vendor/contao/core-bundle/src/Resources/contao/forms/Form.php line 250

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of Contao.
  5.  *
  6.  * (c) Leo Feyer
  7.  *
  8.  * @license LGPL-3.0-or-later
  9.  */
  11. namespace Contao;
  13. /**
  14.  * Provide methods to handle front end forms.
  15.  *
  16.  * @property integer $id
  17.  * @property string  $title
  18.  * @property string  $formID
  19.  * @property string  $method
  20.  * @property boolean $allowTags
  21.  * @property string  $attributes
  22.  * @property boolean $novalidate
  23.  * @property integer $jumpTo
  24.  * @property boolean $sendViaEmail
  25.  * @property boolean $skipEmpty
  26.  * @property string  $format
  27.  * @property string  $recipient
  28.  * @property string  $subject
  29.  * @property boolean $storeValues
  30.  * @property string  $targetTable
  31.  * @property string  $customTpl
  32.  */
  33. class Form extends Hybrid
  34. {
  35.     /**
  36.      * Model
  37.      * @var FormModel
  38.      */
  39.     protected $objModel;
  41.     /**
  42.      * Key
  43.      * @var string
  44.      */
  45.     protected $strKey 'form';
  47.     /**
  48.      * Table
  49.      * @var string
  50.      */
  51.     protected $strTable 'tl_form';
  53.     /**
  54.      * Template
  55.      * @var string
  56.      */
  57.     protected $strTemplate 'form_wrapper';
  59.     /**
  60.      * Remove name attributes in the back end so the form is not validated
  61.      *
  62.      * @return string
  63.      */
  64.     public function generate()
  65.     {
  66.         $request System::getContainer()->get('request_stack')->getCurrentRequest();
  68.         if ($request && System::getContainer()->get('contao.routing.scope_matcher')->isBackendRequest($request))
  69.         {
  70.             $objTemplate = new BackendTemplate('be_wildcard');
  71.             $objTemplate->wildcard '### ' $GLOBALS['TL_LANG']['CTE']['form'][0] . ' ###';
  72.             $objTemplate->id $this->id;
  73.             $objTemplate->link $this->title;
  74.             $objTemplate->href StringUtil::specialcharsUrl(System::getContainer()->get('router')->generate('contao_backend', array('do'=>'form''table'=>'tl_form_field''id'=>$this->id)));
  76.             return $objTemplate->parse();
  77.         }
  79.         if ($this->customTpl)
  80.         {
  81.             $request System::getContainer()->get('request_stack')->getCurrentRequest();
  83.             // Use the custom template unless it is a back end request
  84.             if (!$request || !System::getContainer()->get('contao.routing.scope_matcher')->isBackendRequest($request))
  85.             {
  86.                 $this->strTemplate $this->customTpl;
  87.             }
  88.         }
  90.         return parent::generate();
  91.     }
  93.     /**
  94.      * Generate the form
  95.      */
  96.     protected function compile()
  97.     {
  98.         $hasUpload false;
  99.         $doNotSubmit false;
  100.         $arrSubmitted = array();
  102.         $this->loadDataContainer('tl_form_field');
  103.         $formId $this->formID 'auto_' $this->formID 'auto_form_' $this->id;
  105.         $this->Template->fields '';
  106.         $this->Template->hidden '';
  107.         $this->Template->formSubmit $formId;
  108.         $this->Template->method = ($this->method == 'GET') ? 'get' 'post';
  109.         $this->Template->requestToken System::getContainer()->get('contao.csrf.token_manager')->getDefaultTokenValue();
  111.         $this->initializeSession($formId);
  112.         $arrLabels = array();
  114.         // Get all form fields
  115.         $arrFields = array();
  116.         $objFields FormFieldModel::findPublishedByPid($this->id);
  118.         if ($objFields !== null)
  119.         {
  120.             while ($objFields->next())
  121.             {
  122.                 // Ignore the name of form fields which do not use a name (see #1268)
  123.                 if ($objFields->name && isset($GLOBALS['TL_DCA']['tl_form_field']['palettes'][$objFields->type]) && preg_match('/[,;]name[,;]/'$GLOBALS['TL_DCA']['tl_form_field']['palettes'][$objFields->type]))
  124.                 {
  125.                     $arrFields[$objFields->name] = $objFields->current();
  126.                 }
  127.                 else
  128.                 {
