X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/d30a679aaebd16d4bef1f883f0ab63fbf1c2ecb2..9f389a70766ec9ad8f355b41dfe5aecae34c626f:/form-email/functions.php
diff --git a/form-email/functions.php b/form-email/functions.php
index 9f5937d..331bd55 100644
--- a/form-email/functions.php
+++ b/form-email/functions.php
@@ -1,19 +1,20 @@
-# Letzte Aenderung: 11.1.2009
+# Letzte Aenderung: 12.12.2011
#
# Copyright (C) 2002-2011 Patrick Canterino
#
-# Diese Datei kann unter den Bedingungen der "Artistic License 1.0"
+# Diese Datei kann unter den Bedingungen der "Artistic License 2.0"
# weitergegeben und / oder veraendert werden.
# Siehe:
-# http://www.opensource.org/licenses/artistic-license-1.0.php
+# http://www.opensource.org/licenses/artistic-license-2.0
#
# formdata()
@@ -28,36 +29,31 @@
# wird nichts zurueckgegeben.
# - Codierende Backslashes werden automatisch entfernt
-function formdata($param)
-{
- switch($_SERVER['REQUEST_METHOD'])
- {
- case 'GET':
- if(isset($_GET[$param]))
- {
- $value = $_GET[$param];
- break;
- }
- else return null;
-
- case 'POST':
- if(isset($_POST[$param]))
- {
- $value = $_POST[$param];
- break;
- }
- else return null;
-
- default:
- return null;
- }
-
- if(get_magic_quotes_gpc())
- {
- if(is_array($value)) return array_map('stripslashes',$value);
- else return stripslashes($value);
- }
- else return $value;
+function formdata($param) {
+ switch($_SERVER['REQUEST_METHOD']) {
+ case 'GET':
+ if(isset($_GET[$param])) {
+ $value = $_GET[$param];
+ break;
+ }
+ else return null;
+
+ case 'POST':
+ if(isset($_POST[$param])) {
+ $value = $_POST[$param];
+ break;
+ }
+ else return null;
+
+ default:
+ return null;
+ }
+
+ if(get_magic_quotes_gpc()) {
+ if(is_array($value)) return array_map('stripslashes',$value);
+ else return stripslashes($value);
+ }
+ else return $value;
}
# plain()
@@ -70,20 +66,18 @@ function formdata($param)
#
# Rueckgabe: Bearbeiteter Text (String)
-function &plain(&$text,$linebreak='
')
-{
- $htmltext = htmlentities($text);
- $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);
+function &plain(&$text,$linebreak='
') {
+ $htmltext = htmlspecialchars($text);
+ $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);
- for($x=0;$xread_file($tpl_fatal);
+ $tpl = new Template;
+ $tpl->read_file($tpl_fatal);
- $tpl->fillin('ERROR',$errmsg);
+ if(sizeof($vars) > 0) {
+ while(list($var,$content) = each($vars)) {
+ $errmsg = str_replace('{'.$var.'}',htmlspecialchars($content),$errmsg);
+ }
+ }
- print $tpl->get_template();
- exit;
+ $tpl->set_var('ERROR',$errmsg);
+
+ $tpl->parse();
+
+ print $tpl->get_template();
+ exit;
}
# show_user_error()
@@ -130,25 +130,30 @@ function show_fatal(&$errmsg)
#
# Parameter: Fehlermeldung
-function show_user_error(&$errmsg)
-{
- global $captcha_enable, $email, $name, $subject, $text, $tpl_user_error;
+function show_user_error(&$errmsg) {
+ global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error;
+
+ $tpl = new Template;
+ $tpl->read_file($tpl_user_error);
+
+ $tpl->parse_if_block('CAPTCHA',$captcha_enable);
+
+ $tpl->set_var('EMAIL', htmlspecialchars($email));
+ $tpl->set_var('ERROR', $errmsg);
+ $tpl->set_var('NAME', htmlspecialchars($name));
+ $tpl->set_var('SUBJECT',htmlspecialchars($subject));
+ $tpl->set_var('TEXT', htmlspecialchars($text));
- $tpl = new Template;
- $tpl->read_file($tpl_user_error);
+ reset($user_fields);
- $tpl->parse_if_block('CAPTCHA',$captcha_enable);
-
- $tpl->set_var('EMAIL', htmlentities($email));
- $tpl->set_var('ERROR', $errmsg);
- $tpl->set_var('NAME', htmlentities($name));
- $tpl->set_var('SUBJECT',htmlentities($subject));
- $tpl->set_var('TEXT', htmlentities($text));
+ while(list($user_field,$user_field_data) = each($user_fields)) {
+ $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field)));
+ }
- $tpl->parse();
+ $tpl->parse();
- print $tpl->get_template();
- exit;
+ print $tpl->get_template();
+ exit;
}
#