diff --git src/wp-includes/class-plancake-email-parser.php src/wp-includes/class-plancake-email-parser.php new file mode 100755 index 0000000000..ba8d4bafb2 --- /dev/null +++ src/wp-includes/class-plancake-email-parser.php @@ -0,0 +1,372 @@ +. * +* * +************************************************************************************** +* +* Valuable contributions by: +* - Chris +* +************************************************************************************** +* +* Adaptations for WordPress use: +* - imath +* +* **************************************************************************************/ + +/** + * Extracts the headers and the body of an email + * Obviously it can't extract the bcc header because it doesn't appear in the content + * of the email. + * + * N.B.: if you deal with non-English languages, we recommend you install the IMAP PHP extension: + * the Plancake PHP Email Parser will detect it and used it automatically for better results. + * + * For more info, check: + * https://github.com/plancake/official-library-php-email-parser + * + * @author dan + */ +class Plancake_Email_Parser { + /** + * Plaintext code. + * + * @var int + */ + const PLAINTEXT = 1; + + /** + * HTML code. + * + * @var int + */ + const HTML = 2; + + /** + * IMAP extension availability. + * + * @var boolean + */ + private $is_imap_extension_available = false; + + /** + * The Email raw content. + * + * @var string + */ + private $email_raw_content; + + /** + * Email header fields. + * + * @var array + */ + protected $raw_fields; + + /** + * Lines of the Email body. + * + * @var array + */ + protected $raw_body_lines; + + /** + * Class constructor. + * + * @param string $email_raw_content The Email raw content. + */ + public function __construct( $email_raw_content ) { + $this->email_raw_content = $email_raw_content; + + $this->extract_headers_and_rawbody(); + + if ( function_exists( 'imap_open' ) ) { + $this->is_imap_extension_available = true; + } + } + + /** + * Extracts the email header and body. + * + * @access private + */ + private function extract_headers_and_rawbody() { + $lines = preg_split( "/(\r?\n|\r)/", $this->email_raw_content ); + $current_header = ''; + $i = 0; + + foreach ( $lines as $line ) { + if ( self::is_new_line( $line ) ) { + // end of headers. + $this->raw_body_lines = array_slice( $lines, $i ); + break; + } + + if ( $this->is_line_starting_with_printable_char( $line ) ) { + // start of new header. + preg_match( '/([^:]+): ?(.*)$/', $line, $matches ); + $new_header = strtolower( $matches[1] ); + $value = $matches[2]; + + // Sets the header field value. + $this->raw_fields[ $new_header ] = $value; + $current_header = $new_header; + } else { + // more lines related to the current header. + + if ( $current_header ) { + // to prevent notice from empty lines. + $this->raw_fields[ $current_header ] .= substr( $line, 1 ); + } + } + + $i++; + } + } + + /** + * Gets the Email subject. + * + * @throws Exception if a subject header is not found. + * @return string An UTF-8 formatted string. + */ + public function get_subject() { + if ( ! isset( $this->raw_fields['subject'] ) ) { + throw new Exception( "Couldn't find the subject of the email" ); + } + + $ret = ''; + + if ( $this->is_imap_extension_available ) { + // Subject can span into several lines. + foreach ( imap_mime_header_decode( $this->raw_fields['subject'] ) as $h ) { + $charset = ( 'default' === $h->charset ) ? 'US-ASCII' : $h->charset; + $ret .