[geeklog-cvs] geeklog: Additional checks in "Mail Story to a Friend" and "Send...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Oct 4 05:10:33 EDT 2009
changeset 7357:6155fbeb6262
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/6155fbeb6262
user: Dirk Haun <dirk at haun-online.de>
date: Sun Oct 04 11:10:08 2009 +0200
description:
Additional checks in "Mail Story to a Friend" and "Send mail to user" dialogs to make sure users don't enter email addresses into the name fields (bug #0000992)
diffstat:
language/english.php | 4 +-
language/english_utf-8.php | 4 +-
public_html/docs/history | 3 +
public_html/profiles.php | 63 ++++++++++++++++++-------------
4 files changed, 43 insertions(+), 31 deletions(-)
diffs (125 lines):
diff -r 7c38c0c6ce0c -r 6155fbeb6262 language/english.php
--- a/language/english.php Sun Oct 04 10:08:27 2009 +0200
+++ b/language/english.php Sun Oct 04 11:10:08 2009 +0200
@@ -419,8 +419,8 @@
$LANG08 = array(
1 => 'There was an error sending your message. Please try again.',
2 => 'Message sent successfully.',
- 3 => 'Please make sure you use a valid email address in the Reply To field.',
- 4 => 'Please fill in the Your Name, Reply To, Subject and Message fields',
+ 3 => 'Please make sure you use a valid email address in the Your Email Address field.',
+ 4 => 'Please fill in the Your Name, Your Email Address, Subject and Message fields',
5 => 'Error: No such user.',
6 => 'There was an error.',
7 => 'User Profile for',
diff -r 7c38c0c6ce0c -r 6155fbeb6262 language/english_utf-8.php
--- a/language/english_utf-8.php Sun Oct 04 10:08:27 2009 +0200
+++ b/language/english_utf-8.php Sun Oct 04 11:10:08 2009 +0200
@@ -419,8 +419,8 @@
$LANG08 = array(
1 => 'There was an error sending your message. Please try again.',
2 => 'Message sent successfully.',
- 3 => 'Please make sure you use a valid email address in the Reply To field.',
- 4 => 'Please fill in the Your Name, Reply To, Subject and Message fields',
+ 3 => 'Please make sure you use a valid email address in the Your Email Address field.',
+ 4 => 'Please fill in the Your Name, Your Email Address, Subject and Message fields',
5 => 'Error: No such user.',
6 => 'There was an error.',
7 => 'User Profile for',
diff -r 7c38c0c6ce0c -r 6155fbeb6262 public_html/docs/history
--- a/public_html/docs/history Sun Oct 04 10:08:27 2009 +0200
+++ b/public_html/docs/history Sun Oct 04 11:10:08 2009 +0200
@@ -3,6 +3,9 @@
Oct ??, 2009 (1.6.1)
------------
+- Additional checks in "Mail Story to a Friend" and "Send mail to user" dialogs
+ to make sure users don't enter email addresses into the name fields (bug
+ #0000992) [Dirk]
- Added an option to send a copy to self to the "Mail Story to a Friend" dialog
and made the look of this and the "Send mail to user" dialogs more consistent
[Dirk]
diff -r 7c38c0c6ce0c -r 6155fbeb6262 public_html/profiles.php
--- a/public_html/profiles.php Sun Oct 04 10:08:27 2009 +0200
+++ b/public_html/profiles.php Sun Oct 04 11:10:08 2009 +0200
@@ -81,7 +81,7 @@
}
if (!empty($author) && !empty($subject) && !empty($message)) {
- if (COM_isemail($authoremail)) {
+ if (COM_isemail($authoremail) && (strpos($authoremail, '@') === false)) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = $uid");
$A = DB_fetchArray($result);
@@ -530,36 +530,45 @@
break;
case 'sendstory':
- $sid = COM_applyFilter ($_POST['sid']);
- if (empty ($sid)) {
- $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ $sid = COM_applyFilter($_POST['sid']);
+ if (empty($sid)) {
+ $display = COM_refresh($_CONF['site_url'] . '/index.php');
} else {
- if (empty ($_POST['toemail']) || empty ($_POST['fromemail'])
- || !COM_isEmail ($_POST['toemail'])
- || !COM_isEmail ($_POST['fromemail'])) {
+ if (empty($_POST['toemail']) || empty($_POST['fromemail']) ||
+ !COM_isEmail($_POST['toemail']) ||
+ !COM_isEmail($_POST['fromemail']) ||
+ (strpos($_POST['to'], '@') !== false) ||
+ (strpos($_POST['from'], '@') !== false)) {
+ $display .= COM_siteHeader('menu', $LANG08[17])
+ . mailstoryform ($sid, COM_applyFilter($_POST['to']),
+ COM_applyFilter($_POST['toemail']),
+ COM_applyFilter($_POST['from']),
+ COM_applyFilter($_POST['fromemail']),
+ $_POST['shortmsg'], 52)
+ . COM_siteFooter();
+ } else if (empty($_POST['to']) || empty($_POST['from']) ||
+ empty($_POST['shortmsg'])) {
$display .= COM_siteHeader ('menu', $LANG08[17])
- . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
- COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
- $_POST['shortmsg'], 52)
- . COM_siteFooter ();
- } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
- empty ($_POST['shortmsg'])) {
- $display .= COM_siteHeader ('menu', $LANG08[17])
- . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
- COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
- $_POST['shortmsg'])
- . COM_siteFooter ();
+ . COM_showMessageText($LANG08[22])
+ . mailstoryform($sid, COM_applyFilter($_POST['to']),
+ COM_applyFilter($_POST['toemail']),
+ COM_applyFilter($_POST['from']),
+ COM_applyFilter($_POST['fromemail']),
+ $_POST['shortmsg'])
+ . COM_siteFooter();
} else {
- $msg = PLG_itemPreSave ('emailstory', $_POST['shortmsg']);
- if (!empty ($msg)) {
- $display .= COM_siteHeader ('menu', '')
- . COM_errorLog ($msg, 2)
- . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
- COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
- $_POST['shortmsg'])
- . COM_siteFooter ();
+ $msg = PLG_itemPreSave('emailstory', $_POST['shortmsg']);
+ if (!empty($msg)) {
+ $display .= COM_siteHeader('menu', $LANG08[17])
+ . COM_errorLog($msg, 2)
+ . mailstoryform($sid, COM_applyFilter($_POST['to']),
+ COM_applyFilter($_POST['toemail']),
+ COM_applyFilter($_POST['from']),
+ COM_applyFilter($_POST['fromemail']),
+ $_POST['shortmsg'])
+ . COM_siteFooter();
} else {
- $display .= mailstory ($sid, $_POST['to'], $_POST['toemail'],
+ $display .= mailstory($sid, $_POST['to'], $_POST['toemail'],
$_POST['from'], $_POST['fromemail'], $_POST['shortmsg']);
}
}
More information about the geeklog-cvs
mailing list