Additional checks in "Mail Story to a Friend" and "Send mail to user" dialogs to make sure users don't enter email addresses into the name fields (bug #0000992)
1.1 --- a/language/english.php Sun Oct 04 10:08:27 2009 +0200
1.2 +++ b/language/english.php Sun Oct 04 11:10:08 2009 +0200
1.3 @@ -419,8 +419,8 @@
1.4 $LANG08 = array(
1.5 1 => 'There was an error sending your message. Please try again.',
1.6 2 => 'Message sent successfully.',
1.7 - 3 => 'Please make sure you use a valid email address in the Reply To field.',
1.8 - 4 => 'Please fill in the Your Name, Reply To, Subject and Message fields',
1.9 + 3 => 'Please make sure you use a valid email address in the Your Email Address field.',
1.10 + 4 => 'Please fill in the Your Name, Your Email Address, Subject and Message fields',
1.11 5 => 'Error: No such user.',
1.12 6 => 'There was an error.',
1.13 7 => 'User Profile for',
2.1 --- a/language/english_utf-8.php Sun Oct 04 10:08:27 2009 +0200
2.2 +++ b/language/english_utf-8.php Sun Oct 04 11:10:08 2009 +0200
2.3 @@ -419,8 +419,8 @@
2.4 $LANG08 = array(
2.5 1 => 'There was an error sending your message. Please try again.',
2.6 2 => 'Message sent successfully.',
2.7 - 3 => 'Please make sure you use a valid email address in the Reply To field.',
2.8 - 4 => 'Please fill in the Your Name, Reply To, Subject and Message fields',
2.9 + 3 => 'Please make sure you use a valid email address in the Your Email Address field.',
2.10 + 4 => 'Please fill in the Your Name, Your Email Address, Subject and Message fields',
2.11 5 => 'Error: No such user.',
2.12 6 => 'There was an error.',
2.13 7 => 'User Profile for',
3.1 --- a/public_html/docs/history Sun Oct 04 10:08:27 2009 +0200
3.2 +++ b/public_html/docs/history Sun Oct 04 11:10:08 2009 +0200
3.3 @@ -3,6 +3,9 @@
3.4 Oct ??, 2009 (1.6.1)
3.5 ------------
3.6
3.7 +- Additional checks in "Mail Story to a Friend" and "Send mail to user" dialogs
3.8 + to make sure users don't enter email addresses into the name fields (bug
3.9 + #0000992) [Dirk]
3.10 - Added an option to send a copy to self to the "Mail Story to a Friend" dialog
3.11 and made the look of this and the "Send mail to user" dialogs more consistent
3.12 [Dirk]
4.1 --- a/public_html/profiles.php Sun Oct 04 10:08:27 2009 +0200
4.2 +++ b/public_html/profiles.php Sun Oct 04 11:10:08 2009 +0200
4.3 @@ -81,7 +81,7 @@
4.4 }
4.5
4.6 if (!empty($author) && !empty($subject) && !empty($message)) {
4.7 - if (COM_isemail($authoremail)) {
4.8 + if (COM_isemail($authoremail) && (strpos($authoremail, '@') === false)) {
4.9 $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = $uid");
4.10 $A = DB_fetchArray($result);
4.11
4.12 @@ -530,36 +530,45 @@
4.13 break;
4.14
4.15 case 'sendstory':
4.16 - $sid = COM_applyFilter ($_POST['sid']);
4.17 - if (empty ($sid)) {
4.18 - $display = COM_refresh ($_CONF['site_url'] . '/index.php');
4.19 + $sid = COM_applyFilter($_POST['sid']);
4.20 + if (empty($sid)) {
4.21 + $display = COM_refresh($_CONF['site_url'] . '/index.php');
4.22 } else {
4.23 - if (empty ($_POST['toemail']) || empty ($_POST['fromemail'])
4.24 - || !COM_isEmail ($_POST['toemail'])
4.25 - || !COM_isEmail ($_POST['fromemail'])) {
4.26 + if (empty($_POST['toemail']) || empty($_POST['fromemail']) ||
4.27 + !COM_isEmail($_POST['toemail']) ||
4.28 + !COM_isEmail($_POST['fromemail']) ||
4.29 + (strpos($_POST['to'], '@') !== false) ||
4.30 + (strpos($_POST['from'], '@') !== false)) {
4.31 + $display .= COM_siteHeader('menu', $LANG08[17])
4.32 + . mailstoryform ($sid, COM_applyFilter($_POST['to']),
4.33 + COM_applyFilter($_POST['toemail']),
4.34 + COM_applyFilter($_POST['from']),
4.35 + COM_applyFilter($_POST['fromemail']),
4.36 + $_POST['shortmsg'], 52)
4.37 + . COM_siteFooter();
4.38 + } else if (empty($_POST['to']) || empty($_POST['from']) ||
4.39 + empty($_POST['shortmsg'])) {
4.40 $display .= COM_siteHeader ('menu', $LANG08[17])
4.41 - . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
4.42 - COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
4.43 - $_POST['shortmsg'], 52)
4.44 - . COM_siteFooter ();
4.45 - } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
4.46 - empty ($_POST['shortmsg'])) {
4.47 - $display .= COM_siteHeader ('menu', $LANG08[17])
4.48 - . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
4.49 - COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
4.50 - $_POST['shortmsg'])
4.51 - . COM_siteFooter ();
4.52 + . COM_showMessageText($LANG08[22])
4.53 + . mailstoryform($sid, COM_applyFilter($_POST['to']),
4.54 + COM_applyFilter($_POST['toemail']),
4.55 + COM_applyFilter($_POST['from']),
4.56 + COM_applyFilter($_POST['fromemail']),
4.57 + $_POST['shortmsg'])
4.58 + . COM_siteFooter();
4.59 } else {
4.60 - $msg = PLG_itemPreSave ('emailstory', $_POST['shortmsg']);
4.61 - if (!empty ($msg)) {
4.62 - $display .= COM_siteHeader ('menu', '')
4.63 - . COM_errorLog ($msg, 2)
4.64 - . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
4.65 - COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
4.66 - $_POST['shortmsg'])
4.67 - . COM_siteFooter ();
4.68 + $msg = PLG_itemPreSave('emailstory', $_POST['shortmsg']);
4.69 + if (!empty($msg)) {
4.70 + $display .= COM_siteHeader('menu', $LANG08[17])
4.71 + . COM_errorLog($msg, 2)
4.72 + . mailstoryform($sid, COM_applyFilter($_POST['to']),
4.73 + COM_applyFilter($_POST['toemail']),
4.74 + COM_applyFilter($_POST['from']),
4.75 + COM_applyFilter($_POST['fromemail']),
4.76 + $_POST['shortmsg'])
4.77 + . COM_siteFooter();
4.78 } else {
4.79 - $display .= mailstory ($sid, $_POST['to'], $_POST['toemail'],
4.80 + $display .= mailstory($sid, $_POST['to'], $_POST['toemail'],
4.81 $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']);
4.82 }
4.83 }