mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-24 00:12:24 +02:00
Code Issues Releases Wiki Activity

bugfix: contact page - cleaned user input

Browse Source
This commit is contained in:
CaMer0n
2007-09-09 07:05:06 +00:00
parent c453b09bc8
commit 202de28639
2 changed files with 33 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
contact.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/contact.php,v $ | $Source: /cvs_backup/e107_0.8/contact.php,v $
| $Revision: 1.3 $ | $Revision: 1.4 $
| $Date: 2007-04-15 14:37:17 $ | $Date: 2007-09-09 07:05:06 $
| $Author: e107steved $ | $Author: e107coders $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
require_once("class2.php"); require_once("class2.php");
@@ -40,7 +40,8 @@ if(isset($_POST['send-contactus'])){
$sender_name = $tp->toEmail($_POST['author_name'],TRUE,"rawtext"); $sender_name = $tp->toEmail($_POST['author_name'],TRUE,"rawtext");
$sender = check_email($_POST['email_send']); $sender = check_email($_POST['email_send']);
$subject = $tp->toEmail($_POST['subject'],TRUE,"rawtext"); $subject = $tp->toEmail($_POST['subject'],TRUE,"rawtext");
$body = $tp->toEmail($_POST['body'],TRUE); $body = $tp->toEmail($_POST['body'],TRUE,"rawtext");
// Check Image-Code // Check Image-Code
if (isset($_POST['rand_num']) && !$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) if (isset($_POST['rand_num']) && !$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
@@ -66,6 +67,7 @@ if(isset($_POST['send-contactus'])){
} }
// Check email address on remote server (if enabled). // Check email address on remote server (if enabled).
if ($pref['signup_remote_emailcheck'] && $error == "") if ($pref['signup_remote_emailcheck'] && $error == "")
{ {
@@ -88,7 +90,10 @@ if(isset($_POST['send-contactus'])){
if(!$error) if(!$error)
{ {
$body .= "\n\nIP:\t".USERIP."\n"; $body .= "\n\nIP:\t".USERIP."\n";
if(USERID !== FALSE)
{
$body .= "User:\t#".USERID." ".USERNAME."\n"; $body .= "User:\t#".USERID." ".USERNAME."\n";
}
if(!$_POST['contact_person'] && isset($pref['sitecontacts'])) // only 1 person, so contact_person not posted. if(!$_POST['contact_person'] && isset($pref['sitecontacts'])) // only 1 person, so contact_person not posted.
{ {
@@ -157,4 +162,4 @@ if(isset($pref['sitecontacts']) && $pref['sitecontacts'] != 255)
} }
require_once(FOOTERF); require_once(FOOTERF);
exit; exit;
?> ?>

