mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-02 20:57:26 +02:00
Code Issues Releases Wiki Activity

Additional checking

Browse Source
This commit is contained in:
e107steved
2009-11-03 22:08:03 +00:00
parent 9a817a3f2b
commit d9b92d401a
1 changed files with 44 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
email.php
View File

@@ -11,13 +11,12 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/email.php,v $ | $Source: /cvs_backup/e107_0.8/email.php,v $
| $Revision: 1.8 $ | $Revision: 1.9 $
| $Date: 2009-09-28 21:00:18 $ | $Date: 2009-11-03 22:07:55 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
require_once("class2.php"); require_once('class2.php');
if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER))) if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER)))
{ {
header('Location: '.e_BASE.'index.php'); header('Location: '.e_BASE.'index.php');
@@ -29,10 +28,10 @@ include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_'.e_PAGE);
require_once(HEADERF); require_once(HEADERF);
$use_imagecode = FALSE; $use_imagecode = FALSE;
$imgtypes = array("jpeg", "png", "gif"); $imgtypes = array('jpeg', 'png', 'gif');
foreach($imgtypes as $t) foreach($imgtypes as $t)
{ {
if(function_exists("imagecreatefrom".$t)) if(function_exists('imagecreatefrom'.$t))
{ {
$use_imagecode = TRUE; $use_imagecode = TRUE;
} }
@@ -40,24 +39,31 @@ foreach($imgtypes as $t)
if ($use_imagecode) if ($use_imagecode)
{ {
require_once(e_HANDLER."secure_img_handler.php"); require_once(e_HANDLER.'secure_img_handler.php');
$sec_img = new secure_image; $sec_img = new secure_image;
} }
$qs = explode(".", e_QUERY, 2); if (e_QUERY)
if ($qs[0] == "")
{ {
header("location:".e_BASE."index.php"); $qs = explode('.', e_QUERY, 2);
}
else
{
header('location:'.e_BASE.'index.php');
exit; exit;
} }
$source = $qs[0]; $source = $qs[0];
$parms = $qs[1]; $parms = varset($qs[1], '');
unset($qs);
$error = '';
$message = '';
$emailurl = ($source == "referer") ? $_SERVER['HTTP_REFERER'] : SITEURL; $referrer = strip_tags(urldecode(html_entity_decode(varset($_SERVER['HTTP_REFERER'],''), ENT_QUOTES)));
$emailurl = ($source == 'referer') ? $referrer : SITEURL;
$comments = $tp->post_toHTML($_POST['comment'], TRUE, 'retain_nl, emotes_off, no_make_clickable'); $comments = $tp->post_toHTML(varset($_POST['comment'],''), TRUE, 'retain_nl, emotes_off, no_make_clickable');
$author = $tp->post_toHTML($_POST['author_name'],FALSE,"emotes_off, no_make_clickable"); $author = $tp->post_toHTML(varset($_POST['author_name'],''),FALSE,'emotes_off, no_make_clickable');
$email_send = check_email($_POST['email_send']); $email_send = check_email(varset($_POST['email_send'],''));
if (isset($_POST['emailsubmit'])) if (isset($_POST['emailsubmit']))
@@ -71,19 +77,19 @@ if (isset($_POST['emailsubmit']))
{ {
if(!isset($_POST['code_verify']) || !isset($_POST['rand_num'])) if(!isset($_POST['code_verify']) || !isset($_POST['rand_num']))
{ {
header("location:".e_BASE."index.php"); header('location:'.e_BASE.'index.php');
exit; exit;
} }
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
{ {
header("location:".e_BASE."index.php"); header('location:'.e_BASE.'index.php');
exit; exit;
} }
} }
if ($comments == "") if ($comments == '')
{ {
