From 573ea978b7fecc5c9ee98fcce88de0de20d558f5 Mon Sep 17 00:00:00 2001
From: Cameron <e107inc@gmail.com>
Date: Thu, 25 Jan 2018 13:38:29 -0800
Subject: [PATCH] Cleaned empty $_POST values. Additional options for log file
 creation added.

---
 .../shortcodes/batch/contact_shortcodes.php   | 15 +++++---
 e107_handlers/admin_log_class.php             | 37 +++++++++++++++----
 email.php                                     | 22 +++++++++--
 3 files changed, 59 insertions(+), 15 deletions(-)
diff --git a/e107_core/shortcodes/batch/contact_shortcodes.php b/e107_core/shortcodes/batch/contact_shortcodes.php
index 68599f376..a027fd912 100644
--- a/e107_core/shortcodes/batch/contact_shortcodes.php
+++ b/e107_core/shortcodes/batch/contact_shortcodes.php
@@ -98,8 +98,9 @@ class contact_shortcodes extends e_shortcode
 	{
 		$userName = deftrue('USERNAME');
 		$class = (!empty($parm['class'])) ? $parm['class'] : 'tbox form-control';
-		$placeholder = (!empty($parm['placeholder'])) ? " placeholder= '".$parm['placeholder']."'" : '';		    
-		return "<input type='text'   id='contactName' title='".LANCONTACT_17."' name='author_name' required='required' size='30' ".$placeholder."  class='".$class."' value=\"".varset($_POST['author_name'],$userName)."\" />";
+		$placeholder = (!empty($parm['placeholder'])) ? " placeholder= '".$parm['placeholder']."'" : '';
+		$value      = 	!empty($_POST['author_name']) ?  e107::getParser()->filter( $_POST['author_name']) : $userName;
+		return "<input type='text'   id='contactName' title='".LANCONTACT_17."' name='author_name' required='required' size='30' ".$placeholder."  class='".$class."' value=\"".$value."\" />";
 	}
 
 
@@ -115,7 +116,8 @@ class contact_shortcodes extends e_shortcode
 
 		$class = (!empty($parm['class'])) ? $parm['class'] : 'tbox form-control';
 		$placeholder = (!empty($parm['placeholder'])) ? " placeholder= '".$parm['placeholder']."'" : '';
-		return "<input type='email'   ".$disabled." id='contactEmail' title='".LANCONTACT_18."' name='email_send' required='required' size='30' ".$placeholder." class='".$class."' value='".(vartrue($_POST['email_send']) ? $_POST['email_send'] : USEREMAIL)."' />";
+		$value = !empty($_POST['email_send'] ) ? e107::getParser()->filter($_POST['email_send'],'email') : USEREMAIL;
+		return "<input type='email'   ".$disabled." id='contactEmail' title='".LANCONTACT_18."' name='email_send' required='required' size='30' ".$placeholder." class='".$class."' value='".$value."' />";
 	}
 	
 	
@@ -128,7 +130,8 @@ class contact_shortcodes extends e_shortcode
 	{
 		$class = (!empty($parm['class'])) ? $parm['class'] : 'tbox form-control';
 		$placeholder = (!empty($parm['placeholder'])) ? " placeholder= '".$parm['placeholder']."'" : '';
-		return "<input type='text' id='contactSubject' title='".LANCONTACT_19."' name='subject' required='required' size='30' ".$placeholder." class='".$class."' value=\"".varset($_POST['subject'])."\" />";
+		$value = !empty($_POST['subject']) ? e107::getParser()->filter($_POST['subject'], 'str') : '';
+		return "<input type='text' id='contactSubject' title='".LANCONTACT_19."' name='subject' required='required' size='30' ".$placeholder." class='".$class."' value=\"".$value."\" />";
 	}
 	
 	
@@ -149,8 +152,10 @@ class contact_shortcodes extends e_shortcode
 		}
 		$class = (!empty($parm['class'])) ? $parm['class'] : 'tbox '.$size.' form-control';
 
+
+		$value = !empty($_POST['body']) ? stripslashes($_POST['body']) : '';
 		
-		return "<textarea cols='{$cols}'  id='contactBody' rows='{$rows}' title='".LANCONTACT_20."' name='body' ".$placeholder." required='required' class='".$class."'>".stripslashes(varset($_POST['body']))."</textarea>";
+		return "<textarea cols='{$cols}'  id='contactBody' rows='{$rows}' title='".LANCONTACT_20."' name='body' ".$placeholder." required='required' class='".$class."'>".$value."</textarea>";
 	}
 	
 	
diff --git a/e107_handlers/admin_log_class.php b/e107_handlers/admin_log_class.php
index 7fe767ee5..b2d62a7f4 100644
--- a/e107_handlers/admin_log_class.php
+++ b/e107_handlers/admin_log_class.php
@@ -54,7 +54,10 @@ class e_admin_log
 	protected $_messages;
 	
