X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/a2e35aed2b2920454ece2fd3aef9404a923dc238..88aa9dc7ff0e0cd2b6b7d5a7816600e3a956d740:/form-email/functions.php

diff --git a/form-email/functions.php b/form-email/functions.php
index eb7f920..d9f3482 100644
--- a/form-email/functions.php
+++ b/form-email/functions.php
@@ -7,9 +7,9 @@
 # geschrieben wurde.
 #
 # Autor:            Patrick Canterino <patrick@patshaping.de>
-# Letzte Aenderung: 3.12.2011
+# Letzte Aenderung: 17.12.2011
 #
-# Copyright (C) 2002-2011 Patrick Canterino
+# Copyright (C) 2002-2012 Patrick Canterino
 #
 # Diese Datei kann unter den Bedingungen der "Artistic License 2.0"
 # weitergegeben und / oder veraendert werden.
@@ -66,8 +66,8 @@ function formdata($param) {
 #
 # Rueckgabe: Bearbeiteter Text (String)
 
-function &plain(&$text,$linebreak='<br>') {
-    $htmltext = htmlentities($text);
+function plain($text,$linebreak='<br>') {
+    $htmltext = htmlspecialchars($text);
     $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);
 
     for($x=0;$x<strlen($htmltext);$x++) {
@@ -103,13 +103,21 @@ function semicolon_split($string) {
 #
 # Parameter: Fehlermeldung
 
-function show_fatal(&$errmsg) {
+function show_fatal($errmsg,$vars=array()) {
     global $tpl_fatal;
 
     $tpl = new Template;
     $tpl->read_file($tpl_fatal);
 
-    $tpl->fillin('ERROR',$errmsg);
+    if(sizeof($vars) > 0) {
+        while(list($var,$content) = each($vars)) {
+            $errmsg = str_replace('{'.$var.'}',htmlspecialchars($content),$errmsg);
+        }
+    }
+
+    $tpl->set_var('ERROR',$errmsg);
+
+    $tpl->parse();
 
     print $tpl->get_template();
     exit;
@@ -122,7 +130,7 @@ function show_fatal(&$errmsg) {
 #
 # Parameter: Fehlermeldung
 
-function show_user_error(&$errmsg) {
+function show_user_error($errmsg) {
     global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error;
 
     $tpl = new Template;
@@ -130,16 +138,23 @@ function show_user_error(&$errmsg) {
 
     $tpl->parse_if_block('CAPTCHA',$captcha_enable);
 
-    $tpl->set_var('EMAIL',  htmlentities($email));
+    $tpl->set_var('EMAIL',  htmlspecialchars($email));
     $tpl->set_var('ERROR',  $errmsg);
-    $tpl->set_var('NAME',   htmlentities($name));
-    $tpl->set_var('SUBJECT',htmlentities($subject));
-    $tpl->set_var('TEXT',   htmlentities($text));
+    $tpl->set_var('NAME',   htmlspecialchars($name));
+    $tpl->set_var('SUBJECT',htmlspecialchars($subject));
+    $tpl->set_var('TEXT',   htmlspecialchars($text));
 
     reset($user_fields);
 
     while(list($user_field,$user_field_data) = each($user_fields)) {
-        $tpl->set_var($user_field_data['tpl_var'],htmlentities(formdata($user_field)));
+        if(isset($user_field_data['tpl_var']) && $user_field_data['tpl_var'] != '') {
+            $tpl_var = $user_field_data['tpl_var'];
+        }
+        else {
+            $tpl_var = 'USER_'.$user_field;
+        }
+
+        $tpl->set_var($tpl_var,htmlspecialchars(formdata($user_field)));
     }
 
     $tpl->parse();