X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/d30a679aaebd16d4bef1f883f0ab63fbf1c2ecb2..fec4e7b5a58926414f0aec752321cb6a86959412:/form-email/functions.php
diff --git a/form-email/functions.php b/form-email/functions.php
index 9f5937d..d8d6f71 100644
--- a/form-email/functions.php
+++ b/form-email/functions.php
@@ -1,19 +1,20 @@
-# Letzte Aenderung: 11.1.2009
+# Letzte Aenderung: 3.12.2011
#
# Copyright (C) 2002-2011 Patrick Canterino
#
-# Diese Datei kann unter den Bedingungen der "Artistic License 1.0"
+# Diese Datei kann unter den Bedingungen der "Artistic License 2.0"
# weitergegeben und / oder veraendert werden.
# Siehe:
-# http://www.opensource.org/licenses/artistic-license-1.0.php
+# http://www.opensource.org/licenses/artistic-license-2.0
#
# formdata()
@@ -28,36 +29,31 @@
# wird nichts zurueckgegeben.
# - Codierende Backslashes werden automatisch entfernt
-function formdata($param)
-{
- switch($_SERVER['REQUEST_METHOD'])
- {
- case 'GET':
- if(isset($_GET[$param]))
- {
- $value = $_GET[$param];
- break;
- }
- else return null;
-
- case 'POST':
- if(isset($_POST[$param]))
- {
- $value = $_POST[$param];
- break;
- }
- else return null;
-
- default:
- return null;
- }
-
- if(get_magic_quotes_gpc())
- {
- if(is_array($value)) return array_map('stripslashes',$value);
- else return stripslashes($value);
- }
- else return $value;
+function formdata($param) {
+ switch($_SERVER['REQUEST_METHOD']) {
+ case 'GET':
+ if(isset($_GET[$param])) {
+ $value = $_GET[$param];
+ break;
+ }
+ else return null;
+
+ case 'POST':
+ if(isset($_POST[$param])) {
+ $value = $_POST[$param];
+ break;
+ }
+ else return null;
+
+ default:
+ return null;
+ }
+
+ if(get_magic_quotes_gpc()) {
+ if(is_array($value)) return array_map('stripslashes',$value);
+ else return stripslashes($value);
+ }
+ else return $value;
}
# plain()
@@ -70,20 +66,18 @@ function formdata($param)
#
# Rueckgabe: Bearbeiteter Text (String)
-function &plain(&$text,$linebreak='
')
-{
- $htmltext = htmlentities($text);
- $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);
+function &plain(&$text,$linebreak='
') {
+ $htmltext = htmlspecialchars($text);
+ $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);
- for($x=0;$x')
#
# Rueckgabe: Aufgeteilte Zeichenkette (Array)
-function semicolon_split($string)
-{
- $parts = explode(';',$string);
- $parts = array_map('trim',$parts);
+function semicolon_split($string) {
+ $parts = explode(';',$string);
+ $parts = array_map('trim',$parts);
- return $parts;
+ return $parts;
}
# show_fatal()
@@ -110,17 +103,16 @@ function semicolon_split($string)
#
# Parameter: Fehlermeldung
-function show_fatal(&$errmsg)
-{
- global $tpl_fatal;
+function show_fatal(&$errmsg) {
+ global $tpl_fatal;
- $tpl = new Template;
- $tpl->read_file($tpl_fatal);
+ $tpl = new Template;
+ $tpl->read_file($tpl_fatal);
- $tpl->fillin('ERROR',$errmsg);
+ $tpl->fillin('ERROR',$errmsg);
- print $tpl->get_template();
- exit;
+ print $tpl->get_template();
+ exit;
}
# show_user_error()
@@ -130,25 +122,30 @@ function show_fatal(&$errmsg)
#
# Parameter: Fehlermeldung
-function show_user_error(&$errmsg)
-{
- global $captcha_enable, $email, $name, $subject, $text, $tpl_user_error;
+function show_user_error(&$errmsg) {
+ global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error;
- $tpl = new Template;
- $tpl->read_file($tpl_user_error);
+ $tpl = new Template;
+ $tpl->read_file($tpl_user_error);
- $tpl->parse_if_block('CAPTCHA',$captcha_enable);
-
- $tpl->set_var('EMAIL', htmlentities($email));
- $tpl->set_var('ERROR', $errmsg);
- $tpl->set_var('NAME', htmlentities($name));
- $tpl->set_var('SUBJECT',htmlentities($subject));
- $tpl->set_var('TEXT', htmlentities($text));
+ $tpl->parse_if_block('CAPTCHA',$captcha_enable);
- $tpl->parse();
+ $tpl->set_var('EMAIL', htmlspecialchars($email));
+ $tpl->set_var('ERROR', $errmsg);
+ $tpl->set_var('NAME', htmlspecialchars($name));
+ $tpl->set_var('SUBJECT',htmlspecialchars($subject));
+ $tpl->set_var('TEXT', htmlspecialchars($text));
- print $tpl->get_template();
- exit;
+ reset($user_fields);
+
+ while(list($user_field,$user_field_data) = each($user_fields)) {
+ $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field)));
+ }
+
+ $tpl->parse();
+
+ print $tpl->get_template();
+ exit;
}
#