Changeset 28458
- Timestamp:
- May 13, 2014, 7:46:37 PM (10 years ago)
- Location:
- extensions/ContactForm
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/ContactForm/include/contact_form.inc.php
r27846 r28458 17 17 { 18 18 $contact = array( 19 'author' => trim($_POST['author']),20 'email' => trim($_POST['email']),19 'author' => stripslashes(trim($_POST['author'])), 20 'email' => stripslashes(trim($_POST['email'])), 21 21 'group' => @$_POST['group'], 22 'subject' => trim($_POST['subject']),23 'content' => $_POST['content'],22 'subject' => stripslashes(trim($_POST['subject'])), 23 'content' => stripslashes($_POST['content']), 24 24 'send_copy' => isset($_POST['send_copy']), 25 25 ); -
extensions/ContactForm/include/functions.inc.php
r28324 r28458 17 17 $page['is_homepage'] = false; 18 18 19 $page['section_title'] = '<a href="'.get_absolute_root_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].'<a href="'.CONTACT_FORM_PUBLIC.'">'.l10n('Contact').'</a>'; 19 $page['section_title'] = 20 '<a href="'.get_absolute_root_url().'">'.l10n('Home').'</a>' 21 .$conf['level_separator'] 22 .'<a href="'.CONTACT_FORM_PUBLIC.'">'.l10n('Contact').'</a>'; 20 23 } 21 24 } … … 233 236 234 237 // get admin emails 235 $ emails= get_contact_emails($comm['group']);236 if (!count($ emails))238 $to = get_contact_emails($comm['group']); 239 if (!count($to)) 237 240 { 238 241 $page['errors'][] = l10n('Error while sending e-mail'); … … 246 249 $prefix = str_replace('%gallery_title%', $conf['gallery_title'], $conf['ContactForm']['cf_subject_prefix']); 247 250 248 $from = $Cc = null;251 $from = $Cc = $Bcc = null; 249 252 if (!empty($comm['email'])) 250 253 { … … 255 258 if ($comm['send_copy']) 256 259 { 260 $Bcc = $to; 261 $to = null; 257 262 $Cc = $from; 258 263 } … … 263 268 264 269 $result = pwg_mail( 265 $ emails,270 $to, 266 271 array( 267 272 'subject' => '['.$prefix.'] '.$comm['subject'], 273 'content' => $comm['content'], 268 274 'mail_title' => $prefix, 269 275 'mail_subtitle' => $comm['subject'], 270 276 'content_format' => 'text/html', 277 'email_format' => $conf['ContactForm']['cf_mail_type'], 271 278 'from' => $from, 272 279 'Cc' => $Cc, 280 'Bcc' => $Bcc, 273 281 ), 274 282 array( … … 328 336 ORDER BY name ASC 329 337 '; 330 $emails = array_from_query($query);338 $emails = query2array($query); 331 339 332 340 return $emails; -
extensions/ContactForm/template/contact_form.tpl
r26070 r28458 47 47 {if $contact.is_logged} 48 48 {$contact.author} 49 <input type="hidden" name="author" value="{$contact.author }">49 <input type="hidden" name="author" value="{$contact.author|escape:html}"> 50 50 {else} 51 <input type="text" name="author" id="author" size="40" value="{$contact.author }">51 <input type="text" name="author" id="author" size="40" value="{$contact.author|escape:html}"> 52 52 {/if} 53 53 </td> … … 58 58 {if $contact.is_logged and !empty($contact.email)} 59 59 {$contact.email} 60 <input type="hidden" name="email" value="{$contact.email }">60 <input type="hidden" name="email" value="{$contact.email|escape:html}"> 61 61 {else} 62 <input type="text" name="email" id="email" size="40" value="{$contact.email }">62 <input type="text" name="email" id="email" size="40" value="{$contact.email|escape:html}"> 63 63 {/if} 64 64 </td> … … 77 77 <tr> 78 78 <td class="title"><label for="subject">{'Subject'|translate}</label></td> 79 <td><input type="text" name="subject" id="subject" style="width:400px;" value="{$contact.subject }"></td>79 <td><input type="text" name="subject" id="subject" style="width:400px;" value="{$contact.subject|escape:html}"></td> 80 80 </tr> 81 81 <tr> -
extensions/ContactForm/template/text/html/mail.tpl
r28324 r28458 12 12 </p> 13 13 14 <blockquote>{$CONT ACT.content}</blockquote>14 <blockquote>{$CONTENT}</blockquote> -
extensions/ContactForm/template/text/plain/mail.tpl
r28324 r28458 5 5 6 6 -------------------- 7 {$CONT ACT.content}7 {$CONTENT}
Note: See TracChangeset
for help on using the changeset viewer.