vv01f/wtf-webseite
0
0
Fork 0
forked from ag_kommunikation/webseite
Code Issues Pull Requests Projects Releases Wiki Activity

fix: Fix sanitation to not break Umlauts and use specific email filter.

Browse Source
This commit is contained in:
muli 2022-08-21 14:14:32 +02:00
parent b65755de8d
commit 4e7b22fde6
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
assets/php/contact_form.php
View File

@ -1,11 +1,14 @@
<?php <?php
session_start(); session_start();
function sanitize_text(string $name) { function sanitize_text(string $name, string $type) {
$text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = array(
'text' => FILTER_SANITIZE_SPECIAL_CHARS,
'email' => FILTER_SANITIZE_EMAIL,
);
$text = trim($text); $text = trim($text);
$text = filter_var($_POST[$name], $filters[$type]);
$text = stripslashes($text); $text = stripslashes($text);
$text = htmlspecialchars($text);
return $text; return $text;
} }
@ -75,10 +78,10 @@ function prepare_response() {
$response['errors'][] = 'Wir glauben Sie sind ein Bot.'; $response['errors'][] = 'Wir glauben Sie sind ein Bot.';
} }
if (!array_key_exists('errors', $response)) { if (!array_key_exists('errors', $response)) {
$subject = sanitize_text('subject'); $subject = sanitize_text('subject', 'text');
$message = sanitize_text('message'); $message = sanitize_text('message', 'text');
$name = sanitize_text('name'); $name = sanitize_text('name', 'text');
$email = sanitize_text('email'); $email = sanitize_text('email', 'email');
if (!send_message_to_office($subject, $message, $name, $email)) { if (!send_message_to_office($subject, $message, $name, $email)) {
$response['errors'][] = 'Ihre Nachricht konnte nicht übermittelt werden.'; $response['errors'][] = 'Ihre Nachricht konnte nicht übermittelt werden.';