Changeset 10035 for extensions/ContactForm/classes/cf_plugin.class.php
- Timestamp:
- Apr 4, 2011, 2:51:28 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/ContactForm/classes/cf_plugin.class.php
r9070 r10035 187 187 'cf_messages' => realpath(cf_get_template('cf_messages.tpl')), 188 188 )); 189 $template->block_html_head( '', 190 '<link rel="stylesheet" type="text/css" '. 191 'href="' . CF_INCLUDE . 'contactform.css' . '">', 192 $smarty, $repeat); 193 $template->block_html_head( '', 194 '<script type="text/javascript" '. 195 'src="' . CF_INCLUDE . 'contactform.js' . '">'. 196 '</script>', 197 $smarty, $repeat); 189 198 190 $cf = array( 199 191 'TITLE' => 'contact_form_title', … … 207 199 'SUBJECT' => $infos['cf_subject'], 208 200 'MESSAGE' => $infos['cf_message'], 209 'KEY' => get_ comment_post_key($infos['cf_id']),201 'KEY' => get_ephemeral_key(2, $infos['cf_id']), 210 202 ); 211 203 if (!empty($infos['errors'])) { … … 463 455 $id = trim( stripslashes($_POST['cf_id'])); 464 456 } 465 466 $key = explode( ':', $key ); 467 if ( count($key)!=2 468 or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago 469 or $key[0]<time()-3600 // 60 minutes expiration 470 or hash_hmac( 471 'md5', $key[0].':'.$id, $conf['secret_key'] 472 ) != $key[1] 473 ) 474 { 457 458 if (!verify_ephemeral_key($key, $id)) { 475 459 return false; 476 460 }
Note: See TracChangeset
for help on using the changeset viewer.