Cleanify the subject, and strip slashes from the message body

This commit is contained in:
james 2008-03-03 20:12:59 +00:00
parent 2d052c056f
commit a7dad33da3

View File

@ -40,7 +40,14 @@
if($md5email == md5($r->email)) { if($md5email == md5($r->email)) {
$from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">"; $from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">";
$extra="Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n"; $extra="Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n";
mail("$r->firstname $r->lastname <$r->email>",$_POST['subject'],$_POST['message'],$extra);
//make sure they dont do anything funky with the subject header
$subject=cleanify($_POST['subject']);
//and strip the slashes from the message
$message=stripslashes($_POST['message']);
mail("$r->firstname $r->lastname <$r->email>",$subject,$message,$extra);
echo happy(i18n("Contact email successfully sent")); echo happy(i18n("Contact email successfully sent"));
} }
else { else {