(* COCANWIKI - a wiki written in Objective CAML.
* Written by Richard W.M. Jones <rich@merjis.com>.
* Copyright (C) 2004 Merjis Ltd.
- * $Id: contact.ml,v 1.2 2004/09/17 15:15:50 rich Exp $
+ * $Id: contact.ml,v 1.13 2006/07/31 09:49:42 rich Exp $
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
open Cocanwiki_template
open Cocanwiki_ok
-let run r (q : cgi) (dbh : Dbi.connection) hostid {hostname = hostname} user =
+let subj_rex = Pcre.regexp "\\$\\w+"
+
+let run r (q : cgi) dbh hostid {hostname = hostname} user =
let template = get_template dbh hostid "contact.txt" in
let fail msg =
error ~back_button:true ~title:"Bad form"
- q (msg ^ " Please contact the owner of the site by email.");
- raise CgiExit
+ dbh hostid q (msg ^ " Please contact the owner of the site by email.");
+ return ()
in
- (* Get the id field. *)
- let id =
- try int_of_string (q#param "id")
+ (* Get the name field. *)
+ let name =
+ try q#param "id"
with
- Not_found -> fail "The 'id' field is missing in that form."
- | Failure "int_of_string" ->
- fail "The 'id' field in that form is not a number." in
+ Not_found ->
+ fail "The 'name' field is missing in that form." in
(* Get the contacts / emails from the database. *)
- let sth = dbh#prepare_cached "select subject from contacts
- where hostid = ? and id = ?" in
- sth#execute [`Int hostid; `Int id];
-
- let subject =
- try sth#fetch1string ()
- with Not_found -> fail "There is no such contact id in the database." in
+ let rows = PGSQL(dbh)
+ "select id, subject from contacts
+ where hostid = $hostid and name = $name" in
- let sth = dbh#prepare_cached "select email from contact_emails
- where contactid = ?" in
- sth#execute [`Int id];
+ let id, subject =
+ match rows with
+ | [row] -> row
+ | [] -> fail "There is no such contact form in the database."
+ | _ -> assert false in
- let emails = sth#map (function [`String email] -> email
- | _ -> assert false) in
+ let to_addrs =
+ PGSQL(dbh) "select email from contact_emails where contactid = $id" in
+ let to_addrs = List.map (fun email -> "", email) to_addrs in
- if emails = [] then
+ if to_addrs = [] then
fail "There are no email addresses associated with that contact id.";
(* Now process the strings passed as parameters to the script. Any
let not_empty name = (q#upload name).upload_value <> "" in
List.filter not_empty uploads in
+ (* Substitute any $Field fields in the subject line. The substitution
+ * is very simple-minded.
+ *)
+ let subst pat =
+ let n = String.length pat in
+ assert (n > 0 && pat.[0] = '$');
+ let fieldname = String.sub pat 1 (n-1) in
+ if List.mem fieldname names then
+ q#param fieldname
+ else
+ pat
+ in
+ let subject = Pcre.substitute ~rex:subj_rex ~subst subject in
+
(* Get the IP address for logging purposes. *)
let ip =
try Connection.remote_ip (Request.connection r) with Not_found -> "" in
let username =
match user with
Anonymous -> "anonymous"
- | User (userid, username, _) ->
- sprintf "%s (%d)" username userid in
+ | User (userid, username, _, _) ->
+ sprintf "%s (%ld)" username userid in
template#set "ip" ip;
template#set "ua" ua;
template#set "nr_uploads" (string_of_int (List.length uploads));
(* Send the initial email. *)
+ let content_type =
+ "text/plain", ["charset", Mimestring.mk_param "UTF-8"] in
let body = template#to_string in
- Sendmail.send_mail ~subject ~to_addr:emails ~body ();
+ let msg = Netsendmail.compose ~to_addrs ~subject ~content_type body in
+ Netsendmail.sendmail msg;
(* Send the following uploads by email. *)
List.iter (fun name ->
let upload = q#upload name in
let subject = upload.upload_filename in
- (* XXX This is insecure. *)
- let content_type = upload.upload_content_type in
+ let content_type = upload.upload_content_type, [] in
let body = upload.upload_value in
- Sendmail.send_mail ~subject ~to_addr:emails ~content_type
- ~body ())
+ let msg =
+ Netsendmail.compose ~to_addrs ~subject ~content_type body in
+ Netsendmail.sendmail msg)
uploads;
(* Confirm. *)
ok ~title:"Thank you for your contact" ~buttons:[ok_button "/"]
- q "An email was sent and you should receive a reply shortly."
+ dbh hostid q "An email was sent and you should receive a reply shortly."
let () =
- register_script run
+ register_script ~restrict:[CanView] run