fix(contact-form-handler-php): capture wantedContact and sanitize it rigthly

This commit is contained in:
Jérémy Dufraisse 2024-03-20 12:48:36 +01:00
parent b3b5ee6377
commit 4380a086db

View File

@ -14,11 +14,12 @@ $domainFromMyEmail = (
) ? ''
: $myEmailSplitted[1];
$wantedContact = filter_input(INPUT_POST, 'contactTo', FILTER_VALIDATE_EMAIL);
$wantedContact = filter_input(INPUT_POST, 'contactTo', FILTER_SANITIZE_SPECIAL_CHARS);
$wantedContact = (
empty($wantedContact)
|| strpos($wantedContact, '@') !== false
|| strpos($wantedContact, '&') !== false
|| empty($domainFromMyEmail)
|| substr($wantedContact, -strlen($domainFromMyEmail)) != $domainFromMyEmail
) ? $myEmail : "$wantedContact@$domainFromMyEmail" ;
if(empty($_POST['namezzz']) || empty($_POST['emailzzz']) || empty($_POST['message'])) {