X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/f1f62b07946e764d3b51d1da4eeb7aa83702bec6..8f7adfd8fdad5a9d1e2ea46ff5372e679ab10ef4:/form-email/functions.php?ds=inline diff --git a/form-email/functions.php b/form-email/functions.php index f470011..9e68c64 100644 --- a/form-email/functions.php +++ b/form-email/functions.php @@ -7,7 +7,7 @@ # geschrieben wurde. # # Autor: Patrick Canterino -# Letzte Aenderung: 7.11.2011 +# Letzte Aenderung: 17.12.2011 # # Copyright (C) 2002-2011 Patrick Canterino # @@ -29,36 +29,31 @@ # wird nichts zurueckgegeben. # - Codierende Backslashes werden automatisch entfernt -function formdata($param) -{ - switch($_SERVER['REQUEST_METHOD']) - { - case 'GET': - if(isset($_GET[$param])) - { - $value = $_GET[$param]; - break; - } - else return null; - - case 'POST': - if(isset($_POST[$param])) - { - $value = $_POST[$param]; - break; - } - else return null; - - default: - return null; - } - - if(get_magic_quotes_gpc()) - { - if(is_array($value)) return array_map('stripslashes',$value); - else return stripslashes($value); - } - else return $value; +function formdata($param) { + switch($_SERVER['REQUEST_METHOD']) { + case 'GET': + if(isset($_GET[$param])) { + $value = $_GET[$param]; + break; + } + else return null; + + case 'POST': + if(isset($_POST[$param])) { + $value = $_POST[$param]; + break; + } + else return null; + + default: + return null; + } + + if(get_magic_quotes_gpc()) { + if(is_array($value)) return array_map('stripslashes',$value); + else return stripslashes($value); + } + else return $value; } # plain() @@ -71,20 +66,18 @@ function formdata($param) # # Rueckgabe: Bearbeiteter Text (String) -function &plain(&$text,$linebreak='
') -{ - $htmltext = htmlentities($text); - $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext); +function plain($text,$linebreak='
') { + $htmltext = htmlspecialchars($text); + $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext); - for($x=0;$xread_file($tpl_fatal); + $tpl = new Template; + $tpl->read_file($tpl_fatal); - $tpl->fillin('ERROR',$errmsg); + if(sizeof($vars) > 0) { + while(list($var,$content) = each($vars)) { + $errmsg = str_replace('{'.$var.'}',htmlspecialchars($content),$errmsg); + } + } - print $tpl->get_template(); - exit; + $tpl->set_var('ERROR',$errmsg); + + $tpl->parse(); + + print $tpl->get_template(); + exit; } # show_user_error() @@ -131,25 +130,37 @@ function show_fatal(&$errmsg) # # Parameter: Fehlermeldung -function show_user_error(&$errmsg) -{ - global $captcha_enable, $email, $name, $subject, $text, $tpl_user_error; +function show_user_error($errmsg) { + global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error; + + $tpl = new Template; + $tpl->read_file($tpl_user_error); + + $tpl->parse_if_block('CAPTCHA',$captcha_enable); + + $tpl->set_var('EMAIL', htmlspecialchars($email)); + $tpl->set_var('ERROR', $errmsg); + $tpl->set_var('NAME', htmlspecialchars($name)); + $tpl->set_var('SUBJECT',htmlspecialchars($subject)); + $tpl->set_var('TEXT', htmlspecialchars($text)); + + reset($user_fields); - $tpl = new Template; - $tpl->read_file($tpl_user_error); + while(list($user_field,$user_field_data) = each($user_fields)) { + if(isset($user_field_data['tpl_var']) && $user_field_data['tpl_var'] != '') { + $tpl_var = $user_field_data['tpl_var']; + } + else { + $tpl_var = 'USER_'.$user_field; + } - $tpl->parse_if_block('CAPTCHA',$captcha_enable); - - $tpl->set_var('EMAIL', htmlentities($email)); - $tpl->set_var('ERROR', $errmsg); - $tpl->set_var('NAME', htmlentities($name)); - $tpl->set_var('SUBJECT',htmlentities($subject)); - $tpl->set_var('TEXT', htmlentities($text)); + $tpl->set_var($tpl_var,htmlspecialchars(formdata($user_field))); + } - $tpl->parse(); + $tpl->parse(); - print $tpl->get_template(); - exit; + print $tpl->get_template(); + exit; } #