Fixed register_globals issue. Some more work to secure the contact form is needed

pull/1/head
root 15 years ago
parent f3f440ea18
commit 1f743f9e81

@ -17,6 +17,8 @@
*/ ?>
<?
include("../includes/account.php");
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
if($id == 6)
{
@ -25,11 +27,11 @@
} else if($id == 19) {
include_once("../pages/account/19.php");
exit;
} else if($oldid == 40 && $process != "" && $_POST['support'] != "yes") {
$who = stripslashes($who);
$email = stripslashes($email);
$subject = stripslashes($subject);
$message = stripslashes($message);
} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] != "yes") {
$who = stripslashes($_REQUEST['who']);
$email = stripslashes($_REQUEST['email']);
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
@ -38,11 +40,12 @@
echo _("Your message has been sent.");
showfooter();
exit;
} else if($oldid == 40 && $process != "" && $_POST['support'] == "yes") {
$who = stripslashes($who);
$email = stripslashes($email);
$subject = stripslashes($subject);
$message = stripslashes($message);
} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] == "yes") {
$who = stripslashes($_REQUEST['who']);
$email = stripslashes($_REQUEST['email']);
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;

Loading…
Cancel
Save