Changeset - f5b8a6f32c9a
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Nathan Brink (binki) - 15 years ago 2010-11-04 10:26:05
ohnobinki@ohnopublishing.net
Actually reject bad input for the feedback form instead of detecting it but still allowing it through.
1 file changed with 18 insertions and 11 deletions:
feedback-submit.php
18
11
0 comments (0 inline, 0 general)
feedback-submit.php
Show inline comments
 
@@ -21,20 +21,26 @@ Page::session_start();
 
$feedback = $_POST['feedback'];
 
$rating = $_POST['rating'];
 

			




	
	
	
		
 
$reject = FALSE;

			




	
	
	
		
 

			




	
	
	
		
 
if (eregi('http:', $feedback)) { 

			




	
	
	
		
 
  echo 'Please do not include URLs in your submission! Please click "back" and try again.';

			




	
	
	
		
 
  $reject = TRUE;

			




	
	
	
		
 
}

			




	
	
	
		
 
if((!$visitormail == '') && (!strstr($visitormail, '@') || !strstr($visitormail, '.'))) {

			




	
	
	
		
 
if (empty($visitormail) || !preg_match('/^[^@]+@[^@]+\.[^@]+$/', $visitormail)) {

			




	
	
	
		
 
  echo '<p>Please click "back" and enter valid e-mail address.</p>';

			




	
	
	
		
 
  $reject = TRUE;

			




	
	
	
		
 
}

			




	
	
	
		
 
if(empty($nameis) || empty($feedback) || empty($visitormail)) {

			




	
	
	
		
 
  echo '<p>Please click "back" and fill in all fields.</p>';

			




	
	
	
		
 
  $reject = TRUE;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
if (!$reject)

			




	
	
	
		
 
  {

			




	
	
	
		
 
    $feedback = stripcslashes($feedback);

			




	
	
	
		
 

			




	
	
	
		
 
$feedback = stripcslashes($feedback);

			




	
	
	
		
 

			




	
	
	
		
 
$message = date('l, F j, Y, g:i a') ."

			




	
	
	
		
 
    $message = date('l, F j, Y, g:i a') ."

			




	
	
	
		
 
From: $nameis ($visitormail)

			




	
	
	
		
 
School: $school ($school_id)\n

			




	
	
	
		
 
Rating: $rating 

			




	
	
		
 
@@ -45,14 +51,13 @@ Browser = $httpagent

			




	
	
	
		
 
Deployment = $fromdom

			




	
	
	
		
 
";

			




	
	
	
		
 

			




	
	
	
		
 
$from = "From: $visitormail\r\n";

			




	
	
	
		
 
    $from = "From: $visitormail\r\n";

			




	
	
	
		
 

			




	
	
	
		
 
/* $feedback_emails has its default set in inc/class.page.inc, can be set in config.inc */

			




	
	
	
		
 
foreach($feedback_emails as $toaddr)

			




	
	
	
		
 
  {

			




	
	
	
		
 
    mail($toaddr, $subject, $message, $from);

			




	
	
	
		
 
  }

			




	
	
	
		
 

			




	
	
	
		
 
    /* $feedback_emails has its default set in inc/class.page.inc, can be set in config.inc */

			




	
	
	
		
 
    foreach($feedback_emails as $toaddr)

			




	
	
	
		
 
      {

			




	
	
	
		
 
	mail($toaddr, $subject, $message, $from);

			




	
	
	
		
 
      }

			




	
	
	
		
 

			




	
	
	
		
 
?>

			




	
	
	
		
 

			




	
	
		
 
@@ -61,4 +66,6 @@ foreach($feedback_emails as $toaddr)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
<?php

			




	
	
	
		
 
  }

			




	
	
	
		
 

			




	
	
	
		
 
  $feedbackpage->foot();

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: zserverv-307515
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support