[geeklog-cvs] geeklog: Additional checks in "Mail Story to a Friend" and "Send...

Sun Oct 4 05:10:33 EDT 2009

changeset 7357:6155fbeb6262
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/6155fbeb6262
user: Dirk Haun <dirk at haun-online.de>
date: Sun Oct 04 11:10:08 2009 +0200
description:
Additional checks in "Mail Story to a Friend" and "Send mail to user" dialogs to make sure users don't enter email addresses into the name fields (bug #0000992)

diffstat:

 language/english.php       |   4 +-
 language/english_utf-8.php |   4 +-
 public_html/docs/history   |   3 +
 public_html/profiles.php   |  63 ++++++++++++++++++-------------
 4 files changed, 43 insertions(+), 31 deletions(-)

diffs (125 lines):

diff -r 7c38c0c6ce0c -r 6155fbeb6262 language/english.php

--- a/language/english.php	Sun Oct 04 10:08:27 2009 +0200
+++ b/language/english.php	Sun Oct 04 11:10:08 2009 +0200
@@ -419,8 +419,8 @@
 $LANG08 = array(
     1 => 'There was an error sending your message. Please try again.',
     2 => 'Message sent successfully.',
-    3 => 'Please make sure you use a valid email address in the Reply To field.',
-    4 => 'Please fill in the Your Name, Reply To, Subject and Message fields',
+    3 => 'Please make sure you use a valid email address in the Your Email Address field.',
+    4 => 'Please fill in the Your Name, Your Email Address, Subject and Message fields',
     5 => 'Error: No such user.',
     6 => 'There was an error.',
     7 => 'User Profile for',
diff -r 7c38c0c6ce0c -r 6155fbeb6262 language/english_utf-8.php
--- a/language/english_utf-8.php	Sun Oct 04 10:08:27 2009 +0200
+++ b/language/english_utf-8.php	Sun Oct 04 11:10:08 2009 +0200
@@ -419,8 +419,8 @@
 $LANG08 = array(
     1 => 'There was an error sending your message. Please try again.',
     2 => 'Message sent successfully.',
-    3 => 'Please make sure you use a valid email address in the Reply To field.',
-    4 => 'Please fill in the Your Name, Reply To, Subject and Message fields',
+    3 => 'Please make sure you use a valid email address in the Your Email Address field.',
+    4 => 'Please fill in the Your Name, Your Email Address, Subject and Message fields',
     5 => 'Error: No such user.',
     6 => 'There was an error.',
     7 => 'User Profile for',
diff -r 7c38c0c6ce0c -r 6155fbeb6262 public_html/docs/history
--- a/public_html/docs/history	Sun Oct 04 10:08:27 2009 +0200
+++ b/public_html/docs/history	Sun Oct 04 11:10:08 2009 +0200
@@ -3,6 +3,9 @@
 Oct ??, 2009 (1.6.1)
 ------------
 
+- Additional checks in "Mail Story to a Friend" and "Send mail to user" dialogs
+  to make sure users don't enter email addresses into the name fields (bug
+  #0000992) [Dirk]
 - Added an option to send a copy to self to the "Mail Story to a Friend" dialog
   and made the look of this and the "Send mail to user" dialogs more consistent
   [Dirk]
diff -r 7c38c0c6ce0c -r 6155fbeb6262 public_html/profiles.php
--- a/public_html/profiles.php	Sun Oct 04 10:08:27 2009 +0200
+++ b/public_html/profiles.php	Sun Oct 04 11:10:08 2009 +0200
@@ -81,7 +81,7 @@
     }
 
     if (!empty($author) && !empty($subject) && !empty($message)) {
-        if (COM_isemail($authoremail)) {
+        if (COM_isemail($authoremail) && (strpos($authoremail, '@') === false)) {
             $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = $uid");
             $A = DB_fetchArray($result);
 
@@ -530,36 +530,45 @@
         break;
 
     case 'sendstory':
-        $sid = COM_applyFilter ($_POST['sid']);
-        if (empty ($sid)) {
-            $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+        $sid = COM_applyFilter($_POST['sid']);
+        if (empty($sid)) {
+            $display = COM_refresh($_CONF['site_url'] . '/index.php');
         } else {
-            if (empty ($_POST['toemail']) || empty ($_POST['fromemail'])
-                    || !COM_isEmail ($_POST['toemail'])
-                    || !COM_isEmail ($_POST['fromemail'])) {
+            if (empty($_POST['toemail']) || empty($_POST['fromemail']) ||
+                    !COM_isEmail($_POST['toemail']) ||
+                    !COM_isEmail($_POST['fromemail']) ||
+                    (strpos($_POST['to'], '@') !== false) ||
+                    (strpos($_POST['from'], '@') !== false)) {
+                $display .= COM_siteHeader('menu', $LANG08[17])
+                         . mailstoryform ($sid, COM_applyFilter($_POST['to']),
+                                COM_applyFilter($_POST['toemail']),
+                                COM_applyFilter($_POST['from']),
+                                COM_applyFilter($_POST['fromemail']),
+                                $_POST['shortmsg'], 52)
+                         . COM_siteFooter();
+            } else if (empty($_POST['to']) || empty($_POST['from']) ||
+                    empty($_POST['shortmsg'])) {
                 $display .= COM_siteHeader ('menu', $LANG08[17])
-                         . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
-                                          COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
-                                          $_POST['shortmsg'], 52)
-                         . COM_siteFooter ();
-            } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
-                    empty ($_POST['shortmsg'])) {
-                $display .= COM_siteHeader ('menu', $LANG08[17])
-                         . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
-                                          COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
-                                          $_POST['shortmsg'])
-                         . COM_siteFooter ();
+                         . COM_showMessageText($LANG08[22])
+                         . mailstoryform($sid, COM_applyFilter($_POST['to']),
+                                COM_applyFilter($_POST['toemail']),
+                                COM_applyFilter($_POST['from']),
+                                COM_applyFilter($_POST['fromemail']),
+                                $_POST['shortmsg'])
+                         . COM_siteFooter();
             } else {
-                $msg = PLG_itemPreSave ('emailstory', $_POST['shortmsg']);
-                if (!empty ($msg)) {
-                    $display .= COM_siteHeader ('menu', '')
-                             . COM_errorLog ($msg, 2)
-                             . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
-                                              COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
-                                              $_POST['shortmsg'])
-                             . COM_siteFooter ();
+                $msg = PLG_itemPreSave('emailstory', $_POST['shortmsg']);
+                if (!empty($msg)) {
+                    $display .= COM_siteHeader('menu', $LANG08[17])
+                             . COM_errorLog($msg, 2)
+                             . mailstoryform($sid, COM_applyFilter($_POST['to']),
+                                COM_applyFilter($_POST['toemail']),
+                                COM_applyFilter($_POST['from']),
+                                COM_applyFilter($_POST['fromemail']),
+                                $_POST['shortmsg'])
+                             . COM_siteFooter();
                 } else {
-                    $display .= mailstory ($sid, $_POST['to'], $_POST['toemail'],
+                    $display .= mailstory($sid, $_POST['to'], $_POST['toemail'],
                         $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']);
                 }
             }

