Finally com_mailto allow the usage of a captcha by using JForm

components/com_mailto/controller.php

@@ -12,9 +12,7 @@
 /**
  * Mailer Component Controller.
  *
- * @package     Joomla.Site
- * @subpackage  com_mailto
- * @since       1.5
+ * @since  1.5
  */
 class MailtoController extends JControllerLegacy
 {
@@ -23,12 +21,10 @@ class MailtoController extends JControllerLegacy
 	 *
 	 * @return  void
 	 *
-	 * @since 1.5
+	 * @since   1.5
 	 */
 	public function mailto()
 	{
-		$session = JFactory::getSession();
-		$session->set('com_mailto.formtime', time());
 		$this->input->set('view', 'mailto');
 		$this->display();
 	}
@@ -46,18 +42,40 @@ public function send()
 		$this->checkToken();
 
 		$app     = JFactory::getApplication();
-		$session = JFactory::getSession();
-		$timeout = $session->get('com_mailto.formtime', 0);
+		$model   = $this->getModel('mailto');
+		$data    = $model->getData();
 
-		if ($timeout == 0 || time() - $timeout < 20)
+		// Validate the posted data.
+		$form = $model->getForm();
+
+		if (!$form)
 		{
-			JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
+			JError::raiseError(500, $model->getError());
+
+			return false;
+		}
+
+		if (!$model->validate($form, $data))
+		{
+			$errors = $model->getErrors();
+
+			foreach ($errors as $error)
+			{
+				$errorMessage = $error;
+
+				if ($error instanceof Exception)
+				{
+					$errorMessage = $error->getMessage();
+				}
+
+				$app->enqueueMessage($errorMessage, 'error');
+			}
 
 			return $this->mailto();
 		}
 
-		$SiteName = $app->get('sitename');
-		$link     = MailtoHelper::validateHash($this->input->get('link', '', 'post'));
+		$siteName = $app->get('sitename');
+		$link     = MailtoHelper::validateHash($this->input->post->get('link', '', 'post'));
 
 		// Verify that this is a local link
 		if (!$link || !JUri::isInternal($link))
@@ -68,63 +86,24 @@ public function send()
 			return $this->mailto();
 		}
 
-		// An array of email headers we do not want to allow as input
-		$headers = array (
-			'Content-Type:',
-			'MIME-Version:',
-			'Content-Transfer-Encoding:',
-			'bcc:',
-			'cc:'
-		);
-
-		// An array of the input fields to scan for injected headers
-		$fields = array(
-			'mailto',
-			'sender',
-			'from',
-			'subject',
-		);
-
-		/*
-		 * Here is the meat and potatoes of the header injection test.  We
-		 * iterate over the array of form input and check for header strings.
-		 * If we find one, send an unauthorized header and die.
-		 */
-		foreach ($fields as $field)
-		{
-			foreach ($headers as $header)
-			{
-				if (strpos($_POST[$field], $header) !== false)
-				{
-					JError::raiseError(403, '');
-				}
-			}
-		}
-
-		/*
-		 * Free up memory
-		 */
-		unset($headers, $fields);
-
-		$email           = $this->input->post->getString('mailto', '');
-		$sender          = $this->input->post->getString('sender', '');
-		$from            = $this->input->post->getString('from', '');
-		$subject_default = JText::sprintf('COM_MAILTO_SENT_BY', $sender);
-		$subject         = $this->input->post->getString('subject', '') !== '' ? $this->input->post->getString('subject') : $subject_default;
+		$subject_default = JText::sprintf('COM_MAILTO_SENT_BY', $data['sender']);
+		$subject         = $data['subject'] !== '' ? $data['subject'] : $subject_default;
 
 		// Check for a valid to address
 		$error = false;
 
-		if (!$email || !JMailHelper::isEmailAddress($email))
+		if (!$data['emailto'] || !JMailHelper::isEmailAddress($data['emailto']))
 		{
-			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $email);
+			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $data['emailto']);
+
 			JError::raiseWarning(0, $error);
 		}
 
 		// Check for a valid from address
-		if (!$from || !JMailHelper::isEmailAddress($from))
+		if (!$data['emailfrom'] || !JMailHelper::isEmailAddress($data['emailfrom']))
 		{
-			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $from);
+			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $data['emailfrom']);
+
 			JError::raiseWarning(0, $error);
 		}
 
@@ -135,19 +114,19 @@ public function send()
 
 		// Build the message to send
 		$msg  = JText::_('COM_MAILTO_EMAIL_MSG');
-		$body = sprintf($msg, $SiteName, $sender, $from, $link);
+		$body = sprintf($msg, $siteName, $data['sender'], $data['emailfrom'], $link);
 
 		// Clean the email data
 		$subject = JMailHelper::cleanSubject($subject);
 		$body    = JMailHelper::cleanBody($body);
 
