \forward_form_validate()
3. 7 forward.module \forward_form_validate()
4. 7.2 forward.module \forward_form_validate()

File

./forward.module, line 524

Code

function forward_form_validate($form_id, &$form) {

  // Here the global variable where form values are stored is brought into the function for possible editing
  global $form_values;

  // To check values, simply access them w/ the same name with which they were declared
  $yname = $form['edit']['yname'];
  $yemail = $form['edit']['yemail'];
  $recipients = $form['edit']['recipients'];
  $message = $form['edit']['message'];
  $path = $form['edit']['path'];
  $url = $base_url . '/' . $path;

  // normalize address entries
  $recipients = trim($form['recipients']);
  $recipients = str_replace(array(
    "\r\n",
    "\n",
    "\r",
  ), ',', $recipients);
  $recipients = str_replace(' ', '', $recipients);

  // convert addresses to an array
  $recipient_addresses = explode(',', $recipients);

  //print count($recipient_addresses); exit;
  $bad_items = array(
    'Content-Type:',
    'MIME-Version:',
    'Content-Transfer-Encoding:',
    'bcc:',
    'cc:',
  );
  foreach ($bad_items as $item) {
    if (eregi($item, $yemail)) {
      $bad_string = true;
    }
  }
  if (strpos($form['yemail'], "\r") !== false || strpos($yemail, "\n") !== false || $bad_string == true) {
    form_set_error('yemail', t('Header injection attempt detected.  Do not enter line feed characters into the from field!'));
  }
  if (user_validate_mail($form['yemail'])) {
    form_set_error('yemail', t('Your Email address is invalid.'));
  }
  if (!$form['yname']) {
    form_set_error('yname', t('You must enter your name.'));
  }
  if ($recipients == '') {
    form_set_error('recipients', t('You did not enter any recipients.'));
  }
  if (count($recipient_addresses) > variable_get('forward_flood_control', 10)) {
    form_set_error('recipients', t('You can only email up to !number recpients.', array(
      '!number' => variable_get('forward_flood_control', 10),
    )));
  }
  else {
    foreach ($recipient_addresses as $address) {
      if (user_validate_mail($address) && $address != '') {
        form_set_error('recipients', t('One of your Recipient addresses is invalid:') . '<br />' . check_plain($address));
      }
    }
  }
  if (!user_access('administer forward')) {

    // Check if it looks like we are going to exceed the flood limit.
    // It is important to ensure that the number of e-mails to be sent count against the threshold.
    if (!flood_is_allowed('forward', variable_get('forward_flood_control', 10) - count($recipient_addresses) + 1)) {
      form_set_error('recipients', t(variable_get('forward_flood_error', 'You can\'t send more than !number messages per hour. Please try again later.'), array(
        '!number' => variable_get('forward_flood_control', 10),
      )));
    }
  }
}