X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/d30a679aaebd16d4bef1f883f0ab63fbf1c2ecb2..fec4e7b5a58926414f0aec752321cb6a86959412:/form-email/functions.php diff --git a/form-email/functions.php b/form-email/functions.php index 9f5937d..d8d6f71 100644 --- a/form-email/functions.php +++ b/form-email/functions.php @@ -1,19 +1,20 @@ -# Letzte Aenderung: 11.1.2009 +# Letzte Aenderung: 3.12.2011 # # Copyright (C) 2002-2011 Patrick Canterino # -# Diese Datei kann unter den Bedingungen der "Artistic License 1.0" +# Diese Datei kann unter den Bedingungen der "Artistic License 2.0" # weitergegeben und / oder veraendert werden. # Siehe: -# http://www.opensource.org/licenses/artistic-license-1.0.php +# http://www.opensource.org/licenses/artistic-license-2.0 # # formdata() @@ -28,36 +29,31 @@ # wird nichts zurueckgegeben. # - Codierende Backslashes werden automatisch entfernt -function formdata($param) -{ - switch($_SERVER['REQUEST_METHOD']) - { - case 'GET': - if(isset($_GET[$param])) - { - $value = $_GET[$param]; - break; - } - else return null; - - case 'POST': - if(isset($_POST[$param])) - { - $value = $_POST[$param]; - break; - } - else return null; - - default: - return null; - } - - if(get_magic_quotes_gpc()) - { - if(is_array($value)) return array_map('stripslashes',$value); - else return stripslashes($value); - } - else return $value; +function formdata($param) { + switch($_SERVER['REQUEST_METHOD']) { + case 'GET': + if(isset($_GET[$param])) { + $value = $_GET[$param]; + break; + } + else return null; + + case 'POST': + if(isset($_POST[$param])) { + $value = $_POST[$param]; + break; + } + else return null; + + default: + return null; + } + + if(get_magic_quotes_gpc()) { + if(is_array($value)) return array_map('stripslashes',$value); + else return stripslashes($value); + } + else return $value; } # plain() @@ -70,20 +66,18 @@ function formdata($param) # # Rueckgabe: Bearbeiteter Text (String) -function &plain(&$text,$linebreak='
') -{ - $htmltext = htmlentities($text); - $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext); +function &plain(&$text,$linebreak='
') { + $htmltext = htmlspecialchars($text); + $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext); - for($x=0;$xread_file($tpl_fatal); + $tpl = new Template; + $tpl->read_file($tpl_fatal); - $tpl->fillin('ERROR',$errmsg); + $tpl->fillin('ERROR',$errmsg); - print $tpl->get_template(); - exit; + print $tpl->get_template(); + exit; } # show_user_error() @@ -130,25 +122,30 @@ function show_fatal(&$errmsg) # # Parameter: Fehlermeldung -function show_user_error(&$errmsg) -{ - global $captcha_enable, $email, $name, $subject, $text, $tpl_user_error; +function show_user_error(&$errmsg) { + global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error; - $tpl = new Template; - $tpl->read_file($tpl_user_error); + $tpl = new Template; + $tpl->read_file($tpl_user_error); - $tpl->parse_if_block('CAPTCHA',$captcha_enable); - - $tpl->set_var('EMAIL', htmlentities($email)); - $tpl->set_var('ERROR', $errmsg); - $tpl->set_var('NAME', htmlentities($name)); - $tpl->set_var('SUBJECT',htmlentities($subject)); - $tpl->set_var('TEXT', htmlentities($text)); + $tpl->parse_if_block('CAPTCHA',$captcha_enable); - $tpl->parse(); + $tpl->set_var('EMAIL', htmlspecialchars($email)); + $tpl->set_var('ERROR', $errmsg); + $tpl->set_var('NAME', htmlspecialchars($name)); + $tpl->set_var('SUBJECT',htmlspecialchars($subject)); + $tpl->set_var('TEXT', htmlspecialchars($text)); - print $tpl->get_template(); - exit; + reset($user_fields); + + while(list($user_field,$user_field_data) = each($user_fields)) { + $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field))); + } + + $tpl->parse(); + + print $tpl->get_template(); + exit; } #