# HG changeset patch # User Nathan Phillip Brink # Date 2010-11-04 10:26:05 # Node ID f5b8a6f32c9a14d79e9e846240060e54f6702941 # Parent 1dcff9f4286f4c0d3b0128165c3feb5947879648 Actually reject bad input for the feedback form instead of detecting it but still allowing it through. diff --git a/feedback-submit.php b/feedback-submit.php --- a/feedback-submit.php +++ b/feedback-submit.php @@ -21,20 +21,26 @@ Page::session_start(); $feedback = $_POST['feedback']; $rating = $_POST['rating']; +$reject = FALSE; + if (eregi('http:', $feedback)) { echo 'Please do not include URLs in your submission! Please click "back" and try again.'; + $reject = TRUE; } -if((!$visitormail == '') && (!strstr($visitormail, '@') || !strstr($visitormail, '.'))) { +if (empty($visitormail) || !preg_match('/^[^@]+@[^@]+\.[^@]+$/', $visitormail)) { echo '

Please click "back" and enter valid e-mail address.

'; + $reject = TRUE; } if(empty($nameis) || empty($feedback) || empty($visitormail)) { echo '

Please click "back" and fill in all fields.

'; + $reject = TRUE; } +if (!$reject) + { + $feedback = stripcslashes($feedback); -$feedback = stripcslashes($feedback); - -$message = date('l, F j, Y, g:i a') ." + $message = date('l, F j, Y, g:i a') ." From: $nameis ($visitormail) School: $school ($school_id)\n Rating: $rating @@ -45,14 +51,13 @@ Browser = $httpagent Deployment = $fromdom "; -$from = "From: $visitormail\r\n"; + $from = "From: $visitormail\r\n"; -/* $feedback_emails has its default set in inc/class.page.inc, can be set in config.inc */ -foreach($feedback_emails as $toaddr) - { - mail($toaddr, $subject, $message, $from); - } - + /* $feedback_emails has its default set in inc/class.page.inc, can be set in config.inc */ + foreach($feedback_emails as $toaddr) + { + mail($toaddr, $subject, $message, $from); + } ?> @@ -61,4 +66,6 @@ foreach($feedback_emails as $toaddr) foot();