1.1 --- a/public_html/profiles.php Sun Oct 04 10:08:27 2009 +0200
1.2 +++ b/public_html/profiles.php Sun Oct 04 11:10:08 2009 +0200
1.3 @@ -81,7 +81,7 @@
1.4 }
1.5
1.6 if (!empty($author) && !empty($subject) && !empty($message)) {
1.7 - if (COM_isemail($authoremail)) {
1.8 + if (COM_isemail($authoremail) && (strpos($authoremail, '@') === false)) {
1.9 $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = $uid");
1.10 $A = DB_fetchArray($result);
1.11
1.12 @@ -530,36 +530,45 @@
1.13 break;
1.14
1.15 case 'sendstory':
1.16 - $sid = COM_applyFilter ($_POST['sid']);
1.17 - if (empty ($sid)) {
1.18 - $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1.19 + $sid = COM_applyFilter($_POST['sid']);
1.20 + if (empty($sid)) {
1.21 + $display = COM_refresh($_CONF['site_url'] . '/index.php');
1.22 } else {
1.23 - if (empty ($_POST['toemail']) || empty ($_POST['fromemail'])
1.24 - || !COM_isEmail ($_POST['toemail'])
1.25 - || !COM_isEmail ($_POST['fromemail'])) {
1.26 + if (empty($_POST['toemail']) || empty($_POST['fromemail']) ||
1.27 + !COM_isEmail($_POST['toemail']) ||
1.28 + !COM_isEmail($_POST['fromemail']) ||
1.29 + (strpos($_POST['to'], '@') !== false) ||
1.30 + (strpos($_POST['from'], '@') !== false)) {
1.31 + $display .= COM_siteHeader('menu', $LANG08[17])
1.32 + . mailstoryform ($sid, COM_applyFilter($_POST['to']),
1.33 + COM_applyFilter($_POST['toemail']),
1.34 + COM_applyFilter($_POST['from']),
1.35 + COM_applyFilter($_POST['fromemail']),
1.36 + $_POST['shortmsg'], 52)
1.37 + . COM_siteFooter();
1.38 + } else if (empty($_POST['to']) || empty($_POST['from']) ||
1.39 + empty($_POST['shortmsg'])) {
1.40 $display .= COM_siteHeader ('menu', $LANG08[17])
1.41 - . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
1.42 - COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
1.43 - $_POST['shortmsg'], 52)
1.44 - . COM_siteFooter ();
1.45 - } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
1.46 - empty ($_POST['shortmsg'])) {
1.47 - $display .= COM_siteHeader ('menu', $LANG08[17])
1.48 - . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
1.49 - COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
1.50 - $_POST['shortmsg'])
1.51 - . COM_siteFooter ();
1.52 + . COM_showMessageText($LANG08[22])
1.53 + . mailstoryform($sid, COM_applyFilter($_POST['to']),
1.54 + COM_applyFilter($_POST['toemail']),
1.55 + COM_applyFilter($_POST['from']),
1.56 + COM_applyFilter($_POST['fromemail']),
1.57 + $_POST['shortmsg'])
1.58 + . COM_siteFooter();
1.59 } else {
1.60 - $msg = PLG_itemPreSave ('emailstory', $_POST['shortmsg']);
1.61 - if (!empty ($msg)) {
1.62 - $display .= COM_siteHeader ('menu', '')
1.63 - . COM_errorLog ($msg, 2)
1.64 - . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
1.65 - COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
1.66 - $_POST['shortmsg'])
1.67 - . COM_siteFooter ();
1.68 + $msg = PLG_itemPreSave('emailstory', $_POST['shortmsg']);
1.69 + if (!empty($msg)) {
1.70 + $display .= COM_siteHeader('menu', $LANG08[17])
1.71 + . COM_errorLog($msg, 2)
1.72 + . mailstoryform($sid, COM_applyFilter($_POST['to']),
1.73 + COM_applyFilter($_POST['toemail']),
1.74 + COM_applyFilter($_POST['from']),
1.75 + COM_applyFilter($_POST['fromemail']),
1.76 + $_POST['shortmsg'])
1.77 + . COM_siteFooter();
1.78 } else {
1.79 - $display .= mailstory ($sid, $_POST['to'], $_POST['toemail'],
1.80 + $display .= mailstory($sid, $_POST['to'], $_POST['toemail'],
1.81 $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']);
1.82 }
1.83 }