  129.                     $arrFields[] = $objFields->current();
  130.                 }
  131.             }
  133.             System::getContainer()->get('contao.cache.entity_tags')->tagWith($objFields);
  134.         }
  136.         // HOOK: compile form fields
  137.         if (isset($GLOBALS['TL_HOOKS']['compileFormFields']) && \is_array($GLOBALS['TL_HOOKS']['compileFormFields']))
  138.         {
  139.             foreach ($GLOBALS['TL_HOOKS']['compileFormFields'] as $callback)
  140.             {
  141.                 $this->import($callback[0]);
  142.                 $arrFields $this->{$callback[0]}->{$callback[1]}($arrFields$formId$this);
  143.             }
  144.         }
  146.         // Process the fields
  147.         if (!empty($arrFields) && \is_array($arrFields))
  148.         {
  149.             $row 0;
  150.             $max_row \count($arrFields);
  152.             foreach ($arrFields as $objField)
  153.             {
  154.                 /** @var FormFieldModel $objField */
  155.                 $strClass $GLOBALS['TL_FFL'][$objField->type] ?? null;
  157.                 // Continue if the class is not defined
  158.                 if (!class_exists($strClass))
  159.                 {
  160.                     continue;
  161.                 }
  163.                 $arrData $objField->row();
  165.                 $arrData['decodeEntities'] = true;
  166.                 $arrData['allowHtml'] = $this->allowTags;
  167.                 $arrData['rowClass'] = 'row_' $row . (($row == 0) ? ' row_first' : (($row == ($max_row 1)) ? ' row_last' '')) . ((($row 2) == 0) ? ' even' ' odd');
  169.                 // Increase the row count if it's a password field
  170.                 if ($objField->type == 'password')
  171.                 {
  172.                     ++$row;
  173.                     ++$max_row;
  175.                     $arrData['rowClassConfirm'] = 'row_' $row . (($row == ($max_row 1)) ? ' row_last' '') . ((($row 2) == 0) ? ' even' ' odd');
  176.                 }
  178.                 // Submit buttons do not use the name attribute
  179.                 if ($objField->type == 'submit')
  180.                 {
  181.                     $arrData['name'] = '';
  182.                 }
  184.                 // Unset the default value depending on the field type (see #4722)
  185.                 if (!empty($arrData['value']) && !\in_array('value'StringUtil::trimsplit('[,;]'$GLOBALS['TL_DCA']['tl_form_field']['palettes'][$objField->type] ?? '')))
  186.                 {
  187.                     $arrData['value'] = '';
  188.                 }
  190.                 /** @var Widget $objWidget */
  191.                 $objWidget = new $strClass($arrData);
  192.                 $objWidget->required $objField->mandatory true false;
  194.                 // HOOK: load form field callback
  195.                 if (isset($GLOBALS['TL_HOOKS']['loadFormField']) && \is_array($GLOBALS['TL_HOOKS']['loadFormField']))
  196.                 {
  197.                     foreach ($GLOBALS['TL_HOOKS']['loadFormField'] as $callback)
  198.                     {
  199.                         $this->import($callback[0]);
  200.                         $objWidget $this->{$callback[0]}->{$callback[1]}($objWidget$formId$this->arrData$this);
  201.                     }
  202.                 }
  204.                 // Validate the input
  205.                 if (Input::post('FORM_SUBMIT') == $formId)
  206.                 {
  207.                     $objWidget->validate();
  209.                     // HOOK: validate form field callback
  210.                     if (isset($GLOBALS['TL_HOOKS']['validateFormField']) && \is_array($GLOBALS['TL_HOOKS']['validateFormField']))
  211.                     {
  212.                         foreach ($GLOBALS['TL_HOOKS']['validateFormField'] as $callback)
  213.                         {
  214.                             $this->import($callback[0]);
  215.                             $objWidget $this->{$callback[0]}->{$callback[1]}($objWidget$formId$this->arrData$this);
  216.                         }
  217.                     }
  219.                     if ($objWidget->hasErrors())
  220.                     {
  221.                         $doNotSubmit true;
  222.                     }
  224.                     // Store current value in the session
