From a7dad33da300d40d323c5fc6358763bd4bb779e4 Mon Sep 17 00:00:00 2001
From: james <james>
Date: Mon, 3 Mar 2008 20:12:59 +0000
Subject: [PATCH] Cleanify the subject, and strip slashes from the message body

---
 contact.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/contact.php b/contact.php
index d864c84..686b45f 100644
--- a/contact.php
+++ b/contact.php
@@ -40,7 +40,14 @@
 			if($md5email == md5($r->email)) {
 				$from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">";
 				$extra="Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n"; 
-				mail("$r->firstname $r->lastname <$r->email>",$_POST['subject'],$_POST['message'],$extra);
+				
+				//make sure they dont do anything funky with the subject header
+				$subject=cleanify($_POST['subject']);
+
+				//and strip the slashes from the message
+				$message=stripslashes($_POST['message']);
+
+				mail("$r->firstname $r->lastname <$r->email>",$subject,$message,$extra);
 				echo happy(i18n("Contact email successfully sent"));
 			}
 			else {