 		// To send we need to use punycode.
-		$from  = JStringPunycode::emailToPunycode($from);
-		$from  = JMailHelper::cleanAddress($from);
-		$email = JStringPunycode::emailToPunycode($email);
+		$data['emailfrom'] = JStringPunycode::emailToPunycode($data['emailfrom']);
+		$data['emailfrom'] = JMailHelper::cleanAddress($data['emailfrom']);
+		$data['emailto']   = JStringPunycode::emailToPunycode($data['emailto']);
 
 		// Send the email
-		if (JFactory::getMailer()->sendMail($from, $sender, $email, $subject, $body) !== true)
+		if (JFactory::getMailer()->sendMail($data['emailfrom'], $data['sender'], $data['emailto'], $subject, $body) !== true)
 		{
 			JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
 

components/com_mailto/models/forms/mailto.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<form>
+	<fieldset name="default">
+		<field
+			name="emailto"
+			type="email"
+			label="COM_MAILTO_EMAIL_TO"
+			filter="string"
+			required="true"
+			size="30"
+			validate="email"
+			autocomplete="email"
+		/>
+
+		<field
+			name="sender"
+			type="text"
+			label="COM_MAILTO_SENDER"
+			filter="string"
+			required="true"
+			size="30"
+		/>
+
+		<field
+			name="emailfrom"
+			type="email"
+			label="COM_MAILTO_YOUR_EMAIL"
+			filter="string"
+			required="true"
+			size="30"
+			validate="email"
+			autocomplete="email"
+		/>
+
+		<field
+			name="subject"
+			type="text"
+			label="COM_MAILTO_SUBJECT"
+			filter="string"
+			required="true"
+			size="30"
+		/>
+
+		<field
+			name="captcha"
+			type="captcha"
+			label="COM_MAILTO_CAPTCHA"
+			validate="captcha"
+		/>
+	</fieldset>
+</form>

components/com_mailto/models/mailto.php

@@ -0,0 +1,107 @@
+<?php
+/**
+ * @package     Joomla.Site
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * Mailto model class.
+ *
+ * @since  __DEPLOY_VERSION__
+ */
+class MailtoModelMailto extends JModelForm
+{
+	/**
+	 * Method to get the mailto form.
+	 *
+	 * The base form is loaded from XML and then an event is fired
+	 * for users plugins to extend the form with extra fields.
+	 *
+	 * @param   array    $data      An optional array of data for the form to interogate.
+	 * @param   boolean  $loadData  True if the form is to load its own data (default case), false if not.
+	 *
+	 * @return  JForm	A JForm object on success, false on failure
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function getForm($data = array(), $loadData = true)
+	{
+		// Get the form.
+		$form = $this->loadForm('com_mailto.mailto', 'mailto', array('load_data' => $loadData));
+
+		if (empty($form))
+		{
+			return false;
+		}
+
+		return $form;
+	}
+
+	/**
+	 * Method to get the data that should be injected in the form.
+	 *
+	 * @return  array  The default data is an empty array.
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	protected function loadFormData()
+	{
+		$user = JFactory::getUser();
+		$app  = JFactory::getApplication();
+		$data = array();
+
+		$data = $app->getUserState('mailto.mailto.form.data', array());
+
+		$data['link'] = urldecode($app->input->get('link', '', 'BASE64'));
+
+		if ($data['link'] == '')
+		{
+			JError::raiseError(403, JText::_('COM_MAILTO_LINK_IS_MISSING'));
+
+			return false;
+		}
+
+		// Load with previous data, if it exists
+		$data['sender']  = $app->input->post->getString('sender', '');
+		$data['subject'] = $app->input->post->getString('subject', '');
+		$data['from']    = JStringPunycode::emailToPunycode($app->input->post->getString('from', ''));
+		$data['mailto']  = JStringPunycode::emailToPunycode($app->input->post->getString('mailto', ''));
+
+		if (!$user->guest)
+		{
+			$data['sender'] = $user->name;
+			$data['from']   = $user->email;
+		}
+
+		$app->setUserState('mailto.mailto.form.data', $data);
+
+		$this->preprocessData('com_mailto.mailto', $data);
+
+		return $data;
+	}
+
+	/**
+	 * Get the request data
+	 *
+	 * @return  array  The requested data
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function getData()
+	{
+		$input = JFactory::getApplication()->input;
+
+		$data['emailto']   = $input->get('emailto', '', 'string');
+		$data['sender']    = $input->get('sender', '', 'string');
+		$data['emailfrom'] = $input->get('emailfrom', '', 'string');
+		$data['subject']   = $input->get('subject', '', 'string');
+		$data['captcha']   = $input->get('captcha', '', 'string');
+
+		return $data;
+	}
+}