 	
-	protected $_allMessages; // similar to $_messages except it is never flushed. 
+	protected $_allMessages; // similar to $_messages except it is never flushed.
+
+
+	protected $_current_plugin = null;
 	
 
 	/**
@@ -395,7 +398,12 @@ class e_admin_log
 			exit; // Optional abort for all logs
 	}
 
+	public function setCurrentPlugin($plugdir)
+	{
+		$this->_current_plugin = $plugdir;
 
+		return $this;
+	}
 
 	/**--------------------------------------
 	 *		USER AUDIT ENTRY
@@ -819,7 +827,7 @@ class e_admin_log
 	/**
 	 * Save Message stack to File. 
 	 */
-	private function saveToFile($logTitle='', $append=false)
+	private function saveToFile($logTitle='', $append=false, $opts = array())
 	{
 		if($this->logFile == null)
 		{
@@ -844,12 +852,19 @@ class e_admin_log
 		}
 		
 		$date = ($append == true) ? date('Y-m-d') : date('Y-m-d_H-i-s').'_'.crc32($text);
+
+
 		
 		$dir = e_LOG;
-		
-		if(deftrue('e_CURRENT_PLUGIN')) // If it's a plugin, create a subfolder.
+
+		if(empty($this->_current_plugin))
 		{
-			$dir = e_LOG.e_CURRENT_PLUGIN."/";
+			$this->_current_plugin = deftrue('e_CURRENT_PLUGIN');
+		}
+
+		if(!empty($this->_current_plugin)) // If it's a plugin, create a subfolder.
+		{
+			$dir = e_LOG.$this->_current_plugin."/";
 			
 			if(!is_dir($dir))
 			{
@@ -858,6 +873,11 @@ class e_admin_log
 		}
 		
 		$fileName = $dir.$date."_".$this->logFile.".log";
+
+		if(!empty($opts['filename']))
+		{
+			$fileName = $dir.basename($opts['filename']);
+		}
 		
 		if($append == true)
 		{
@@ -876,6 +896,7 @@ class e_admin_log
 		if(file_put_contents($fileName, $text, $app))
 		{
 			$this->_allMessages = array();
+			$this->_current_plugin = null;
 			return $this->logFile;
 		}
 		elseif(getperms('0') && E107_DEBUG_LEVEL > 0)
@@ -883,6 +904,8 @@ class e_admin_log
 			e107::getMessage()->addDebug("Couldn't Save to Log File: ".$fileName);
 		}	
 
+		$this->_current_plugin = null;
+
 		return false;
 	}	
 	
@@ -896,11 +919,11 @@ class e_admin_log
 	 * @param string Title for use inside the Log file
 	 * @param boolean true = append to file, false = new file each save. 
 	 */
-	public function toFile($name, $logTitle='',$append=false)
+	public function toFile($name, $logTitle='',$append=false, $opts=array())
 	{
 
 		$this->logFile	= $name;
-		$file = $this->saveToFile($logTitle,$append);
+		$file = $this->saveToFile($logTitle,$append,$opts);
 
 		$this->logFile = null;
 		return $file;
diff --git a/email.php b/email.php
index 79ae46dce..33dc0be21 100644
--- a/email.php
+++ b/email.php
@@ -61,9 +61,25 @@ $message = '';
 $referrer = strip_tags(urldecode(html_entity_decode(varset($_SERVER['HTTP_REFERER'],''), ENT_QUOTES)));
 $emailurl = ($source == 'referer') ? $referrer : SITEURL;
 
-$comments = $tp->post_toHTML(varset($_POST['comment'],''), TRUE, 'retain_nl, emotes_off, no_make_clickable');
-$author = $tp->post_toHTML(varset($_POST['author_name'],''),FALSE,'emotes_off, no_make_clickable');
-$email_send = check_email(varset($_POST['email_send'],''));
+$comments = '';
+$author = '';
+$email_send = '';
+
+if(!empty($_POST['comment']))
+{
+	$comments = $tp->post_toHTML($_POST['comment'], true, 'retain_nl, emotes_off, no_make_clickable');
+}
+
+if(!empty($_POST['author_name']))
+{
+	$author = $tp->post_toHTML($_POST['author_name'], false,'emotes_off, no_make_clickable');
+}
+
+if(!empty($_POST['email_send']))
+{
+	$email_send = check_email($_POST['email_send']);
+}
+
 
 
 if (isset($_POST['emailsubmit']))