= iconv( $charset, 'UTF-8//TRANSLIT', $h->text ); + } + } else { + $ret = utf8_encode( iconv_mime_decode( $this->raw_fields['subject'] ) ); + } + + return $ret; + } + + /** + * Gets the list of recipients in copy. + * + * @return array The list of recipients in copy. + */ + public function get_cc() { + if ( ! isset( $this->raw_fields['cc'] ) ) { + return array(); + } + + return explode( ',', $this->raw_fields['cc'] ); + } + + /** + * Gets the list of recipients. + * + * @throws Exception if a to header is not found or if there are no recipient. + * @return array The list of recipients. + */ + public function get_to() { + if ( ! isset( $this->raw_fields['to'] ) || ! count( $this->raw_fields['to'] ) ) { + throw new Exception( "Couldn't find the recipients of the email" ); + } + + return explode( ',', $this->raw_fields['to'] ); + } + + /** + * Returns the email body, UTF8 encoded. + * + * Example of an email body + * + * --0016e65b5ec22721580487cb20fd + * Content-Type: text/plain; charset=ISO-8859-1 + * Hi all. I am new to Android development. + * Please help me. + * + * -- + * My signature + * email: myemail@gmail.com + * web: http://www.example.com + * --0016e65b5ec22721580487cb20fd + * Content-Type: text/html; charset=ISO-8859-1 + * + * @param int $return_type The code of the type of content to return. + * Default: 1. + * @return string The email body, UTF8 encoded. + */ + public function get_body( $return_type = self::PLAINTEXT ) { + $body = ''; + $detected_content_type = false; + $content_transfer_encoding = null; + $charset = 'ASCII'; + $waiting_for_content_start = true; + + if ( self::HTML === $return_type ) { + $content_type_regex = '/^Content-Type: ?text\/html/i'; + } else { + $content_type_regex = '/^Content-Type: ?text\/plain/i'; + } + + // There could be more than one boundary. + preg_match_all( '!boundary=(.*)$!mi', $this->email_raw_content, $matches ); + $boundaries = array(); + + if ( isset( $matches[1] ) && $matches[1] ) { + // Sometimes boundaries are delimited by quotes - we want to remove them. + foreach ( $matches[1] as $boundary ) { + $boundaries[] = trim( str_replace( array( "'", '"' ), '', $boundary ) ); + } + } + + foreach ( $this->raw_body_lines as $line ) { + if ( null === $content_transfer_encoding && preg_match( '/^Content-Transfer-Encoding: ?(.*)/i', $line, $matches ) ) { + $content_transfer_encoding = $matches[1]; + } + + if ( ! $detected_content_type ) { + + if ( preg_match( $content_type_regex, $line, $matches ) ) { + $detected_content_type = true; + } + + if ( preg_match( '/charset=(.*)/i', $line, $matches ) ) { + $charset = strtoupper( trim( $matches[1], '"' ) ); + } + } elseif ( $detected_content_type && $waiting_for_content_start ) { + + if ( preg_match( '/charset=(.*)/i', $line, $matches ) ) { + $charset = strtoupper( trim( $matches[1], '"' ) ); + } + + if ( self::is_new_line( $line ) ) { + $waiting_for_content_start = false; + } + } else { + /* + * Collecting the actual content until we find the delimiter. + * If the delimited is AAAAA, the line will be --AAAAA - that's why we use substr. + */ + if ( is_array( $boundaries ) && in_array( substr( $line, 2 ), $boundaries, true ) ) { + break; + } + + $body .= $line . "\n"; + } + } + + if ( ! $detected_content_type ) { + /* + * If here, we missed the text/plain content-type (probably it was + * in the header), thus we assume the whole body is what we are after. + */ + $body = implode( "\n", $this->raw_body_lines ); + } + + // removing trailing new lines + $body = preg_replace( '/((\r?\n)*)$/', '', $body ); + + if ( 'base64' === $content_transfer_encoding ) { + $body = base64_decode( $body ); + } elseif ( 'quoted-printable' === $content_transfer_encoding ) { + $body = quoted_printable_decode( $body ); + } + + if ( 'UTF-8' !== $charset ) { + /* + * FORMAT=FLOWED, despite being popular in emails, it is not + * supported by iconv + */ + $charset = str_replace( 'FORMAT=FLOWED', '', $charset ); + $body_copy = $body; + $body = iconv( $charset, 'UTF-8//TRANSLIT', $body ); + + // iconv returns false on failure. + if ( false === $body ) { + $body = utf8_encode( $body_copy ); + } + } + + return $body; + } + + /** + * Gets the text/plain body, UTF8 encoded. + * + * @return string The text/plain body, UTF8 encoded. + */ + public function get_plain_body() { + return $this->get_body( self::PLAINTEXT ); + } + + /** + * Gets the text/html body, UTF8 encoded. + * + * @return string The text/html body, UTF8 encoded. + */ + public function get_html_body() { + return $this->get_body( self::HTML ); + } + + /** + * Gets the