From: josie1one on 28 Feb 2007 09:04 The content is essentially identical to a working Contact Form but obviously I have an error somewhere. Could somebody please take a look? http://lerosmarina.gr/contact.php calls jomail.php - code, comments removed: <?php $locationroot = "Location: http://www.lerosmarina.gr/"; $toAddress = "enquiries(a)lerosmarina.gr"; $fromAddress = "From: webform(a)lerosmarina.gr"; if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } else { if (preg_match($pattern, $val)) { $suspect = true; } } } if (!isset($_REQUEST['email'])) { header( $locationroot."contact_us.php" ); } elseif (empty($surname) || empty($firstname) || empty($company) ||empty($phone) || empty($email)) { header( $locationroot."missing.php" ); } else { $suspect = false; $pattern = '/Content-Type:|Bcc:|Cc:/i'; isSuspect($_POST, $pattern, $suspect); if (!empty($_POST['email'])) { $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/'; if (!preg_match($checkEmail, $_POST['email'])) { $suspect = true; } } if (!$suspect) { $subject = "Feedback from ".$originating_site." Web Site about ".$mailsubject; $mailcontent = "Originating Site: ".$originating_site."\n"; $mailcontent .= "Mail Subject: ".$mailsubject."\n"; $mailcontent .= "Customer First Name: ".$firstname."\n"; $mailcontent .= "Customer Surname: ".$surname."\n"; $mailcontent .= "Customer EMail Address: ".$email."\n"; $mailcontent .= "Customer Telephone Number: ".$phone."\n"; $mailcontent .= "Customer Comments: ".$msgbody."\n"; $mailcontent .= "Customer referer: ".getenv('HTTP_REFERER')."\n"; $mailcontent .= "Customer address: ".getenv('REMOTE_ADDR')."\n"; $mailcontent .= "Customer host: ".getenv('REMOTE_HOST')."\n"; mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddress)); header( $locationroot."thankyou.php" ); } else { $subject = "Mail Injection Hack Attempted at ".$originating_site; $mailcontent = "Originating Site: ".$originating_site."\n"; $mailcontent .= "Customer referer: ".getenv('HTTP_REFERER')."\n"; $mailcontent .= "Customer address: ".getenv('REMOTE_ADDR')."\n"; $mailcontent .= "Customer host: ".getenv('REMOTE_HOST')."\n"; mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddress)); header( $locationroot."thankyou.php" ); } } ?><?php $locationroot = "Location: http://www.lerosmarina.gr/"; if (!isset($_REQUEST['email'])) { header( $locationroot."contact.php" ); } elseif (empty($surname) || empty($firstname) || empty($company) ||empty($phone) || empty($email)) { header( $locationroot."missing.php" ); } else { $toAddress = "enquiries(a)lerosmarina.gr"; $fromAddress = "From: webform(a)lerosmarina.gr"; $subject = "Feedback from ".$originating_site." Web Site about ".$mailsubject; $mailcontent = "Originating Site: ".$originating_site."\n"; $mailcontent .= "Mail Subject: ".$mailsubject."\n"; $mailcontent .= "Customer First Name: ".$firstname."\n"; $mailcontent .= "Customer Surname: ".$surname."\n"; $mailcontent .= "Customer EMail Address: ".$email."\n"; $mailcontent .= "Customer Telephone Number: ".$phone."\n"; $mailcontent .= "Customer Comments: ".$msgbody."\n"; $mailcontent .= "Customer referer: ".getenv('HTTP_REFERER')."\n"; $mailcontent .= "Customer address: ".getenv('REMOTE_ADDR')."\n"; $mailcontent .= "Customer host: ".getenv('REMOTE_HOST')."\n"; mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddress)); header( $locationroot."thankyou.php" ); } $suspect = false; $pattern = '/Content-Type:|Bcc:|Cc:/i'; function isSuspect($val, $pattern, &$suspect) { if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } else { if (preg_match($pattern, $val)) { $suspect = true; } } } isSuspect($_POST, $pattern, $suspect); if (!empty($_POST['email'])) { $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/'; if (!preg_match($checkEmail, $_POST['email'])) { $suspect = true; } } if (!$suspect) { } if (!$suspect) { } else { } ?>
|
Pages: 1 Prev: Sharing Violation with a .dwt file Next: LIbrary not updating pages |