function SendResults($a_fld_order, $a_clean_fields, $s_to, $s_cc, $s_bcc, $a_raw_fields) { global $SPECIAL_VALUES, $aFileVars, $FILE_REPOSITORY, $FIXED_SENDER; // // check for a filter and how to use it // $b_filter_attach = false; $a_attach_spec = array(); $s_filter = ""; $a_filter_list = array(); if ($b_got_filter = GetFilterSpec($s_filter, $a_filter_list)) { if ($a_filter_list === false) { // // not a limited filter, so filter all fields // $b_limited_filter = false; $a_filter_list = array(); } else { $b_limited_filter = true; } FMDebug("SendResults: got filter '{$s_filter}', limited={$b_limited_filter}"); $s_filter_attach_name = GetFilterOption("Attach"); if (isset($s_filter_attach_name)) { if (!is_string($s_filter_attach_name) || empty($s_filter_attach_name)) { SendAlert(GetMessage(MSG_ATTACH_NAME)); } else { $b_filter_attach = true; $a_attach_spec = array("Name" => $s_filter_attach_name); if (($s_mime = GetFilterAttrib($s_filter, "MIME")) !== false) { $a_attach_spec["MIME"] = $s_mime; } // // Regarding the character set... // A filter will not generally change the character set // of the message, however, if it does, then we // provide that information to the MIME encoder. // Remember: this character set specification refers // to the data *after* the effect of the filter // has been reversed (e.g. an encrypted message // in UTF-8 is in UTF-8 when it is decrypted). // if (($s_cset = GetFilterAttrib($s_filter, "CharSet")) !== false) { $a_attach_spec["CharSet"] = $s_cset; } } } } // // check the need for MIME formatted mail // $b_mime_mail = IsMailOptionSet("HTMLTemplate") || count($aFileVars) > 0 || $b_filter_attach; // // create the email header lines - CC, BCC, From, and Reply-To // $a_headers = array(); if (!empty($s_cc)) { $a_headers['Cc'] = SafeHeader($s_cc); } if (!empty($SPECIAL_VALUES["replyto"])) { // // expand replyto list // CheckEmailAddress($SPECIAL_VALUES["replyto"], $s_list, $s_invalid, false); if (!empty($s_list)) { $a_headers['Reply-To'] = SafeHeader($s_list); } } // // note that BCC is documented to not work prior to PHP 4.3 // if (!empty($s_bcc)) { global $aPHPVERSION; if ($aPHPVERSION[0] < 4 || $aPHPVERSION[0] == 4 && $aPHPVERSION[1] < 3) { SendAlert(GetMessage(MSG_PHP_BCC, array("PHPVERS" => implode(".", $aPHPVERSION)))); } $a_headers['Bcc'] = SafeHeader($s_bcc); } // // create the From address // // Some servers won't let you set the email address to the // submitter of the form. Therefore, use FromAddr if it's been // specified to set the sender and the "From" address. // $s_sender = GetMailOption("FromAddr"); if (!isset($s_sender)) { $s_sender = ""; if (!empty($SPECIAL_VALUES["email"])) { $a_headers['From'] = MakeFromLine($SPECIAL_VALUES["email"], $SPECIAL_VALUES["realname"]); } } elseif ($s_sender !== "") { $s_sender = $a_headers['From'] = SafeHeader(UnMangle($s_sender)); } /* * Override sender if $FIXED_SENDER is set. */ if ($FIXED_SENDER !== "") { $s_sender = $FIXED_SENDER; } if ($s_sender === "") { if (SET_SENDER_FROM_EMAIL) { $s_sender = $SPECIAL_VALUES["email"]; } } // // special case: if there is only one non-special string value, then // format it as an email (unless an option says not to) // $a_keys = array_keys($a_raw_fields); if (count($a_keys) == 1 && is_string($a_raw_fields[$a_keys[0]]) && !IsMailOptionSet("AlwaysList") && !IsMailOptionSet("DupHeader")) { if (IsMailExcluded($a_keys[0])) { SendAlert("Exclusion of single field '" . $a_keys[0] . "' ignored"); } $s_value = $a_raw_fields[$a_keys[0]]; // // replace carriage return/linefeeds with <br> // $s_value = str_replace("\r\n", '<br />', $s_value); // // replace lone linefeeds with <br> // $s_value = str_replace("\n", '<br />', $s_value); // // remove lone carriage returns // $s_value = str_replace("\r", "", $s_value); // // replace all control chars with <br /> // $s_value = preg_replace('/[[:cntrl:]]+/', '<br />', $s_value); // // strip HTML (note that all the <br> above will now be // replaced with BODY_LF) // $s_value = StripHTML($s_value, BODY_LF); if ($b_mime_mail) { if ($b_got_filter) { // // filter the whole value (ignore filter_fields for this // special case) if a filter has been specified // $s_results = Filter($s_filter, $s_value); if ($b_filter_attach) { $a_attach_spec["Data"] = $s_results; // // KeepInLine keeps the filtered version inline as well // as an attachment // if (!IsFilterOptionSet("KeepInLine")) { $s_results = ""; } $s_filter = ""; // no more filtering } } else { $s_results = $s_value; } // // send this single value off to get formatted in a MIME // email // if (!MakeMimeMail($s_results, $a_headers, $a_raw_fields, GetMailOption('HTMLTemplate'), GetMailOption('TemplateMissing'), IsMailOptionSet("NoPlain"), $s_filter, $aFileVars, $a_attach_spec)) { return false; } } elseif ($b_got_filter) { // // filter the whole value (ignore filter_fields