value of a specific email header. + * + * N.B.: if the header doesn't exist an empty string is returned. + * + * @param string $header_name - the header we want to retrieve + * @return string - the value of the header + */ + public function get_header( $header_name ) { + $header_name = strtolower( $header_name ); + + if ( isset( $this->raw_fields[ $header_name ] ) ) { + return $this->raw_fields[ $header_name ]; + } + + return ''; + } + + /** + * Checks if the current line is a new one. + * + * @param string $line One of the lines of the raw content. + * @return bool True if it's a new line. False otherwise. + */ + public static function is_new_line( $line ) { + $line = str_replace( "\r", '', $line ); + $line = str_replace( "\n", '', $line ); + + return ( strlen( $line ) === 0 ); + } + + /** + * Checks if the current line starts with a printable char. + * + * @param string $line One of the lines of the raw content. + * @return bool True if the line starts with a printable char. + * False otherwise. + * @access private + */ + private function is_line_starting_with_printable_char( $line ) { + return preg_match( '/^[A-Za-z]/', $line ); + } +} diff --git src/wp-includes/comment.php src/wp-includes/comment.php index 116e66a57c..b9a89209fb 100644 --- src/wp-includes/comment.php +++ src/wp-includes/comment.php @@ -3903,3 +3903,21 @@ function _wp_check_for_scheduled_update_comment_type() { wp_schedule_single_event( time() + MINUTE_IN_SECONDS, 'wp_update_comment_type_batch' ); } } + +/** + * Checks the mail server (if enabled) is not restricted to posts. + * + * @since 5.7.0 + * + * @return bool True if the mail server can be used for comments. False otherwise. + */ +function wp_check_comment_mailserver_usability() { + /** + * Filter here to disable mail server usage to comments. + * + * @since 5.7.0 + * + * @param $value bool Whether to enable mail server usage to comments. + */ + return apply_filters( 'wp_check_comment_mailserver_usability', wp_is_mailserver_enabled() ); +} diff --git src/wp-includes/functions.php src/wp-includes/functions.php index eb4c4b6961..577f926846 100644 --- src/wp-includes/functions.php +++ src/wp-includes/functions.php @@ -7779,3 +7779,16 @@ function is_php_version_compatible( $required ) { function wp_fuzzy_number_match( $expected, $actual, $precision = 1 ) { return abs( (float) $expected - (float) $actual ) <= $precision; } + +/** + * Check if the mail server to fetch posts or comments sent by email is enabled. + * + * @since 5.7.0 + * + * @return bool Whether the mail server to fetch posts or comments sent by email is enabled. + */ +function wp_is_mailserver_enabled() { + $mailserver_url = get_option( 'mailserver_url', 'mail.example.com' ); + + return $mailserver_url && 'mail.example.com' !== $mailserver_url; +} diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php index 7dee482170..024319e14a 100644 --- src/wp-includes/pluggable.php +++ src/wp-includes/pluggable.php @@ -1672,6 +1672,15 @@ if ( ! function_exists( 'wp_notify_postauthor' ) ) : } $notify_message .= get_permalink( $comment->comment_post_ID ) . "#comments\r\n\r\n"; + + // Can authors reply to the comment directly by email? + $can_reply_by_email = wp_check_comment_mailserver_usability(); + + if ( $can_reply_by_email ) { + /* translators: %s: Site name. */ + $notify_message .= sprintf( __( 'Reply to this email directly or view it on %s:' ), $blogname ) . "\r\n"; + } + /* translators: %s: Comment URL. */ $notify_message .= sprintf( __( 'Permalink: %s' ), get_comment_link( $comment ) ) . "\r\n"; @@ -1687,7 +1696,8 @@ if ( ! function_exists( 'wp_notify_postauthor' ) ) : $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; } - $wp_email = 'wordpress@' . preg_replace( '#^www\.#', '', wp_parse_url( network_home_url(), PHP_URL_HOST ) ); + $domain = preg_replace( '#^www\.#', '', wp_parse_url( network_home_url(), PHP_URL_HOST ) ); + $wp_email = 'wordpress@' . $domain; if ( '' === $comment->comment_author ) { $from = "From: \"$blogname\" <$wp_email>"; @@ -1704,7 +1714,31 @@ if ( ! function_exists( 'wp_notify_postauthor' ) ) : $message_headers = "$from\n" . 