X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/a2e35aed2b2920454ece2fd3aef9404a923dc238..20040faad95ad57d60b149ed262f92b3a6eee100:/form-email/functions.php diff --git a/form-email/functions.php b/form-email/functions.php index eb7f920..9e68c64 100644 --- a/form-email/functions.php +++ b/form-email/functions.php @@ -7,7 +7,7 @@ # geschrieben wurde. # # Autor: Patrick Canterino -# Letzte Aenderung: 3.12.2011 +# Letzte Aenderung: 17.12.2011 # # Copyright (C) 2002-2011 Patrick Canterino # @@ -66,8 +66,8 @@ function formdata($param) { # # Rueckgabe: Bearbeiteter Text (String) -function &plain(&$text,$linebreak='
') { - $htmltext = htmlentities($text); +function plain($text,$linebreak='
') { + $htmltext = htmlspecialchars($text); $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext); for($x=0;$xread_file($tpl_fatal); - $tpl->fillin('ERROR',$errmsg); + if(sizeof($vars) > 0) { + while(list($var,$content) = each($vars)) { + $errmsg = str_replace('{'.$var.'}',htmlspecialchars($content),$errmsg); + } + } + + $tpl->set_var('ERROR',$errmsg); + + $tpl->parse(); print $tpl->get_template(); exit; @@ -122,7 +130,7 @@ function show_fatal(&$errmsg) { # # Parameter: Fehlermeldung -function show_user_error(&$errmsg) { +function show_user_error($errmsg) { global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error; $tpl = new Template; @@ -130,16 +138,23 @@ function show_user_error(&$errmsg) { $tpl->parse_if_block('CAPTCHA',$captcha_enable); - $tpl->set_var('EMAIL', htmlentities($email)); + $tpl->set_var('EMAIL', htmlspecialchars($email)); $tpl->set_var('ERROR', $errmsg); - $tpl->set_var('NAME', htmlentities($name)); - $tpl->set_var('SUBJECT',htmlentities($subject)); - $tpl->set_var('TEXT', htmlentities($text)); + $tpl->set_var('NAME', htmlspecialchars($name)); + $tpl->set_var('SUBJECT',htmlspecialchars($subject)); + $tpl->set_var('TEXT', htmlspecialchars($text)); reset($user_fields); while(list($user_field,$user_field_data) = each($user_fields)) { - $tpl->set_var($user_field_data['tpl_var'],htmlentities(formdata($user_field))); + if(isset($user_field_data['tpl_var']) && $user_field_data['tpl_var'] != '') { + $tpl_var = $user_field_data['tpl_var']; + } + else { + $tpl_var = 'USER_'.$user_field; + } + + $tpl->set_var($tpl_var,htmlspecialchars(formdata($user_field))); } $tpl->parse();