Titre du sujet : Re: [Pages] - Sécurité de la page Recommandez-nous par DuGris sur 22/06/2007 13:46:22
Pour le block systeme : "Infos du site"
case "friend":
if ( !$GLOBALS['xoopsSecurity']->check() || !isset($_POST['op']) || $_POST['op'] == "sendform") {
[color=CC0000][b]
// Hack SecurityImage by DuGris
include_once(XOOPS_ROOT_PATH . "/class/xoopsformloader.php");
if ( defined('SECURITYIMAGE_INCLUDED') ) {
$security_image = new SecurityImage( _SECURITYIMAGE_GETCODE );
}
// Hack SecurityImage by DuGris
[/b][/color]
if ( $xoopsUser ) {
$yname = $xoopsUser->getVar("uname", 'e');
$ymail = $xoopsUser->getVar("email", 'e');
$fname = "";
$fmail = "";
} else {
$yname = "";
$ymail = "";
$fname = "";
$fmail = "";
}
printCheckForm();
echo '</head><body>';
echo "<div class='errorMsg'>".implode('<br />', $GLOBALS['xoopsSecurity']->getErrors())."</div>";
echo '
<form action="'.XOOPS_URL.'/misc.php" method="post" onsubmit="return checkForm();"><table width="100%" class="outer" cellspacing="1"><tr><th colspan="2">'._MSC_RECOMMENDSITE.'</th></tr>';
echo "<tr><td class='head'>
<input type='hidden' name='op' value='sendsite' />
<input type='hidden' name='action' value='showpopups' />
<input type='hidden' name='type' value='friend' />n";
[color=CC0000][b]
echo _MSC_YOURNAMEC."</td><td class='even'><input type='text' name='yname' value='$yname' id='yname' /></td></tr>
<tr><td class='head'>"._MSC_YOUREMAILC."</td><td class='odd'><input type='text' name='ymail' value='".$ymail."' id='ymail' /></td></tr>
<tr><td class='head'>"._MSC_FRIENDNAMEC."</td><td class='even'><input type='text' name='fname' value='$fname' id='fname' /></td></tr>
<tr><td class='head'>"._MSC_FRIENDEMAILC."</td><td class='odd'><input type='text' name='fmail' value='$fmail' id='fmail' /></td></tr>";
// Hack SecurityImage by DuGris
if ( defined('SECURITYIMAGE_INCLUDED') && $security_image->render()) {
echo "<tr><td class='head'>" . _SECURITYIMAGE_CODE . "</td><td class='odd'>" . $security_image->render() . "</td></tr>";
}
// Hack SecurityImage by DuGris
echo "<tr><td class='head'> </td><td class='even'><input type='submit' value='"._SEND."' /> <input value='"._CLOSE."' type='button' onclick='javascript:window.close();' />".$GLOBALS['xoopsSecurity']->getTokenHTML()."</td></tr></table></form>n";
[/b][/color]
$closebutton = 0;
} elseif ($_POST['op'] == "sendsite") {
[color=CC0000][b]
// Hack SecurityImage by DuGris
include_once(XOOPS_ROOT_PATH . "/class/xoopsformloader.php");
if ( defined('SECURITYIMAGE_INCLUDED') && !SecurityImage::CheckSecurityImage() ) {
redirect_header( 'javascript:history.go(-1)' , 1, _SECURITYIMAGE_ERROR ) ;
}
// Hack SecurityImage by DuGris
[/b][/color]
$myts =& MyTextsanitizer::getInstance();
if ( $xoopsUser ) {
$ymail = $xoopsUser->getVar("email");
} else {
$ymail = isset($_POST['ymail']) ? $myts->stripSlashesGPC(trim($_POST['ymail'])) : '';
}
if ( !isset($_POST['yname']) || trim($_POST['yname']) == "" || $ymail == '' || !isset($_POST['fname']) || trim($_POST['fname']) == "" || !isset($_POST['fmail']) || trim($_POST['fmail']) == '' ) {
redirect_header(XOOPS_URL."/misc.php?action=showpopups&type=friend&op=sendform",2,_MSC_NEEDINFO);
exit();
}
$yname = $myts->stripSlashesGPC(trim($_POST['yname']));
$fname = $myts->stripSlashesGPC(trim($_POST['fname']));
$fmail = $myts->stripSlashesGPC(trim($_POST['fmail']));
if (!checkEmail($fmail) || !checkEmail($ymail) || preg_match( "/[\0-\31]/", $yname ) ) {
$errormessage = _MSC_INVALIDEMAIL1."<br />"._MSC_INVALIDEMAIL2."";
redirect_header(XOOPS_URL."/misc.php?action=showpopups&type=friend&op=sendform",2,$errormessage);
exit();
}
$xoopsMailer =& getMailer();
$xoopsMailer->setTemplate("tellfriend.tpl");
$xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
$xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
$xoopsMailer->assign("SITEURL", XOOPS_URL."/");
$xoopsMailer->assign("YOUR_NAME", $yname);
$xoopsMailer->assign("FRIEND_NAME", $fname);
$xoopsMailer->setToEmails($fmail);
$xoopsMailer->setFromEmail($ymail);
$xoopsMailer->setFromName($yname);
$xoopsMailer->setSubject(sprintf(_MSC_INTSITE,$xoopsConfig['sitename']));
//OpenTable();
if ( !$xoopsMailer->send() ) {
echo $xoopsMailer->getErrors();
} else {
echo "<div><h4>"._MSC_REFERENCESENT."</h4></div>";
}
//CloseTable();
}
break;
Concernant le module page, je regarderai plus tard, si vous ne trouvez pas la solution !!!
|