'Content-Type: text/plain; charset="' . get_option( 'blog_charset' ) . "\"\n"; - if ( isset( $reply_to ) ) { + /** + * Use the Reply by Email feature if enabled. + */ + if ( $can_reply_by_email ) { + $mailserver_login = get_option( 'mailserver_login' ); + $message_headers .= "Reply-To: \"$blogname\" <$mailserver_login>\n"; + + $message_id = sprintf( + /** + * This Message-ID header is unique for the domain. + * It identifies the author, the post type and the comment type. + * It will be transported into the email reply. + */ + '%1$s/type/%2$s/%3$s/comment-type/%4$s/%5$s@%6$s', + $author->user_nicename, + get_post_type( $post ), + $post->ID, + get_comment_type( $comment ), + $comment->comment_ID, + $domain + ); + + // Use the Message ID as one of the references to make it available into the email reply. + $message_headers .= "References: <$message_id>\n"; + } elseif ( isset( $reply_to ) ) { $message_headers .= $reply_to . "\n"; } diff --git src/wp-mail.php src/wp-mail.php index 1d5fbedf03..91fb26271b 100644 --- src/wp-mail.php +++ src/wp-mail.php @@ -15,12 +15,9 @@ if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) { wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); } -$mailserver_url = get_option( 'mailserver_url' ); - -if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) { +if ( ! wp_is_mailserver_enabled() ) { wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); } - /** * Fires to allow a plugin to do a complete takeover of Post by Email. * @@ -30,6 +27,7 @@ do_action( 'wp-mail.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHoo /** Get the POP3 class with which to access the mailbox. */ require_once ABSPATH . WPINC . '/class-pop3.php'; +require_once ABSPATH . WPINC . '/class-plancake-email-parser.php'; /** Only check at this interval for new messages. */ if ( ! defined( 'WP_MAIL_INTERVAL' ) ) { @@ -65,10 +63,191 @@ if ( 0 === $count ) { wp_die( __( 'There doesn’t seem to be any new mail.' ) ); } -for ( $i = 1; $i <= $count; $i++ ) { +$domain = preg_replace( '#^www\.#', '', wp_parse_url( network_home_url(), PHP_URL_HOST ) ); +$can_reply_by_email = wp_check_comment_mailserver_usability(); +for ( $i = 1; $i <= $count; $i++ ) { + // Set the message. $message = $pop3->get( $i ); + if ( $can_reply_by_email ) { + // Possibly set the comment reply. + $reply = implode( '', $message ); + + // Parse the reply. + $email_parser = new Plancake_Email_Parser( $reply ); + $email_address = preg_replace( '/(.*?)\<(.*?)\>/', '$2', iconv_mime_decode( $email_parser->get_header( 'From' ) ) ); + $author_email = sanitize_email( $email_address ); + $body = $email_parser->get_plain_body(); + $wp_references = array(); + $references = iconv_mime_decode( $email_parser->get_header( 'References' ) ); + $content_type = explode( ';', $email_parser->get_header( 'Content-Type' ) ); + + $author = get_user_by( 'email', $author_email ); + if ( $author ) { + // Try to get the references. + preg_match( "/\<(.*?)\/type\/(.*?)\/(\d*?)\/comment-type\/(.*?)\/(\d*?)@$domain\>/", $references, $matches ); + array_shift( $matches ); + $wp_references = array_filter( $matches ); + $comment = null; + + // Fallback to the comment's link inside the quoted message. + if ( ! $wp_references ) { + $url = addcslashes( site_url(), '/.' ); + + // Reset matches. + $matches = array(); + + /** + * @todo + * If the comment parent does not exist anymore and this is used, + * a post might be created. This needs extra checks. + */ + preg_match( "/$url(.*)#comment-(\d*)/", $body, $matches ); + if ( ! empty( $matches[0] ) && ! empty( $matches[2] ) ) { + $post_id = url_to_postid( $matches[0] ); + + if ( $post_id ) { + $comment = get_comment( $matches[2] ); + if ( ! empty( $comment->comment_post_ID ) && $post_id === (int) $comment->comment_post_ID ) { + $wp_references = array( + $author->user_nicename, + get_post_type( $post_id ), + $post_id, + get_comment_type( $comment ), + $comment->comment_ID, + ); + } + } + } + } + + // Let's process. + if ( 5 === count( $wp_references ) ) { + list( $author_user_nicename, $post_type, $post_id, $comment_type, $comment_id ) = $wp_references; + + if ( null === $comment ) { + $comment = get_comment( $comment_id ); + } + + // Set comment data. + if ( null !