  225.                     elseif ($objWidget->submitInput())
  226.                     {
  227.                         $arrSubmitted[$objField->name] = $objWidget->value;
  228.                         $_SESSION['FORM_DATA'][$objField->name] = $objWidget->value;
  229.                         unset($_POST[$objField->name]); // see #5474
  230.                     }
  231.                 }
  233.                 if ($objWidget instanceof UploadableWidgetInterface)
  234.                 {
  235.                     $hasUpload true;
  236.                 }
  238.                 if ($objWidget instanceof FormHidden)
  239.                 {
  240.                     $this->Template->hidden .= $objWidget->parse();
  241.                     --$max_row;
  242.                     continue;
  243.                 }
  245.                 if ($objWidget->name && $objWidget->label)
  246.                 {
  247.                     $arrLabels[$objWidget->name] = System::getContainer()->get('contao.insert_tag.parser')->replaceInline($objWidget->label); // see #4268
  248.                 }
  250.                 $this->Template->fields .= $objWidget->parse();
  251.                 ++$row;
  252.             }
  253.         }
  255.         // Process the form data
  256.         if (!$doNotSubmit && Input::post('FORM_SUBMIT') == $formId)
  257.         {
  258.             $this->processFormData($arrSubmitted$arrLabels$arrFields);
  259.         }
  261.         // Remove any uploads, if form did not validate (#1185)
  262.         if ($doNotSubmit && $hasUpload && !empty($_SESSION['FILES']))
  263.         {
  264.             foreach ($_SESSION['FILES'] as $field => $upload)
  265.             {
  266.                 if (empty($arrFields[$field]))
  267.                 {
  268.                     continue;
  269.                 }
  271.                 if (!empty($upload['uuid']) && null !== ($file FilesModel::findById($upload['uuid'])))
  272.                 {
  273.                     $file->delete();
  274.                 }
  276.                 if (is_file($upload['tmp_name']))
  277.                 {
  278.                     unlink($upload['tmp_name']);
  279.                 }
  281.                 unset($_SESSION['FILES'][$field]);
  282.             }
  283.         }
  285.         // Add a warning to the page title
  286.         if ($doNotSubmit && !Environment::get('isAjaxRequest'))
  287.         {
  288.             /** @var PageModel $objPage */
  289.             global $objPage;
  291.             $title $objPage->pageTitle ?: $objPage->title;
  292.             $objPage->pageTitle $GLOBALS['TL_LANG']['ERR']['form'] . ' - ' $title;
  293.         }
  295.         $strAttributes '';
  296.         $arrAttributes StringUtil::deserialize($this->attributestrue);
  298.         if (!empty($arrAttributes[0]))
  299.         {
  300.             $strAttributes .= ' id="' $arrAttributes[0] . '"';
  301.         }
  303.         if (!empty($arrAttributes[1]))
  304.         {
  305.             $strAttributes .= ' class="' $arrAttributes[1] . '"';
  306.         }
  308.         $this->Template->hasError $doNotSubmit;
  309.         $this->Template->attributes $strAttributes;
  310.         $this->Template->enctype $hasUpload 'multipart/form-data' 'application/x-www-form-urlencoded';
  311.         $this->Template->maxFileSize $hasUpload $this->objModel->getMaxUploadFileSize() : false;
  312.         $this->Template->novalidate $this->novalidate ' novalidate' '';
  314.         // Get the target URL
  315.         if ($this->method == 'GET' && ($objTarget $this->objModel->getRelated('jumpTo')) instanceof PageModel)
  316.         {
  317.             /** @var PageModel $objTarget */
  318.             $this->Template->action $objTarget->getFrontendUrl();
  319.         }
  320.     }
  322.     /**
  323.      * Process form data, store it in the session and redirect to the jumpTo page
  324.      *
  325.      * @param array $arrSubmitted
  326.      * @param array $arrLabels
  327.      * @param array $arrFields
  328.      */
  329.     protected function processFormData($arrSubmitted$arrLabels$arrFields)
  330.     {
  331.         // HOOK: prepare form data callback
  332.         if (isset($GLOBALS['TL_HOOKS']['prepareFormData']) && \is_array($GLOBALS['TL_HOOKS']['prepareFormData']))
  333.         {
