Menu
▾
▴
[phpws-comm-commits] modules/mailto/class Mailto.php,1.6,1.7
|
From: Tony M. <cl...@us...> - 2004-06-08 02:57:29
|
Update of /cvsroot/phpwebsite-comm/modules/mailto/class In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15807/class Modified Files: Mailto.php Log Message: Fixed a particularly nasty security bug allowing your unmunged e-mail address to be shown in "view source". Index: Mailto.php =================================================================== RCS file: /cvsroot/phpwebsite-comm/modules/mailto/class/Mailto.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** Mailto.php 13 Apr 2004 00:33:04 -0000 1.6 --- Mailto.php 8 Jun 2004 02:57:17 -0000 1.7 *************** *** 215,222 **** $form->add("module", "hidden", "mailto"); $form->add("MT_OP", "hidden", "mailit"); ! $form->add("MT_ADDRESS", "hidden", $this->getAddress()); ! $form->add("MT_LABEL", "hidden", $this->getLabel()); ! $form->add("MT_PREFIX", "hidden", $this->getPrefix()); ! $form->add("MT_REFERER", "hidden" ,$this->_referer); $tags = $form->getTemplate(); --- 215,219 ---- $form->add("module", "hidden", "mailto"); $form->add("MT_OP", "hidden", "mailit"); ! $form->add("MT_ID", "hidden", $this->getID()); $tags = $form->getTemplate(); *************** *** 302,307 **** $addedHeaders .= "X-Mail-DateTime: ".date("r"); ! $toString = $_REQUEST["MT_LABEL"]." <".$_REQUEST["MT_ADDRESS"].">"; ! $subjectString = stripslashes($_REQUEST["MT_PREFIX"] . " " . $_REQUEST["MT_SUBJECT"]); $messageString = stripslashes($_REQUEST["MT_MESSAGE"]); --- 299,310 ---- $addedHeaders .= "X-Mail-DateTime: ".date("r"); ! // Do the address retrieval based on ID passed ! if(isset($_REQUEST["MT_ID"])) { ! $this->setId($_REQUEST["MT_ID"]); ! $this->init(); ! } ! ! $toString = $this->getLabel()." <".$this->getAddress().">"; ! $subjectString = stripslashes($this->getPrefix() . " " . $_REQUEST["MT_SUBJECT"]); $messageString = stripslashes($_REQUEST["MT_MESSAGE"]); *************** *** 312,321 **** $tags = array(); ! $tags["BACK"] = "<a href=".$_REQUEST["MT_REFERER"].">" . $_SESSION["translate"]->it("Back to the page you were on") . "</a>"; $tags["TITLE"] = $_SESSION["translate"]->it("Mail Sent"); ! $tags["THANKYOU"] = "Your mail has been sent to ".$_REQUEST["MT_LABEL"]; return PHPWS_Template::processTemplate($tags, "mailto", "thankyou.tpl"); --- 315,324 ---- $tags = array(); ! $tags["BACK"] = "<a href=".$this->_referer.">" . $_SESSION["translate"]->it("Back to the page you were on") . "</a>"; $tags["TITLE"] = $_SESSION["translate"]->it("Mail Sent"); ! $tags["THANKYOU"] = "Your mail has been sent to ".$this->getLabel(); return PHPWS_Template::processTemplate($tags, "mailto", "thankyou.tpl"); |
