# geschrieben wurde.\r
#\r
# Autor: Patrick Canterino <patrick@patshaping.de>\r
-# Letzte Aenderung: 7.11.2011\r
+# Letzte Aenderung: 3.12.2011\r
#\r
# Copyright (C) 2002-2011 Patrick Canterino\r
#\r
# wird nichts zurueckgegeben.\r
# - Codierende Backslashes werden automatisch entfernt\r
\r
-function formdata($param)\r
-{\r
- switch($_SERVER['REQUEST_METHOD'])\r
- {\r
- case 'GET':\r
- if(isset($_GET[$param]))\r
- {\r
- $value = $_GET[$param];\r
- break;\r
- }\r
- else return null;\r
-\r
- case 'POST':\r
- if(isset($_POST[$param]))\r
- {\r
- $value = $_POST[$param];\r
- break;\r
- }\r
- else return null;\r
-\r
- default:\r
- return null;\r
- }\r
-\r
- if(get_magic_quotes_gpc())\r
- {\r
- if(is_array($value)) return array_map('stripslashes',$value);\r
- else return stripslashes($value);\r
- }\r
- else return $value;\r
+function formdata($param) {\r
+ switch($_SERVER['REQUEST_METHOD']) {\r
+ case 'GET':\r
+ if(isset($_GET[$param])) {\r
+ $value = $_GET[$param];\r
+ break;\r
+ }\r
+ else return null;\r
+\r
+ case 'POST':\r
+ if(isset($_POST[$param])) {\r
+ $value = $_POST[$param];\r
+ break;\r
+ }\r
+ else return null;\r
+\r
+ default:\r
+ return null;\r
+ }\r
+\r
+ if(get_magic_quotes_gpc()) {\r
+ if(is_array($value)) return array_map('stripslashes',$value);\r
+ else return stripslashes($value);\r
+ }\r
+ else return $value;\r
}\r
\r
# plain()\r
#\r
# Rueckgabe: Bearbeiteter Text (String)\r
\r
-function &plain(&$text,$linebreak='<br>')\r
-{\r
- $htmltext = htmlentities($text);\r
- $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);\r
+function &plain(&$text,$linebreak='<br>') {\r
+ $htmltext = htmlspecialchars($text);\r
+ $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);\r
\r
- for($x=0;$x<strlen($htmltext);$x++)\r
- {\r
- if($htmltext[$x] == ' ' && $htmltext[$x+1] == ' ') $htmltext[$x] = "\240";\r
- }\r
+ for($x=0;$x<strlen($htmltext);$x++) {\r
+ if($htmltext[$x] == ' ' && $htmltext[$x+1] == ' ') $htmltext[$x] = "\240";\r
+ }\r
\r
- $htmltext = str_replace("\240",' ',$htmltext);\r
- $htmltext = str_replace($linebreak.' ',$linebreak.' ',$htmltext);\r
+ $htmltext = str_replace("\240",' ',$htmltext);\r
+ $htmltext = str_replace($linebreak.' ',$linebreak.' ',$htmltext);\r
\r
- return $htmltext;\r
+ return $htmltext;\r
}\r
\r
# semicolon_split()\r
#\r
# Rueckgabe: Aufgeteilte Zeichenkette (Array)\r
\r
-function semicolon_split($string)\r
-{\r
- $parts = explode(';',$string);\r
- $parts = array_map('trim',$parts);\r
+function semicolon_split($string) {\r
+ $parts = explode(';',$string);\r
+ $parts = array_map('trim',$parts);\r
\r
- return $parts;\r
+ return $parts;\r
}\r
\r
# show_fatal()\r
#\r
# Parameter: Fehlermeldung\r
\r
-function show_fatal(&$errmsg)\r
-{\r
- global $tpl_fatal;\r
+function show_fatal(&$errmsg) {\r
+ global $tpl_fatal;\r
\r
- $tpl = new Template;\r
- $tpl->read_file($tpl_fatal);\r
+ $tpl = new Template;\r
+ $tpl->read_file($tpl_fatal);\r
\r
- $tpl->fillin('ERROR',$errmsg);\r
+ $tpl->fillin('ERROR',$errmsg);\r
\r
- print $tpl->get_template();\r
- exit;\r
+ print $tpl->get_template();\r
+ exit;\r
}\r
\r
# show_user_error()\r
#\r
# Parameter: Fehlermeldung\r
\r
-function show_user_error(&$errmsg)\r
-{\r
- global $captcha_enable, $email, $name, $subject, $text, $tpl_user_error;\r
+function show_user_error(&$errmsg) {\r
+ global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error;\r
\r
- $tpl = new Template;\r
- $tpl->read_file($tpl_user_error);\r
+ $tpl = new Template;\r
+ $tpl->read_file($tpl_user_error);\r
\r
- $tpl->parse_if_block('CAPTCHA',$captcha_enable);\r
- \r
- $tpl->set_var('EMAIL', htmlentities($email));\r
- $tpl->set_var('ERROR', $errmsg);\r
- $tpl->set_var('NAME', htmlentities($name));\r
- $tpl->set_var('SUBJECT',htmlentities($subject));\r
- $tpl->set_var('TEXT', htmlentities($text));\r
+ $tpl->parse_if_block('CAPTCHA',$captcha_enable);\r
\r
- $tpl->parse();\r
+ $tpl->set_var('EMAIL', htmlspecialchars($email));\r
+ $tpl->set_var('ERROR', $errmsg);\r
+ $tpl->set_var('NAME', htmlspecialchars($name));\r
+ $tpl->set_var('SUBJECT',htmlspecialchars($subject));\r
+ $tpl->set_var('TEXT', htmlspecialchars($text));\r
\r
- print $tpl->get_template();\r
- exit;\r
+ reset($user_fields);\r
+\r
+ while(list($user_field,$user_field_data) = each($user_fields)) {\r
+ $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field)));\r
+ }\r
+\r
+ $tpl->parse();\r
+\r
+ print $tpl->get_template();\r
+ exit;\r
}\r
\r
#\r