  334.             foreach ($GLOBALS['TL_HOOKS']['prepareFormData'] as $callback)
  335.             {
  336.                 $this->import($callback[0]);
  337.                 $this->{$callback[0]}->{$callback[1]}($arrSubmitted$arrLabels$arrFields$this);
  338.             }
  339.         }
  341.         // Send form data via e-mail
  342.         if ($this->sendViaEmail)
  343.         {
  344.             $keys = array();
  345.             $values = array();
  346.             $fields = array();
  347.             $message '';
  349.             foreach ($arrSubmitted as $k=>$v)
  350.             {
  351.                 if ($k == 'cc')
  352.                 {
  353.                     continue;
  354.                 }
  356.                 $v StringUtil::deserialize($v);
  358.                 // Skip empty fields
  359.                 if ($this->skipEmpty && !\is_array($v) && !\strlen($v))
  360.                 {
  361.                     continue;
  362.                 }
  364.                 // Add field to message
  365.                 $message .= ($arrLabels[$k] ?? ucfirst($k)) . ': ' . (\is_array($v) ? implode(', '$v) : $v) . "\n";
  367.                 // Prepare XML file
  368.                 if ($this->format == 'xml')
  369.                 {
  370.                     $fields[] = array
  371.                     (
  372.                         'name' => $k,
  373.                         'values' => (\is_array($v) ? $v : array($v))
  374.                     );
  375.                 }
  377.                 // Prepare CSV file
  378.                 if ($this->format == 'csv' || $this->format == 'csv_excel')
  379.                 {
  380.                     $keys[] = $k;
  381.                     $values[] = (\is_array($v) ? implode(','$v) : $v);
  382.                 }
  383.             }
  385.             $recipients StringUtil::splitCsv($this->recipient);
  387.             // Format recipients
  388.             foreach ($recipients as $k=>$v)
  389.             {
  390.                 $recipients[$k] = str_replace(array('['']''"'), array('<''>'''), $v);
  391.             }
  393.             $email = new Email();
  395.             // Get subject and message
  396.             if ($this->format == 'email')
  397.             {
  398.                 $message $arrSubmitted['message'] ?? '';
  399.                 $email->subject $arrSubmitted['subject'] ?? '';
  400.             }
  402.             // Set the admin e-mail as "from" address
  403.             $email->from $GLOBALS['TL_ADMIN_EMAIL'] ?? null;
  404.             $email->fromName $GLOBALS['TL_ADMIN_NAME'] ?? null;
  406.             // Get the "reply to" address
  407.             if (!empty($arrSubmitted['email']))
  408.             {
  409.                 $replyTo $arrSubmitted['email'];
  411.                 // Add the name
  412.                 if (!empty($arrSubmitted['name']))
  413.                 {
  414.                     $replyTo '"' $arrSubmitted['name'] . '" <' $replyTo '>';
  415.                 }
  416.                 elseif (!empty($arrSubmitted['firstname']) && !empty($arrSubmitted['lastname']))
  417.                 {
  418.                     $replyTo '"' $arrSubmitted['firstname'] . ' ' $arrSubmitted['lastname'] . '" <' $replyTo '>';
  419.                 }
  421.                 $email->replyTo($replyTo);
  422.             }
  424.             // Fallback to default subject
  425.             if (!$email->subject)
  426.             {
  427.                 $email->subject html_entity_decode(System::getContainer()->get('contao.insert_tag.parser')->replaceInline($this->subject), ENT_QUOTES'UTF-8');
  428.             }
  430.             // Send copy to sender
  431.             if (!empty($arrSubmitted['cc']) && !empty($arrSubmitted['email']))
  432.             {
  433.                 $email->sendCc($arrSubmitted['email']);
  434.                 unset($_SESSION['FORM_DATA']['cc']);
  435.             }
  437.             // Attach XML file
  438.             if ($this->format == 'xml')
  439.             {
  440.                 // Encode the values (see #6053)
  441.                 array_walk_recursive($fields, static function (&$value) { $value htmlspecialchars($valueENT_QUOTES|ENT_SUBSTITUTE|ENT_XML1); });
  443.                 $objTemplate = new FrontendTemplate('form_xml');
