API tools faq
paste
Advertisement
Guest User

wordpress - base64-encoded post-by-email post garbled.

a guest
Jul 14th, 2013
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.30 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * Gets the email message from the user's mailbox to add as
  4. * a WordPress post. Mailbox connection information must be
  5. * configured under Settings > Writing
  6. *
  7. * @package WordPress
  8. */
  9.  
  10. /** Make sure that the WordPress bootstrap has run before continuing. */
  11. require(dirname(__FILE__) . '/wp-load.php');
  12.  
  13. if ( ! apply_filters( 'enable_post_by_email_configuration', true ) )
  14. wp_die( __( 'This action has been disabled by the administrator.' ) );
  15.  
  16. /** Allow a plugin to do a complete takeover of Post by Email **/
  17. do_action('wp-mail.php');
  18.  
  19. /** Get the POP3 class with which to access the mailbox. */
  20. require_once( ABSPATH . WPINC . '/class-pop3.php' );
  21.  
  22. /** Only check at this interval for new messages. */
  23. if ( !defined('WP_MAIL_INTERVAL') )
  24. define('WP_MAIL_INTERVAL', 300); // 5 minutes
  25.  
  26. $last_checked = get_transient('mailserver_last_checked');
  27.  
  28. if ( $last_checked )
  29. wp_die(__('Slow down cowboy, no need to check for new mails so often!'));
  30.  
  31. set_transient('mailserver_last_checked', true, WP_MAIL_INTERVAL);
  32.  
  33. $time_difference = get_option('gmt_offset') * HOUR_IN_SECONDS;
  34.  
  35. $phone_delim = '::';
  36.  
  37. $pop3 = new POP3();
  38.  
  39. if ( !$pop3->connect( get_option('mailserver_url'), get_option('mailserver_port') ) || !$pop3->user( get_option('mailserver_login') ) )
  40. wp_die( esc_html( $pop3->ERROR ) );
  41.  
  42. $count = $pop3->pass( get_option('mailserver_pass') );
  43.  
  44. if( false === $count )
  45. wp_die( esc_html( $pop3->ERROR ) );
  46.  
  47. if( 0 === $count ) {
  48. $pop3->quit();
  49. wp_die( __('There doesn’t seem to be any new mail.') );
  50. }
  51.  
  52. for ( $i = 1; $i <= $count; $i++ ) {
  53.  
  54. $message = $pop3->get($i);
  55.  
  56. $bodysignal = false;
  57. $needContentType = true;
  58. $boundary = '';
  59. $charset = '';
  60. $content = '';
  61. $content_type = '';
  62. $content_transfer_encoding = '';
  63. $post_author = 1;
  64. $author_found = false;
  65. $dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
  66. foreach ($message as $line) {
  67. // body signal
  68. if ( strlen($line) < 3 && !$needContentType )
  69. $bodysignal = true;
  70. if ( preg_match('/Content-Transfer-Encoding: /i', $line) ) {
  71. $bodysignal = false;
  72. }
  73. if ( $bodysignal ) {
  74. $content .= $line;
  75. } else {
  76. if ( preg_match('/Content-Type: /i', $line) ) {
  77. $content_type = trim($line);
  78. $content_type = substr($content_type, 14, strlen($content_type) - 14);
  79. $content_type = explode(';', $content_type);
  80. if ( ! empty( $content_type[1] ) ) {
  81. $charset = explode('=', $content_type[1]);
  82. $charset = ( ! empty( $charset[1] ) ) ? trim($charset[1]) : '';
  83. }
  84. $content_type = $content_type[0];
  85. }
  86.  
  87. if ( preg_match('/Content-Transfer-Encoding: /i', $line) ) {
  88. $needContentType = false;
  89. $content_transfer_encoding = trim($line);
  90. $content_transfer_encoding = substr($content_transfer_encoding, 27, strlen($content_transfer_encoding) - 27);
  91. $content_transfer_encoding = explode(';', $content_transfer_encoding);
  92. $content_transfer_encoding = $content_transfer_encoding[0];
  93. }
  94. if ( ( $content_type == 'multipart/alternative' ) && ( false !== strpos($line, 'boundary="') ) && ( '' == $boundary ) ) {
  95. $boundary = trim($line);
  96. $boundary = explode('"', $boundary);
  97. $boundary = $boundary[1];
  98. }
  99. if (preg_match('/Subject: /i', $line)) {
  100. $subject = trim($line);
  101. $subject = substr($subject, 9, strlen($subject) - 9);
  102. // Captures any text in the subject before $phone_delim as the subject
  103. if ( function_exists('iconv_mime_decode') ) {
  104. $subject = iconv_mime_decode($subject, 2, get_option('blog_charset'));
  105. } else {
  106. $subject = wp_iso_descrambler($subject);
  107. }
  108. $subject = explode($phone_delim, $subject);
  109. $subject = $subject[0];
  110. }
  111.  
  112. // Set the author using the email address (From or Reply-To, the last used)
  113. // otherwise use the site admin
  114. if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) {
  115. if ( preg_match('|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches) )
  116. $author = $matches[0];
  117. else
  118. $author = trim($line);
  119. $author = sanitize_email($author);
  120. if ( is_email($author) ) {
  121. echo '<p>' . sprintf(__('Author is %s'), $author) . '</p>';
  122. $userdata = get_user_by('email', $author);
  123. if ( ! empty( $userdata ) ) {
  124. $post_author = $userdata->ID;
  125. $author_found = true;
  126. }
  127. }
  128. }
  129.  
