Changeset 28458

Timestamp:

May 13, 2014, 7:46:37 PM (10 years ago)

Author:

mistic100

Message:

fix unused content type, send copy as Bcc

Location:

extensions/ContactForm

Files:

• include/contact_form.inc.php (modified) (1 diff)
• include/functions.inc.php (modified) (6 diffs)
• template/contact_form.tpl (modified) (3 diffs)
• template/text/html/mail.tpl (modified) (1 diff)
• template/text/plain/mail.tpl (modified) (1 diff)

extensions/ContactForm/include/contact_form.inc.php

@@ -17 +17 @@
 {
   $contact = array(
-    'author' =>  trim($_POST['author']),
-    'email' =>   trim($_POST['email']),
+    'author' =>  stripslashes(trim($_POST['author'])),
+    'email' =>   stripslashes(trim($_POST['email'])),
     'group' =>   @$_POST['group'],
-    'subject' => trim($_POST['subject']),
-    'content' => $_POST['content'],
+    'subject' => stripslashes(trim($_POST['subject'])),
+    'content' => stripslashes($_POST['content']),
     'send_copy' => isset($_POST['send_copy']),
    );

extensions/ContactForm/include/functions.inc.php

@@ -17 +17 @@
     $page['is_homepage'] = false;
 
-    $page['section_title'] = '<a href="'.get_absolute_root_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].'<a href="'.CONTACT_FORM_PUBLIC.'">'.l10n('Contact').'</a>';
+    $page['section_title'] = 
+      '<a href="'.get_absolute_root_url().'">'.l10n('Home').'</a>'
+      .$conf['level_separator']
+      .'<a href="'.CONTACT_FORM_PUBLIC.'">'.l10n('Contact').'</a>';
   }
 }
@@ -233 +236 @@
 
   // get admin emails
-  $emails = get_contact_emails($comm['group']);
-  if (!count($emails))
+  $to = get_contact_emails($comm['group']);
+  if (!count($to))
   {
     $page['errors'][] = l10n('Error while sending e-mail');
@@ -246 +249 @@
     $prefix = str_replace('%gallery_title%', $conf['gallery_title'], $conf['ContactForm']['cf_subject_prefix']);
 
-    $from = $Cc = null;
+    $from = $Cc = $Bcc = null;
     if (!empty($comm['email']))
     {
@@ -255 +258 @@
       if ($comm['send_copy'])
       {
+        $Bcc = $to;
+        $to = null;
         $Cc = $from;
       }
@@ -263 +268 @@
 
     $result = pwg_mail(
-      $emails,
+      $to,
       array(
         'subject' => '['.$prefix.'] '.$comm['subject'],
+        'content' => $comm['content'],
         'mail_title' => $prefix,
         'mail_subtitle' => $comm['subject'],
         'content_format' => 'text/html',
+        'email_format' => $conf['ContactForm']['cf_mail_type'],
         'from' => $from,
         'Cc' => $Cc,
+        'Bcc' => $Bcc,
         ),
       array(
@@ -328 +336 @@
   ORDER BY name ASC
 ';
-  $emails = array_from_query($query);
+  $emails = query2array($query);
 
   return $emails;

extensions/ContactForm/template/contact_form.tpl

@@ -47 +47 @@
         {if $contact.is_logged}
           {$contact.author}
-          <input type="hidden" name="author" value="{$contact.author}">
+          <input type="hidden" name="author" value="{$contact.author|escape:html}">
         {else}
-          <input type="text" name="author" id="author" size="40" value="{$contact.author}">
+          <input type="text" name="author" id="author" size="40" value="{$contact.author|escape:html}">
         {/if}
         </td>
@@ -58 +58 @@
         {if $contact.is_logged and !empty($contact.email)}
           {$contact.email}
-          <input type="hidden" name="email" value="{$contact.email}">
+          <input type="hidden" name="email" value="{$contact.email|escape:html}">
         {else}
-          <input type="text" name="email" id="email" size="40" value="{$contact.email}">
+          <input type="text" name="email" id="email" size="40" value="{$contact.email|escape:html}">
         {/if}
         </td>
@@ -77 +77 @@
       <tr>
         <td class="title"><label for="subject">{'Subject'|translate}</label></td>
-        <td><input type="text" name="subject" id="subject" style="width:400px;" value="{$contact.subject}"></td>
+        <td><input type="text" name="subject" id="subject" style="width:400px;" value="{$contact.subject|escape:html}"></td>
       </tr>
       <tr>

extensions/ContactForm/template/text/html/mail.tpl

@@ -12 +12 @@
 </p>
 
-<blockquote>{$CONTACT.content}</blockquote>
+<blockquote>{$CONTENT}</blockquote>

extensions/ContactForm/template/text/plain/mail.tpl

@@ -5 +5 @@
 
 --------------------
-{$CONTACT.content}
+{$CONTENT}