Cleanify the subject, and strip slashes from the message body

contact.php

@@ -40,7 +40,14 @@
 			if($md5email == md5($r->email)) {
 				$from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">";
 				$extra="Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n"; 
-				mail("$r->firstname $r->lastname <$r->email>",$_POST['subject'],$_POST['message'],$extra);
+				
+				//make sure they dont do anything funky with the subject header
+				$subject=cleanify($_POST['subject']);
+
+				//and strip the slashes from the message
+				$message=stripslashes($_POST['message']);
+
+				mail("$r->firstname $r->lastname <$r->email>",$subject,$message,$extra);
 				echo happy(i18n("Contact email successfully sent"));
 			}
 			else {