$message = LAN_EMAIL_188." ".SITENAME." (".SITEURL.")"; $message = LAN_EMAIL_188.' '.SITENAME.' ('.SITEURL.')';
if (USER == TRUE) if (USER == TRUE)
{ {
$message .= "\n\n".LAN_EMAIL_1." ".USERNAME; $message .= "\n\n".LAN_EMAIL_1." ".USERNAME;
@@ -95,42 +101,41 @@ if (isset($_POST['emailsubmit']))
} }
else else
{ {
$message .= $comments; $message .= $comments."\n";
} }
$ip = $e107->getip(); $ip = $e107->getip();
$message .= "\n\n".LAN_EMAIL_2." ".$ip."\n\n"; $message .= "\n\n".LAN_EMAIL_2." ".$ip."\n\n";
if(strpos($source,'plugin:') !== FALSE) if (substr($source,0,7) == 'plugin:')
{ {
$plugin = substr($source,7); $plugin = substr($source,7);
$text = ""; $text = '';
if(file_exists(e_PLUGIN.$plugin."/e_emailprint.php")) if(file_exists(e_PLUGIN.$plugin.'/e_emailprint.php'))
{ {
include_once(e_PLUGIN.$plugin."/e_emailprint.php"); include_once(e_PLUGIN.$plugin.'/e_emailprint.php');
$text = email_item($parms); $text = email_item($parms);
$emailurl = SITEURL; $emailurl = SITEURL;
} }
if($text == "") if($text == '')
{ {
header("location:".e_BASE."index.php"); header('location:'.e_BASE.'index.php');
exit; exit;
} }
$message .= $text; $message .= $text;
} }
elseif($source == "referer") elseif($source == 'referer')
{ {
if(!isset($_POST['referer']) || $_POST['referer'] == '') if(!isset($_POST['referer']) || $_POST['referer'] == '')
{ {
header("location:".e_BASE."index.php"); header('location:'.e_BASE.'index.php');
exit; exit;
} }
$message .= $_POST['referer']; $message .= strip_tags($_POST['referer']);
$emailurl = $_POST['referer']; $emailurl = strip_tags($_POST['referer']);
} }
else else
{ {
$emailurl = strip_tags($_POST['referer']);
$emailurl = $_POST['referer'];
$message = ''; $message = '';
if($sql->db_Select('news', 'news_title, news_body, news_extended', 'news_id='.((int)$parms))) if($sql->db_Select('news', 'news_title, news_body, news_extended', 'news_id='.((int)$parms)))
{ {
@@ -139,20 +144,19 @@ if (isset($_POST['emailsubmit']))
$message = $tp->toEmail($message); $message = $tp->toEmail($message);
} }
if($message == "") if($message == '')
{ {
header("location:".e_BASE."index.php"); header('location:'.e_BASE.'index.php');
exit; exit;
} }
} }
if ($error == "") if ($error == '')
{ {
// Load Mail Handler and Email Template. // Load Mail Handler and Email Template.
require_once(e_HANDLER."mail.php"); require_once(e_HANDLER.'mail.php');
$email_body = $EMAIL_HEADER; $email_body = $EMAIL_HEADER;
$email_body .= (trim($comments) != "") ? $tp->toEmail($comments)."<hr />" : ""; $email_body .= (trim($comments) != '') ? $tp->toEmail($comments).'<hr />' : '';
$email_body .= $tp->toEmail($message).$EMAIL_FOOTER; $email_body .= $tp->toEmail($message).$EMAIL_FOOTER;
if (sendemail($email_send, LAN_EMAIL_3.SITENAME,$email_body)) if (sendemail($email_send, LAN_EMAIL_3.SITENAME,$email_body))
@@ -226,7 +230,7 @@ $text .= "
<td style='width:25%'></td> <td style='width:25%'></td>
<td style='width:75%'> <td style='width:75%'>
<input class='button' type='submit' name='emailsubmit' value='".LAN_EMAIL_4."' /> <input class='button' type='submit' name='emailsubmit' value='".LAN_EMAIL_4."' />
<input type='hidden' name='referer' value='".$_SERVER['HTTP_REFERER']."' /> <input type='hidden' name='referer' value='".$referrer."' />
</td> </td>
</tr> </tr>
</table> </table>