Fixed register_globals issue. Some more work to secure the contact form is needed
This commit is contained in:
parent
f3f440ea18
commit
1f743f9e81
1 changed files with 13 additions and 10 deletions
|
@ -17,6 +17,8 @@
|
||||||
*/ ?>
|
*/ ?>
|
||||||
<?
|
<?
|
||||||
include("../includes/account.php");
|
include("../includes/account.php");
|
||||||
|
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
|
||||||
|
$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
|
||||||
|
|
||||||
if($id == 6)
|
if($id == 6)
|
||||||
{
|
{
|
||||||
|
@ -25,11 +27,11 @@
|
||||||
} else if($id == 19) {
|
} else if($id == 19) {
|
||||||
include_once("../pages/account/19.php");
|
include_once("../pages/account/19.php");
|
||||||
exit;
|
exit;
|
||||||
} else if($oldid == 40 && $process != "" && $_POST['support'] != "yes") {
|
} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] != "yes") {
|
||||||
$who = stripslashes($who);
|
$who = stripslashes($_REQUEST['who']);
|
||||||
$email = stripslashes($email);
|
$email = stripslashes($_REQUEST['email']);
|
||||||
$subject = stripslashes($subject);
|
$subject = stripslashes($_REQUEST['subject']);
|
||||||
$message = stripslashes($message);
|
$message = stripslashes($_REQUEST['message']);
|
||||||
|
|
||||||
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
|
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
|
||||||
|
|
||||||
|
@ -38,11 +40,12 @@
|
||||||
echo _("Your message has been sent.");
|
echo _("Your message has been sent.");
|
||||||
showfooter();
|
showfooter();
|
||||||
exit;
|
exit;
|
||||||
} else if($oldid == 40 && $process != "" && $_POST['support'] == "yes") {
|
} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] == "yes") {
|
||||||
$who = stripslashes($who);
|
$who = stripslashes($_REQUEST['who']);
|
||||||
$email = stripslashes($email);
|
$email = stripslashes($_REQUEST['email']);
|
||||||
$subject = stripslashes($subject);
|
$subject = stripslashes($_REQUEST['subject']);
|
||||||
$message = stripslashes($message);
|
$message = stripslashes($_REQUEST['message']);
|
||||||
|
|
||||||
|
|
||||||
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
|
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue