X-Git-Url: https://git.p6c8.net/form-email.git/blobdiff_plain/f77ec4e3fb74940eeabdf816a99664ec5e532f64..e727168305eaf781e5640690a0369eaa4614ffc6:/form-email/functions.php?ds=inline

diff --git a/form-email/functions.php b/form-email/functions.php
index e353da8..d8d6f71 100644
--- a/form-email/functions.php
+++ b/form-email/functions.php
@@ -67,7 +67,7 @@ function formdata($param) {
 # Rueckgabe: Bearbeiteter Text (String)
 
 function &plain(&$text,$linebreak='<br>') {
-    $htmltext = htmlentities($text);
+    $htmltext = htmlspecialchars($text);
     $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);
 
     for($x=0;$x<strlen($htmltext);$x++) {
@@ -123,18 +123,24 @@ function show_fatal(&$errmsg) {
 # Parameter: Fehlermeldung
 
 function show_user_error(&$errmsg) {
-    global $captcha_enable, $email, $name, $subject, $text, $tpl_user_error;
+    global $captcha_enable, $email, $name, $subject, $text, $user_fields, $tpl_user_error;
 
     $tpl = new Template;
     $tpl->read_file($tpl_user_error);
 
     $tpl->parse_if_block('CAPTCHA',$captcha_enable);
 
-    $tpl->set_var('EMAIL',  htmlentities($email));
+    $tpl->set_var('EMAIL',  htmlspecialchars($email));
     $tpl->set_var('ERROR',  $errmsg);
-    $tpl->set_var('NAME',   htmlentities($name));
-    $tpl->set_var('SUBJECT',htmlentities($subject));
-    $tpl->set_var('TEXT',   htmlentities($text));
+    $tpl->set_var('NAME',   htmlspecialchars($name));
+    $tpl->set_var('SUBJECT',htmlspecialchars($subject));
+    $tpl->set_var('TEXT',   htmlspecialchars($text));
+
+    reset($user_fields);
+
+    while(list($user_field,$user_field_data) = each($user_fields)) {
+        $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field)));
+    }
 
     $tpl->parse();