  130. if (preg_match('/Date: /i', $line)) { // of the form '20 Mar 2002 20:32:37'
  131. $ddate = trim($line);
  132. $ddate = str_replace('Date: ', '', $ddate);
  133. if (strpos($ddate, ',')) {
  134. $ddate = trim(substr($ddate, strpos($ddate, ',') + 1, strlen($ddate)));
  135. }
  136. $date_arr = explode(' ', $ddate);
  137. $date_time = explode(':', $date_arr[3]);
  138.  
  139. $ddate_H = $date_time[0];
  140. $ddate_i = $date_time[1];
  141. $ddate_s = $date_time[2];
  142.  
  143. $ddate_m = $date_arr[1];
  144. $ddate_d = $date_arr[0];
  145. $ddate_Y = $date_arr[2];
  146. for ( $j = 0; $j < 12; $j++ ) {
  147. if ( $ddate_m == $dmonths[$j] ) {
  148. $ddate_m = $j+1;
  149. }
  150. }
  151.  
  152. $time_zn = intval($date_arr[4]) * 36;
  153. $ddate_U = gmmktime($ddate_H, $ddate_i, $ddate_s, $ddate_m, $ddate_d, $ddate_Y);
  154. $ddate_U = $ddate_U - $time_zn;
  155. $post_date = gmdate('Y-m-d H:i:s', $ddate_U + $time_difference);
  156. $post_date_gmt = gmdate('Y-m-d H:i:s', $ddate_U);
  157. }
  158. }
  159. }
  160.  
  161. // Set $post_status based on $author_found and on author's publish_posts capability
  162. if ( $author_found ) {
  163. $user = new WP_User($post_author);
  164. $post_status = ( $user->has_cap('publish_posts') ) ? 'publish' : 'pending';
  165. } else {
  166. // Author not found in DB, set status to pending. Author already set to admin.
  167. $post_status = 'pending';
  168. }
  169.  
  170. $subject = trim($subject);
  171.  
  172. if ( $content_type == 'multipart/alternative' ) {
  173. $content = explode('--'.$boundary, $content);
  174. $content = $content[2];
  175. // match case-insensitive content-transfer-encoding
  176. if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim) ) {
  177. $content = explode($delim[0], $content);
  178. $content = $content[1];
  179. }
  180. $content = strip_tags($content, '<img><p><br><i><b><u><em><strong><strike><font><span><div>');
  181. }
  182. $content = trim($content);
  183.  
  184. //Give Post-By-Email extending plugins full access to the content
  185. //Either the raw content or the content of the last quoted-printable section
  186. $content = apply_filters('wp_mail_original_content', $content);
  187.  
  188. if ( false !== stripos($content_transfer_encoding, "quoted-printable") ) {
  189. $content = quoted_printable_decode($content);
  190. }
  191.  
  192. if (stripos($content_transfer_encoding, "base64") !== false) {
  193. $content = base64_decode($content);
  194. }
  195.  
  196. if ( function_exists('iconv') && ! empty( $charset ) ) {
  197. $content = iconv($charset, get_option('blog_charset'), $content);
  198. }
  199.  
  200. // Captures any text in the body after $phone_delim as the body
  201. $content = explode($phone_delim, $content);
  202. $content = empty( $content[1] ) ? $content[0] : $content[1];
  203.  
  204. $content = trim($content);
  205.  
  206. $post_content = apply_filters('phone_content', $content);
  207.  
  208. $post_title = xmlrpc_getposttitle($content);
  209.  
  210. if ($post_title == '') $post_title = $subject;
  211.  
  212. if (stripos($content_transfer_encoding, "base64") !== false) {
  213. // $post_title might start with =?utf-8?B?
  214. if (substr($post_title, 0, 10) == "=?utf-8?B?") {
  215. $post_title = substr($post_title, 10);
  216. }
  217. }
  218.  
  219. $post_category = array(get_option('default_email_category'));
  220.  
  221. $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
  222. $post_data = add_magic_quotes($post_data);
  223.  
  224. $post_ID = wp_insert_post($post_data);
  225. if ( is_wp_error( $post_ID ) )
  226. echo "\n" . $post_ID->get_error_message();
  227.  
  228. // We couldn't post, for whatever reason. Better move forward to the next email.
  229. if ( empty( $post_ID ) )
  230. continue;
  231.  
  232. do_action('publish_phone', $post_ID);
  233.  
  234. echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), esc_html($post_author)) . '</p>';
  235. echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), esc_html($post_title)) . '</p>';
  236.  
  237. if(!$pop3->delete($i)) {
  238. echo '<p>' . sprintf(__('Oops: %s'), esc_html($pop3->ERROR)) . '</p>';
  239. $pop3->reset();
  240. exit;
  241. } else {
  242. echo '<p>' . sprintf(__('Mission complete. Message <strong>%s</strong> deleted.'), $i) . '</p>';
  243. }
  244.  
  245. }
  246.  
  247. $pop3->quit();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!