  444.                 $objTemplate->fields $fields;
  445.                 $objTemplate->charset System::getContainer()->getParameter('kernel.charset');
  447.                 $email->attachFileFromString($objTemplate->parse(), 'form.xml''application/xml');
  448.             }
  450.             // Attach CSV file
  451.             if ($this->format == 'csv')
  452.             {
  453.                 $email->attachFileFromString(StringUtil::decodeEntities('"' implode('";"'$keys) . '"' "\n" '"' implode('";"'$values) . '"'), 'form.csv''text/comma-separated-values');
  454.             }
  455.             elseif ($this->format == 'csv_excel')
  456.             {
  457.                 $email->attachFileFromString(mb_convert_encoding("\u{FEFF}sep=;\n" StringUtil::decodeEntities('"' implode('";"'$keys) . '"' "\n" '"' implode('";"'$values) . '"'), 'UTF-16LE''UTF-8'), 'form.csv''text/comma-separated-values');
  458.             }
  460.             $uploaded '';
  462.             // Attach uploaded files
  463.             if (!empty($_SESSION['FILES']))
  464.             {
  465.                 foreach ($_SESSION['FILES'] as $file)
  466.                 {
  467.                     // Add a link to the uploaded file
  468.                     if ($file['uploaded'] ?? null)
  469.                     {
  470.                         $uploaded .= "\n" Environment::get('base') . StringUtil::stripRootDir(\dirname($file['tmp_name'])) . '/' rawurlencode($file['name']);
  471.                         continue;
  472.                     }
  474.                     $email->attachFileFromString(file_get_contents($file['tmp_name']), $file['name'], $file['type']);
  475.                 }
  476.             }
  478.             $uploaded trim($uploaded) ? "\n\n---\n" $uploaded '';
  479.             $email->text StringUtil::decodeEntities(trim($message)) . $uploaded "\n\n";
  481.             // Set the transport
  482.             if (!empty($this->mailerTransport))
  483.             {
  484.                 $email->addHeader('X-Transport'$this->mailerTransport);
  485.             }
  487.             // Send the e-mail
  488.             $email->sendTo($recipients);
  489.         }
  491.         // Store the values in the database
  492.         if ($this->storeValues && $this->targetTable)
  493.         {
  494.             $arrSet = array();
  496.             // Add the timestamp
  497.             if ($this->Database->fieldExists('tstamp'$this->targetTable))
  498.             {
  499.                 $arrSet['tstamp'] = time();
  500.             }
  502.             // Fields
  503.             foreach ($arrSubmitted as $k=>$v)
  504.             {
  505.                 if ($k != 'cc' && $k != 'id')
  506.                 {
  507.                     $arrSet[$k] = $v;
  509.                     // Convert date formats into timestamps (see #6827)
  510.                     if ($arrSet[$k] && \in_array($arrFields[$k]->rgxp, array('date''time''datim')))
  511.                     {
  512.                         $objDate = new Date($arrSet[$k], Date::getFormatFromRgxp($arrFields[$k]->rgxp));
  513.                         $arrSet[$k] = $objDate->tstamp;
  514.                     }
  515.                 }
  516.             }
  518.             // Files
  519.             if (!empty($_SESSION['FILES']))
  520.             {
  521.                 foreach ($_SESSION['FILES'] as $k=>$v)
  522.                 {
  523.                     if ($v['uploaded'] ?? null)
  524.                     {
  525.                         $arrSet[$k] = StringUtil::stripRootDir($v['tmp_name']);
  526.                     }
  527.                 }
  528.             }
  530.             // HOOK: store form data callback
  531.             if (isset($GLOBALS['TL_HOOKS']['storeFormData']) && \is_array($GLOBALS['TL_HOOKS']['storeFormData']))
  532.             {
  533.                 foreach ($GLOBALS['TL_HOOKS']['storeFormData'] as $callback)
  534.                 {
  535.                     $this->import($callback[0]);
  536.                     $arrSet $this->{$callback[0]}->{$callback[1]}($arrSet$this);
  537.                 }
  538.             }
  540.             // Load DataContainer of target table before trying to determine empty value (see #3499)
  541.             Controller::loadDataContainer($this->targetTable);
  543.             // Set the correct empty value (see #6284, #6373)