== $comment && $author_user_nicename === $author->user_nicename ) { + // Set comment author. + $comment_author = $author->display_name; + $comment_author_email = $author->user_email; + $comment_author_url = $author->user_url; + + // Set comment content. + $comment_content = $body; + $content_type = reset( $content_type ); + + // Most of the time emails are multipart, but some are not (eg: gmx.com). + if ( 'text/html' === strtolower( $content_type ) ) { + $comment_content = str_replace( ' ', ' ', wp_kses( $body, array() ) ); + $comment_content = html_entity_decode( $comment_content, ENT_QUOTES, get_bloginfo( 'charset' ) ); + } + + // Reset matches. + $matches = array(); + + // Look for into the content to only keep what's above. + preg_match( '/^(.*)\<(.*)@(.*)\>(.*)$/im', $comment_content, $matches ); + if ( ! empty( $matches[0] ) ) { + $comment_content_parts = explode( $matches[0], $comment_content ); + if ( 2 === count( $comment_content_parts ) ) { + $comment_content = reset( $comment_content_parts ); + } + } else { + $commented_post = get_post( $post_id ); + + // Look for the post title into the content to only keep what's above. + preg_match( "/^\>(.*)$commented_post->post_title(.*)$/im", $comment_content, $matches ); + if ( ! empty( $matches[0] ) ) { + $comment_content_parts = explode( $matches[0], $comment_content ); + if ( 2 === count( $comment_content_parts ) ) { + $comment_content = reset( $comment_content_parts ); + } + } + } + + // Reset matches. + $matches = array(); + + // Look for specific separators into the content to only keep what's above. + preg_match( '/---*|___*|Sent:.*$/', $comment_content, $matches ); + if ( ! empty( $matches[0] ) ) { + $comment_content_parts = explode( $matches[0], $comment_content ); + + if ( 2 === count( $comment_content_parts ) ) { + $comment_content = reset( $comment_content_parts ); + } + } + + // Trim extra characters from the content. + $comment_content = trim( $comment_content, "\n \t\r" ); + + // Set comment date and GMT date. + $reply_date = iconv_mime_decode( $email_parser->get_header( 'Date' ) ); + $r_date = preg_replace( '!\s*\(.+\)\s*$!', '', $reply_date ); + $reply_timestamp = strtotime( $r_date ); + $comment_date = gmdate( 'Y-m-d H:i:s', $reply_timestamp + $time_difference ); + $comment_date_gmt = gmdate( 'Y-m-d H:i:s', $reply_timestamp ); + + // The comment parent is the refernces' $comment_id. + $comment_parent = (int) $comment_id; + + // Set the comment post ID. + $comment_post_ID = (int) $post_id; // phpcs:ignore WordPress.NamingConventions.ValidVariableName.VariableNotSnakeCase + + // Set the user ID. + $user_id = $author->ID; + + // Build arguments. + $commentdata = compact( + 'comment_author', + 'comment_author_email', + 'comment_author_url', + 'comment_content', + 'comment_date', + 'comment_date_gmt', + 'comment_type', + 'comment_parent', + 'comment_post_ID', + 'user_id' + ); + + $comment_reply_id = wp_new_comment( wp_slash( $commentdata ), true ); + if ( ! is_wp_error( $comment_reply_id ) ) { + echo "\n

" . __( 'Author:' ) . ' ' . esc_html( $comment_author ) . '

'; + echo "\n

" . __( 'Replied:' ) . ' ' . esc_html( $comment_content ) . '

'; + + // Delete the email. + if ( ! $pop3->delete( $i ) ) { + echo '

' . sprintf( + /* translators: %s: POP3 error. */ + __( 'Oops: %s' ), + esc_html( $pop3->ERROR ) + ) . '

'; + $pop3->reset(); + exit; + } else { + echo '

' . sprintf( + /* translators: %s: The message ID. */ + __( 'Mission complete. Reply %s deleted.' ), + '' . $i . '' + ) . '

'; + } + } else { + echo "\n" . $comment_reply_id->get_error_message(); + } + } + + // Jump to next message/reply to avoid creating a post. + continue; + } + } + } + $bodysignal = false; $boundary = ''; $charset = '';