Revision 40
Added by stefan about 20 years ago
| view.php | ||
|---|---|---|
| 113 | 113 |
$query_settings = $database->query("SELECT header,field_loop,footer FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 114 | 114 |
if($query_settings->numRows() > 0) {
|
| 115 | 115 |
$fetch_settings = $query_settings->fetchRow(); |
| 116 |
$header = $this->stripslashes($fetch_settings['header']); |
|
| 117 |
$field_loop = $this->stripslashes($fetch_settings['field_loop']); |
|
| 118 |
$footer = $this->stripslashes($fetch_settings['footer']); |
|
| 116 |
$header = $this->strip_slashes($fetch_settings['header']);
|
|
| 117 |
$field_loop = $this->strip_slashes($fetch_settings['field_loop']);
|
|
| 118 |
$footer = $this->strip_slashes($fetch_settings['footer']);
|
|
| 119 | 119 |
} else {
|
| 120 | 120 |
$header = ''; |
| 121 | 121 |
$field_loop = ''; |
| ... | ... | |
| 136 | 136 |
while($field = $query_fields->fetchRow()) {
|
| 137 | 137 |
// Set field values |
| 138 | 138 |
$field_id = $field['field_id']; |
| 139 |
$value = $this->stripslashes($field['value']); |
|
| 139 |
$value = $this->strip_slashes($field['value']);
|
|
| 140 | 140 |
// Print field_loop after replacing vars with values |
| 141 | 141 |
$vars = array('{TITLE}', '{REQUIRED}');
|
| 142 | 142 |
$values = array($field['title']); |
| ... | ... | |
| 198 | 198 |
$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| 199 | 199 |
if($query_settings->numRows() > 0) {
|
| 200 | 200 |
$fetch_settings = $query_settings->fetchRow(); |
| 201 |
$email_to = $this->stripslashes($fetch_settings['email_to']); |
|
| 202 |
$email_from = $this->stripslashes($fetch_settings['email_from']); |
|
| 201 |
$email_to = $this->strip_slashes($fetch_settings['email_to']);
|
|
| 202 |
$email_from = $this->strip_slashes($fetch_settings['email_from']);
|
|
| 203 | 203 |
if(substr($email_from, 0, 5) == 'field') {
|
| 204 | 204 |
// Set the email from field to what the user entered in the specified field |
| 205 |
$email_from = addslashes($_POST[$email_from]);
|
|
| 205 |
$email_from = $this->add_slashes($_POST[$email_from]);
|
|
| 206 | 206 |
} |
| 207 |
$email_subject = $this->stripslashes($fetch_settings['email_subject']); |
|
| 208 |
$success_message = $this->stripslashes($fetch_settings['success_message']); |
|
| 209 |
$max_submissions = $this->stripslashes($fetch_settings['max_submissions']); |
|
| 210 |
$stored_submissions = $this->stripslashes($fetch_settings['stored_submissions']); |
|
| 207 |
$email_subject = $this->strip_slashes($fetch_settings['email_subject']);
|
|
| 208 |
$success_message = $this->strip_slashes($fetch_settings['success_message']);
|
|
| 209 |
$max_submissions = $this->strip_slashes($fetch_settings['max_submissions']);
|
|
| 210 |
$stored_submissions = $this->strip_slashes($fetch_settings['stored_submissions']);
|
|
| 211 | 211 |
} else {
|
| 212 | 212 |
exit($TEXT['UNDER_CONSTRUCTION']); |
| 213 | 213 |
} |
| ... | ... | |
| 231 | 231 |
} elseif (!is_array($_POST['field'.$field['field_id']])) {
|
| 232 | 232 |
$email_body .= ' |
| 233 | 233 |
|
| 234 |
'.$this->stripslashes($field['title']).': '.$_POST['field'.$field['field_id']].'\n';
|
|
| 234 |
'.$this->strip_slashes($field['title']).': '.$_POST['field'.$field['field_id']]."\n";
|
|
| 235 | 235 |
} else {
|
| 236 | 236 |
$email_body .= ' |
| 237 | 237 |
|
| 238 |
'.$this->stripslashes($field['title']).': \n';
|
|
| 238 |
'.$this->strip_slashes($field['title']).": \n";
|
|
| 239 | 239 |
foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
|
| 240 | 240 |
$email_body .= ' |
| 241 | 241 |
|
| ... | ... | |
| 243 | 243 |
} |
| 244 | 244 |
} |
| 245 | 245 |
} elseif($field['required'] == 1) {
|
| 246 |
$required[] = $this->stripslashes($field['title']); |
|
| 246 |
$required[] = $this->strip_slashes($field['title']);
|
|
| 247 | 247 |
} |
| 248 | 248 |
} |
| 249 | 249 |
} |
| 250 | 250 |
} |
| 251 | 251 |
|
| 252 |
// Addslashes to email body |
|
| 253 |
$email_body = addslashes($email_body);
|
|
| 252 |
// Addslashes to email body - proposed by Icheb in topic=1170.0
|
|
| 253 |
// $email_body = $this->add_slashes($email_body);
|
|
| 254 | 254 |
|
| 255 | 255 |
// Check if the user forgot to enter values into all the required fields |
| 256 | 256 |
if($required != array()) {
|
| ... | ... | |
| 288 | 288 |
} else {
|
| 289 | 289 |
$submitted_by = 0; |
| 290 | 290 |
} |
| 291 |
$email_body = $this->add_slashes($email_body); |
|
| 291 | 292 |
$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".mktime()."','$submitted_by','$email_body')");
|
| 292 | 293 |
// Make sure submissions table isn't too full |
| 293 | 294 |
$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
|
Also available in: Unified diff
Change addslashes,stripslashes to (wb class) method calls add_slashes,strip_slashes