  544.             foreach ($arrSet as $k=>$v)
  545.             {
  546.                 if ($v === '')
  547.                 {
  548.                     $arrSet[$k] = Widget::getEmptyValueByFieldType($GLOBALS['TL_DCA'][$this->targetTable]['fields'][$k]['sql'] ?? array());
  549.                 }
  550.             }
  552.             // Do not use Models here (backwards compatibility)
  553.             $this->Database->prepare("INSERT INTO " $this->targetTable " %s")->set($arrSet)->execute();
  554.         }
  556.         // Store all values in the session
  557.         foreach (array_keys($_POST) as $key)
  558.         {
  559.             $_SESSION['FORM_DATA'][$key] = $this->allowTags Input::postHtml($keytrue) : Input::post($keytrue);
  560.         }
  562.         // Store the submission time to invalidate the session later on
  563.         $_SESSION['FORM_DATA']['SUBMITTED_AT'] = time();
  565.         $arrFiles $_SESSION['FILES'] ?? null;
  567.         // HOOK: process form data callback
  568.         if (isset($GLOBALS['TL_HOOKS']['processFormData']) && \is_array($GLOBALS['TL_HOOKS']['processFormData']))
  569.         {
  570.             foreach ($GLOBALS['TL_HOOKS']['processFormData'] as $callback)
  571.             {
  572.                 $this->import($callback[0]);
  573.                 $this->{$callback[0]}->{$callback[1]}($arrSubmitted$this->arrData$arrFiles$arrLabels$this);
  574.             }
  575.         }
  577.         $_SESSION['FILES'] = array(); // DO NOT CHANGE
  579.         // Add a log entry
  580.         if (System::getContainer()->get('contao.security.token_checker')->hasFrontendUser())
  581.         {
  582.             $this->import(FrontendUser::class, 'User');
  584.             System::getContainer()->get('monolog.logger.contao.forms')->info('Form "' $this->title '" has been submitted by "' $this->User->username '".');
  585.         }
  586.         else
  587.         {
  588.             System::getContainer()->get('monolog.logger.contao.forms')->info('Form "' $this->title '" has been submitted by a guest.');
  589.         }
  591.         // Check whether there is a jumpTo page
  592.         if (($objJumpTo $this->objModel->getRelated('jumpTo')) instanceof PageModel)
  593.         {
  594.             $this->jumpToOrReload($objJumpTo->row());
  595.         }
  597.         $this->reload();
  598.     }
  600.     /**
  601.      * Get the maximum file size that is allowed for file uploads
  602.      *
  603.      * @return integer
  604.      *
  605.      * @deprecated Deprecated since Contao 4.0, to be removed in Contao 5.0.
  606.      *             Use $this->objModel->getMaxUploadFileSize() instead.
  607.      */
  608.     protected function getMaxFileSize()
  609.     {
  610.         trigger_deprecation('contao/core-bundle''4.0''Using "Contao\Form::getMaxFileSize()" has been deprecated and will no longer work in Contao 5.0. Use "$this->objModel->getMaxUploadFileSize()" instead.');
  612.         return $this->objModel->getMaxUploadFileSize();
  613.     }
  615.     /**
  616.      * Initialize the form in the current session
  617.      *
  618.      * @param string $formId
  619.      */
  620.     protected function initializeSession($formId)
  621.     {
  622.         if (Input::post('FORM_SUBMIT') != $formId)
  623.         {
  624.             return;
  625.         }
  627.         $arrMessageBox = array('TL_ERROR''TL_CONFIRM''TL_INFO');
  628.         $_SESSION['FORM_DATA'] = \is_array($_SESSION['FORM_DATA'] ?? null) ? $_SESSION['FORM_DATA'] : array();
  630.         foreach ($arrMessageBox as $tl)
  631.         {
  632.             if (\is_array($_SESSION[$formId][$tl] ?? null))
  633.             {
  634.                 $_SESSION[$formId][$tl] = array_unique($_SESSION[$formId][$tl]);
  636.                 foreach ($_SESSION[$formId][$tl] as $message)
  637.                 {
  638.                     $objTemplate = new FrontendTemplate('form_message');
  639.                     $objTemplate->message $message;
  640.                     $objTemplate->class strtolower($tl);
  642.                     $this->Template->fields .= $objTemplate->parse() . "\n";
  643.                 }
  645.                 $_SESSION[$formId][$tl] = array();
  646.             }
  647.         }
  648.     }
  649. }
  651. class_alias(Form::class, 'Form');