yannick.leduc/SiteWebAstrolabe
1
0
Fork 0
forked from AstrolabeCAE/SiteWebAstrolabe
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(contact-form-handler-php): capture wantedContact and sanitize it rigthly

Browse Source
This commit is contained in:
Jérémy Dufraisse 2024-03-20 12:48:36 +01:00
parent b3b5ee6377
commit 4380a086db
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/form/contact-form-handler.php
View File

@ -14,11 +14,12 @@ $domainFromMyEmail = (
) ? ''
: $myEmailSplitted[1];
$wantedContact = filter_input(INPUT_POST, 'contactTo', FILTER_VALIDATE_EMAIL);
$wantedContact = filter_input(INPUT_POST, 'contactTo', FILTER_SANITIZE_SPECIAL_CHARS);
$wantedContact = (
empty($wantedContact)
|| strpos($wantedContact, '@') !== false
|| strpos($wantedContact, '&') !== false
|| empty($domainFromMyEmail)
|| substr($wantedContact, -strlen($domainFromMyEmail)) != $domainFromMyEmail
) ? $myEmail : "$wantedContact@$domainFromMyEmail" ;
if(empty($_POST['namezzz']) || empty($_POST['emailzzz']) || empty($_POST['message'])) {