Update of /cvsroot/phpwebsite-comm/modules/mailto/class
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15807/class
Modified Files:
Mailto.php
Log Message:
Fixed a particularly nasty security bug allowing your unmunged e-mail
address to be shown in "view source".
Index: Mailto.php
===================================================================
RCS file: /cvsroot/phpwebsite-comm/modules/mailto/class/Mailto.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** Mailto.php 13 Apr 2004 00:33:04 -0000 1.6
--- Mailto.php 8 Jun 2004 02:57:17 -0000 1.7
***************
*** 215,222 ****
$form->add("module", "hidden", "mailto");
$form->add("MT_OP", "hidden", "mailit");
! $form->add("MT_ADDRESS", "hidden", $this->getAddress());
! $form->add("MT_LABEL", "hidden", $this->getLabel());
! $form->add("MT_PREFIX", "hidden", $this->getPrefix());
! $form->add("MT_REFERER", "hidden" ,$this->_referer);
$tags = $form->getTemplate();
--- 215,219 ----
$form->add("module", "hidden", "mailto");
$form->add("MT_OP", "hidden", "mailit");
! $form->add("MT_ID", "hidden", $this->getID());
$tags = $form->getTemplate();
***************
*** 302,307 ****
$addedHeaders .= "X-Mail-DateTime: ".date("r");
! $toString = $_REQUEST["MT_LABEL"]." <".$_REQUEST["MT_ADDRESS"].">";
! $subjectString = stripslashes($_REQUEST["MT_PREFIX"] . " " . $_REQUEST["MT_SUBJECT"]);
$messageString = stripslashes($_REQUEST["MT_MESSAGE"]);
--- 299,310 ----
$addedHeaders .= "X-Mail-DateTime: ".date("r");
! // Do the address retrieval based on ID passed
! if(isset($_REQUEST["MT_ID"])) {
! $this->setId($_REQUEST["MT_ID"]);
! $this->init();
! }
!
! $toString = $this->getLabel()." <".$this->getAddress().">";
! $subjectString = stripslashes($this->getPrefix() . " " . $_REQUEST["MT_SUBJECT"]);
$messageString = stripslashes($_REQUEST["MT_MESSAGE"]);
***************
*** 312,321 ****
$tags = array();
! $tags["BACK"] = "<a href=".$_REQUEST["MT_REFERER"].">" .
$_SESSION["translate"]->it("Back to the page you were on") . "</a>";
$tags["TITLE"] = $_SESSION["translate"]->it("Mail Sent");
! $tags["THANKYOU"] = "Your mail has been sent to ".$_REQUEST["MT_LABEL"];
return PHPWS_Template::processTemplate($tags, "mailto", "thankyou.tpl");
--- 315,324 ----
$tags = array();
! $tags["BACK"] = "<a href=".$this->_referer.">" .
$_SESSION["translate"]->it("Back to the page you were on") . "</a>";
$tags["TITLE"] = $_SESSION["translate"]->it("Mail Sent");
! $tags["THANKYOU"] = "Your mail has been sent to ".$this->getLabel();
return PHPWS_Template::processTemplate($tags, "mailto", "thankyou.tpl");
|
