[Fusionforge-commits] FusionForge branch master updated. db7cb5ce63c377cf3923b0062eb675f7b592214b

Franck VILLAUME nerville at fusionforge.org
Tue Nov 26 00:29:39 CET 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  db7cb5ce63c377cf3923b0062eb675f7b592214b (commit)
      from  c0c7e16b3fde601aef84a8644af2d1b72e70e3eb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit db7cb5ce63c377cf3923b0062eb675f7b592214b
Author: Franck Villaume <franck.villaume at trivialdev.com>
Date:   Tue Nov 26 00:28:57 2013 +0100

    bug [#608]: add real support for phpcaptcha plugin, fix Staff -> Contact, enhance input when user logged, fill value in case of wrong captcha

diff --git a/src/www/sendmessage.php b/src/www/sendmessage.php
index f1065ea..00900e0 100644
--- a/src/www/sendmessage.php
+++ b/src/www/sendmessage.php
@@ -55,47 +55,56 @@ if (getStringFromRequest('send_mail')) {
 		exit_form_double_submit('home');
 	}
 
+	$valide = 1;
+	if (!session_loggedin()) {
+		$params['valide'] =& $valide;
+		$params['warning_msg'] =& $warning_msg;
+		plugin_hook('captcha_check', $params);
+	}
+
 	$subject = getStringFromRequest('subject');
 	$body = getStringFromRequest('body');
 	$name = getStringFromRequest('name');
 	$email = getStringFromRequest('email');
 
-	if (!$subject || !$body || !$name || !$email) {
-		/*
-			force them to enter all vars
-		*/
-		form_release_key(getStringFromRequest('form_key'));
-		exit_missing_param('', array(_('Subject'), _('Body'), _('Name'), _('Email')), 'home');
-	}
-
-	// we remove the CRLF in all thoses vars. This is to make sure that there will be no CRLF Injection
-	$name = util_remove_CRLF($name);
-	// Really don't see what wrong could happen with CRLF in message body
-	//$email = util_remove_CRLF($email);
-	$subject = util_remove_CRLF($subject);
-
-	if ($toaddress) {
-		/*
-			send it to the toaddress
-		*/
-		$to = preg_replace('/_maillink_/i', '@', $toaddress);
-		$to = util_remove_CRLF($to);
-		util_send_message($to, $subject, $body, $email, '', $name);
-		$HTML->header(array('title' => forge_get_config('forge_name').' ' ._('Contact')));
-		echo '<p>'._('Message has been sent').'.</p>';
-		$HTML->footer(array());
-		exit;
-	} elseif ($touser) {
-		/*
-			figure out the user's email and send it there
-		*/
-		$to = db_result($result,0,'email');
-		$to = util_remove_CRLF($to);
-		util_send_message($to, $subject, $body, $email, '', $name);
-		$HTML->header(array('title' => forge_get_config('forge_name').' '._('Contact')));
-		echo '<p>'._('Message has been sent').'</p>';
-		$HTML->footer(array());
-		exit;
+	if ($valide) {
+		if (!$subject || !$body || !$name || !$email) {
+			/*
+				force them to enter all vars
+			*/
+			form_release_key(getStringFromRequest('form_key'));
+			exit_missing_param('', array(_('Subject'), _('Body'), _('Name'), _('Email')), 'home');
+		}
+
+		// we remove the CRLF in all thoses vars. This is to make sure that there will be no CRLF Injection
+		$name = util_remove_CRLF($name);
+		// Really don't see what wrong could happen with CRLF in message body
+		//$email = util_remove_CRLF($email);
+		$subject = util_remove_CRLF($subject);
+
+		if ($toaddress) {
+			/*
+				send it to the toaddress
+			*/
+			$to = preg_replace('/_maillink_/i', '@', $toaddress);
+			$to = util_remove_CRLF($to);
+			util_send_message($to, $subject, $body, $email, '', $name);
+			$HTML->header(array('title' => forge_get_config('forge_name').' ' ._('Contact')));
+			echo '<p>'._('Message has been sent').'.</p>';
+			$HTML->footer(array());
+			exit;
+		} elseif ($touser) {
+			/*
+				figure out the user's email and send it there
+			*/
+			$to = db_result($result,0,'email');
+			$to = util_remove_CRLF($to);
+			util_send_message($to, $subject, $body, $email, '', $name);
+			$HTML->header(array('title' => forge_get_config('forge_name').' '._('Contact')));
+			echo '<p>'._('Message has been sent').'</p>';
+			$HTML->footer(array());
+			exit;
+		}
 	}
 }
 
@@ -111,13 +120,15 @@ if (session_loggedin()) {
 	$email = $user->getEmail();
 	$is_logged = true;
 } else {
-	$name  = '';
-	$email = '';
 	$is_logged = false;
+	if (!isset($valide)) {
+		$name  = '';
+		$email = '';
+	}
 }
-$subject = getStringFromRequest('subject');
 
-$HTML->header(array('title'=>forge_get_config ('forge_name').' Staff'));
+$subject = getStringFromRequest('subject');
+$HTML->header(array('title' => forge_get_config('forge_name').' '._('Contact')));
 
 ?>
 
@@ -141,11 +152,25 @@ $HTML->header(array('title'=>forge_get_config ('forge_name').' Staff'));
 <input type="hidden" name="touser" value="<?php echo $touser; ?>" />
 
 <strong><?php echo _('Your Name').utils_requiredField()._(':'); ?></strong><br />
-<input type="text" required="required" name="name" size="40" maxlength="40" value="<?php echo $name ?>" />
+<?php
+if ($is_logged) {
+	echo '<input type="hidden" name="name" value="'.$name.'" />';
+	echo '<input type="text" disabled="disabled" size="'.strlen($name).'" value="'.$name.'" />';
+} else {
+	echo '<input type="text" required="required" name="name" size="40" maxlength="40" value="'.$name.'" />';
+}
+?>
 </p>
 <p>
 <strong><?php echo _('Your Email Address').utils_requiredField()._(':'); ?></strong><br />
-<input type="email" required="required" name="email" size="40" maxlength="255" value="<?php echo $email ?>" />
+<?php
+if ($is_logged) {
+	echo '<input type="hidden" name="email" value="'.$email.'" />';
+	echo '<input type="text" disabled="disabled" size="'.strlen($email).'" value="'.$email.'" />';
+} else {
+	echo '<input type="email" required="required" name="email" size="40" maxlength="255" value="'.$email.'" />';
+}
+?>
 </p>
 <p>
 <strong><?php echo _('Subject').utils_requiredField()._(':'); ?></strong><br />
@@ -153,7 +178,13 @@ $HTML->header(array('title'=>forge_get_config ('forge_name').' Staff'));
 </p>
 <p>
 <strong><?php echo _('Message').utils_requiredField()._(':'); ?></strong><br />
-<textarea name="body" required="required" rows="15" cols="60"></textarea>
+<textarea name="body" required="required" rows="15" cols="60" >
+<?php
+if (isset($body)) {
+	echo $body;
+}
+?>
+</textarea>
 </p>
 <?php
 if (!$is_logged) {

-----------------------------------------------------------------------

Summary of changes:
 src/www/sendmessage.php |  117 ++++++++++++++++++++++++++++++-----------------
 1 file changed, 74 insertions(+), 43 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list