34
e107_handlers/e_parse_class.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_handlers/e_parse_class.php,v $ | $Source: /cvs_backup/e107_0.8/e107_handlers/e_parse_class.php,v $
| $Revision: 1.14 $ | $Revision: 1.15 $
| $Date: 2007-06-13 02:53:21 $ | $Date: 2007-09-09 07:05:06 $
| $Author: mcfly_e107 $ | $Author: e107coders $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
if (!defined('e107_INIT')) { exit; } if (!defined('e107_INIT')) { exit; }
@@ -55,7 +55,8 @@ class e_parse
// Disabled by Default // Disabled by Default
'defs' => FALSE, // Convert defines(constants) within text. 'defs' => FALSE, // Convert defines(constants) within text.
'constants' => FALSE, // replace all {e_XXX} constants with their e107 value 'constants' => FALSE, // replace all {e_XXX} constants with their e107 value
'parse_sc' => FALSE // Parse shortcodes - TRUE enables parsing 'parse_sc' => FALSE, // Parse shortcodes - TRUE enables parsing
'no_tags' => FALSE // remove HTML tags.
); );
// Super modifiers adjust default option values // Super modifiers adjust default option values
@@ -97,9 +98,9 @@ class e_parse
'nobreak'=>TRUE, 'retain_nl'=>TRUE, 'no_make_clickable'=>TRUE,'emotes_off'=>TRUE,'no_hook'=>TRUE, 'nobreak'=>TRUE, 'retain_nl'=>TRUE, 'no_make_clickable'=>TRUE,'emotes_off'=>TRUE,'no_hook'=>TRUE,
'defs'=>TRUE,'parse_sc'=>TRUE), 'defs'=>TRUE,'parse_sc'=>TRUE),
'rawtext' => // text is used (for admin edit) without fancy conversions 'rawtext' => // text is used (for admin edit) without fancy conversions or html.
array( array(
'nobreak'=>TRUE, 'retain_nl'=>TRUE, 'no_make_clickable'=>TRUE,'emotes_off'=>TRUE,'no_hook'=>TRUE, 'nobreak'=>TRUE, 'retain_nl'=>TRUE, 'no_make_clickable'=>TRUE,'emotes_off'=>TRUE,'no_hook'=>TRUE,'no_tags'=>TRUE
// leave opt-in options off // leave opt-in options off
) )
); );
@@ -448,6 +449,7 @@ class e_parse
$opts[$mod] = TRUE; // Change mods as spec'd $opts[$mod] = TRUE; // Change mods as spec'd
} }
} }
if (0) // php 5 code - not tested, and may not be faster anyway if (0) // php 5 code - not tested, and may not be faster anyway
{ {
$aMods = array_flip( $aMods = array_flip(
@@ -479,6 +481,11 @@ class e_parse
$text = $this->replaceConstants($text); $text = $this->replaceConstants($text);
} }
if ($opts['no_tags'])
{
$text = strip_tags($text);
}
if(!$wrap && $pref['main_wordwrap']) $wrap = $pref['main_wordwrap']; if(!$wrap && $pref['main_wordwrap']) $wrap = $pref['main_wordwrap'];
$text = " ".$text; $text = " ".$text;
@@ -502,11 +509,14 @@ class e_parse
$text = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" {$_ext}>".$pref['link_text']."</a>", $text); $text = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" {$_ext}>".$pref['link_text']."</a>", $text);
// $text = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1<a href=\"http://\\2\" {$_ext}>".$pref['link_text']."</a>", $text); // $text = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1<a href=\"http://\\2\" {$_ext}>".$pref['link_text']."</a>", $text);
$text = preg_replace("#(^|[\n ])((www|ftp)\.[\w+-]+?\.[\w+\-.]*(?(?=/)(/.+?(?=\s|,\s))|(?=\W)))#is", "\\1<a href=\"http://\\2\" {$_ext}>".$pref['link_text']."</a>", $text); $text = preg_replace("#(^|[\n ])((www|ftp)\.[\w+-]+?\.[\w+\-.]*(?(?=/)(/.+?(?=\s|,\s))|(?=\W)))#is", "\\1<a href=\"http://\\2\" {$_ext}>".$pref['link_text']."</a>", $text);
if(CHARSET != "utf-8" && CHARSET != "UTF-8"){ if(CHARSET != "utf-8" && CHARSET != "UTF-8")
{
$email_text = ($pref['email_text']) ? $this->replaceConstants($pref['email_text']) : "\\1\\2&copy;\\3"; $email_text = ($pref['email_text']) ? $this->replaceConstants($pref['email_text']) : "\\1\\2&copy;\\3";
}else{ }
else
{
$email_text = ($pref['email_text']) ? $this->replaceConstants($pref['email_text']) : "\\1\\\\3"; $email_text = ($pref['email_text']) ? $this->replaceConstants($pref['email_text']) : "\\1\\\\3";
} }
$text = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a rel='external' href='javascript:window.location=\"mai\"+\"lto:\"+\"\\2\"+\"@\"+\"\\3\";self.close();' onmouseover='window.status=\"mai\"+\"lto:\"+\"\\2\"+\"@\"+\"\\3\"; return true;' onmouseout='window.status=\"\";return true;'>".$email_text."</a>", $text); $text = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a rel='external' href='javascript:window.location=\"mai\"+\"lto:\"+\"\\2\"+\"@\"+\"\\3\";self.close();' onmouseover='window.status=\"mai\"+\"lto:\"+\"\\2\"+\"@\"+\"\\3\"; return true;' onmouseout='window.status=\"\";return true;'>".$email_text."</a>", $text);
} }
else else
@@ -790,9 +800,11 @@ class e_parse
return $text; return $text;
} }
function toEmail($text,$posted="",$mods="parse_sc, no_make_clickable") function toEmail($text,$posted="",$mods="parse_sc, no_make_clickable")
{ {
if ($posted === TRUE && MAGIC_QUOTES_GPC) { if ($posted === TRUE && MAGIC_QUOTES_GPC)
{
$text = stripslashes($text); $text = stripslashes($text);
} }
@@ -803,4 +815,4 @@ class e_parse
} }
?> ?>