Dieses htmlspecialchars() macht dann doch keinen Sinn

[form-email.git] / form-email / functions.php

diff --git a/form-email/functions.php b/form-email/functions.php
index e353da8f6556f967f2c694db9126a7578ac95504..331bd555f0ba74fa258d3a469d42e83c4eeb4319 100644 (file)
--- a/form-email/functions.php
+++ b/form-email/functions.php
@@ -7,7 +7,7 @@
 # geschrieben wurde.\r
 #\r
 # Autor:            Patrick Canterino <patrick@patshaping.de>\r
 # geschrieben wurde.\r
 #\r
 # Autor:            Patrick Canterino <patrick@patshaping.de>\r

-# Letzte Aenderung: 3.12.2011\r
+# Letzte Aenderung: 12.12.2011\r

 #\r
 # Copyright (C) 2002-2011 Patrick Canterino\r
 #\r
 #\r
 # Copyright (C) 2002-2011 Patrick Canterino\r
 #\r


@@ -67,7 +67,7 @@ function formdata($param) {
 # Rueckgabe: Bearbeiteter Text (String)\r
 \r
 function &plain(&$text,$linebreak='<br>') {\r
 # Rueckgabe: Bearbeiteter Text (String)\r
 \r
 function &plain(&$text,$linebreak='<br>') {\r

-    $htmltext = htmlentities($text);\r
+    $htmltext = htmlspecialchars($text);\r

     $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);\r
 \r
     for($x=0;$x<strlen($htmltext);$x++) {\r
     $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);\r
 \r
     for($x=0;$x<strlen($htmltext);$x++) {\r


@@ -103,13 +103,21 @@ function semicolon_split($string) {
 #\r
 # Parameter: Fehlermeldung\r
 \r
 #\r
 # Parameter: Fehlermeldung\r
 \r

-function show_fatal(&$errmsg) {\r
+function show_fatal(&$errmsg,$vars=array()) {\r

     global $tpl_fatal;\r
 \r
     $tpl = new Template;\r
     $tpl->read_file($tpl_fatal);\r
 \r
     global $tpl_fatal;\r
 \r
     $tpl = new Template;\r
     $tpl->read_file($tpl_fatal);\r
 \r

-    $tpl->fillin('ERROR',$errmsg);\r
+    if(sizeof($vars) > 0) {\r
+        while(list($var,$content) = each($vars)) {\r
+            $errmsg = str_replace('{'.$var.'}',htmlspecialchars($content),$errmsg);\r
+        }\r
+    }\r
+\r
+    $tpl->set_var('ERROR',$errmsg);\r
+\r
+    $tpl->parse();\r

 \r
     print $tpl->get_template();\r
     exit;\r
 \r
     print $tpl->get_template();\r
     exit;\r


@@ -123,18 +131,24 @@ function show_fatal(&$errmsg) {
 # Parameter: Fehlermeldung\r
 \r
 function show_user_error(&$errmsg) {\r
 # Parameter: Fehlermeldung\r
 \r
 function show_user_error(&$errmsg) {\r

-    global $captcha_enable, $email, $name, $subject, $text, $tpl_user_error;\r
+    global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error;\r

 \r
     $tpl = new Template;\r
     $tpl->read_file($tpl_user_error);\r
 \r
     $tpl->parse_if_block('CAPTCHA',$captcha_enable);\r
 \r
 \r
     $tpl = new Template;\r
     $tpl->read_file($tpl_user_error);\r
 \r
     $tpl->parse_if_block('CAPTCHA',$captcha_enable);\r
 \r

-    $tpl->set_var('EMAIL',  htmlentities($email));\r
+    $tpl->set_var('EMAIL',  htmlspecialchars($email));\r

     $tpl->set_var('ERROR',  $errmsg);\r
     $tpl->set_var('ERROR',  $errmsg);\r

-    $tpl->set_var('NAME',   htmlentities($name));\r
-    $tpl->set_var('SUBJECT',htmlentities($subject));\r
-    $tpl->set_var('TEXT',   htmlentities($text));\r
+    $tpl->set_var('NAME',   htmlspecialchars($name));\r
+    $tpl->set_var('SUBJECT',htmlspecialchars($subject));\r
+    $tpl->set_var('TEXT',   htmlspecialchars($text));\r
+\r
+    reset($user_fields);\r
+\r
+    while(list($user_field,$user_field_data) = each($user_fields)) {\r
+        $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field)));\r
+    }\r

 \r
     $tpl->parse();\r
 \r
 \r
     $tpl->parse();\r
 \r