#122_umlaute_kontaktformular #123

Merged
muli merged 2 commits from #122_umlaute_kontaktformular into #105_kontaktformular 2022-08-21 14:27:25 +02:00

View File

@ -1,17 +1,35 @@
<?php <?php
session_start(); session_start();
function sanitize_text(string $name) { function sanitize_text(string $name, string $type) {
$text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = array(
'text' => FILTER_SANITIZE_SPECIAL_CHARS,
'email' => FILTER_SANITIZE_EMAIL,
);
$text = trim($text); $text = trim($text);
$text = filter_var($_POST[$name], $filters[$type]);
$text = stripslashes($text); $text = stripslashes($text);
$text = htmlspecialchars($text);
return $text; return $text;
} }
function prepare_message_body($message) {
// Replace HTML-Entities with actual carriage returns and line feeds
$message = str_replace("&#13;", "\r", $message);
$message = str_replace("&#10;", "\r", $message);
// Ensure line breaks via carriage return + line feed
$message = str_replace("\r\n", "\n", $message);
$message = str_replace("\n", "\r\n", $message);
$message = "Nachricht von: $name\r\n\r\n" . $message;
$message = base64_encode($message);
return $message;
}
/** /**
* Sending email (Platzhalter) * Sending email
* *
* mail(): Braucht auf dem Server einen korrekt konfigurierten Mailserver * mail(): Braucht auf dem Server einen korrekt konfigurierten Mailserver
* phpmailer: Bibliothek, der per Composer installiert wird. Tut ganz gut mit SMTP. * phpmailer: Bibliothek, der per Composer installiert wird. Tut ganz gut mit SMTP.
@ -19,12 +37,14 @@ function sanitize_text(string $name) {
function send_message_to_office($subject, $message, $name, $email) { function send_message_to_office($subject, $message, $name, $email) {
return mail( return mail(
getenv('WTF_CONTACT_TO'), getenv('WTF_CONTACT_TO'),
$subject, "=?UTF-8?B?" . base64_encode($subject) . "?=",
$name . "\r\n" . $message, prepare_message_body($message),
$additional_headers = array( $additional_headers = array(
"From" => getenv('WTF_CONTACT_FROM'), "From" => getenv('WTF_CONTACT_FROM'),
"Reply-To" => $email, "Reply-To" => $email,
"Return-Path" => getenv('WTF_RETURN_PATH'), "Return-Path" => getenv('WTF_RETURN_PATH'),
"Content-Type" => "text/plain; charset=utf-8",
"Content-Transfer-Encoding" => "base64",
), ),
); );
} }
@ -75,10 +95,10 @@ function prepare_response() {
$response['errors'][] = 'Wir glauben Sie sind ein Bot.'; $response['errors'][] = 'Wir glauben Sie sind ein Bot.';
} }
if (!array_key_exists('errors', $response)) { if (!array_key_exists('errors', $response)) {
$subject = sanitize_text('subject'); $subject = sanitize_text('subject', 'text');
$message = sanitize_text('message'); $message = sanitize_text('message', 'text');
$name = sanitize_text('name'); $name = sanitize_text('name', 'text');
$email = sanitize_text('email'); $email = sanitize_text('email', 'email');
if (!send_message_to_office($subject, $message, $name, $email)) { if (!send_message_to_office($subject, $message, $name, $email)) {
$response['errors'][] = 'Ihre Nachricht konnte nicht übermittelt werden.'; $response['errors'][] = 'Ihre Nachricht konnte nicht übermittelt werden.';