for this special case) // if a filter has been specified // $s_results = Filter($s_filter, $s_value); } else { $s_results = $s_value; if (IsMailOptionSet("CharSet")) { // // sending plain text email, and the CharSet has been // specified; include a header // $a_headers['Content-Type'] = "text/plain; charset=" . SafeHeader(GetMailOption("CharSet")); } } } else { if ($b_mime_mail) { // // get the plain text version of the email then send it // to get MIME formatted // list($s_results, $s_unfiltered_results, $s_filtered_results) = MakePlainEmail($a_fld_order, $a_clean_fields, $s_to, $s_cc, $s_bcc, $a_raw_fields, $s_filter, $a_filter_list); if ($b_filter_attach) { // // attached the filtered results // $a_attach_spec["Data"] = $s_filtered_results; // // KeepInLine keeps the filtered version inline as well // as an attachment // if (!IsFilterOptionSet("KeepInLine")) { // // put the unfiltered results in the body of the message // $s_results = $s_unfiltered_results; } $s_filter = ""; // no more filtering } if (!MakeMimeMail($s_results, $a_headers, $a_raw_fields, GetMailOption('HTMLTemplate'), GetMailOption('TemplateMissing'), IsMailOptionSet("NoPlain"), $s_filter, $aFileVars, $a_attach_spec)) { return false; } } else { list($s_results, $s_unfiltered_results, $s_filtered_results) = MakePlainEmail($a_fld_order, $a_clean_fields, $s_to, $s_cc, $s_bcc, $a_raw_fields, $s_filter, $a_filter_list); if (!$b_got_filter && IsMailOptionSet("CharSet")) { // // sending plain text email, and the CharSet has been // specified; include a header // $a_headers['Content-Type'] = "text/plain; charset=" . SafeHeader(GetMailOption("CharSet")); } } } // // now save uploaded files to the repository // if (FILEUPLOADS && $FILE_REPOSITORY !== "") { if (!SaveAllFilesToRepository()) { return false; } } // // send the mail - assumes the email addresses have already been checked // return SendCheckedMail($s_to, $SPECIAL_VALUES["subject"], $s_results, $s_sender, $a_headers); }
/** * Determines if the sender is a valid user. * @return integer|NULL */ function ValidatePoster(&$mimeDecodedEmail, $config) { extract($config); global $wpdb; $poster = NULL; $from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"])); $resentFrom = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["resent-from"])); /* if ( empty($from) ) { echo 'Invalid Sender - Emtpy! '; return; } */ //See if the email address is one of the special authorized ones print "Confirming Access For {$from} \n"; $sql = 'SELECT id FROM ' . $wpdb->users . ' WHERE user_email=\'' . addslashes($from) . "' LIMIT 1;"; $user_ID = $wpdb->get_var($sql); if (!empty($user_ID)) { $user = new WP_User($user_ID); if ($user->has_cap("post_via_postie")) { $poster = $user_ID; echo "posting as user {$poster}"; } else { $poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE\n user_login = '******'"); } } elseif ($turn_authorization_off || CheckEmailAddress($from, $authorized_addresses) || CheckEmailAddress($resentFrom, $authorized_addresses)) { $poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE\n user_login = '******'"); } $validSMTP = checkSMTP($mimeDecodedEmail, $smtp); if (!$poster || !$validSMTP) { echo 'Invalid sender: ' . htmlentities($from) . "! Not adding email!\n"; if ($forward_rejected_mail) { $admin_email = get_option("admin_email"); if (MailToRecipients($mimeDecodedEmail, $test_email, array($admin_email), $return_to_sender)) { echo "A copy of the message has been forwarded to the administrator.\n"; } else { echo "The message was unable to be forwarded to the adminstrator.\n"; } } return; } return $poster; }
/** * Determines if the sender is a valid user. * @return integer|NULL */ function ValidatePoster(&$mimeDecodedEmail, $config) { global $wpdb; $poster = NULL; $from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"])); $resentFrom = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["resent-from"])); /* if ( empty($from) ) { echo 'Invalid Sender - Emtpy! '; return; } */ //See if the email address is one of the special authorized ones print "Confirming Access For {$from} \n"; $sql = 'SELECT id FROM ' . $wpdb->users . ' WHERE user_email=\'' . addslashes($from) . "' LIMIT 1;"; $user_ID = $wpdb->get_var($sql); $user = new WP_User($user_ID); if ($config["TURN_AUTHORIZATION_OFF"] || CheckEmailAddress($from, $config['AUTHORIZED_ADDRESSES']) || CheckEmailAddress($resentFrom, $config['AUTHORIZED_ADDRESSES'])) { if (empty($user_ID)) { print "{$from} is authorized to post as the administrator\n"; $from = get_option("admin_email"); $adminUser = $config['ADMIN_USERNAME']; echo "adminUser='******'"; $poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE\n user_login = '******'"); } else { $poster = $user_ID; } } else { if ($user->has_cap("post_via_postie")) { $poster = $user_ID; } } $validSMTP = checkSMTP($mimeDecodedEmail, $config['SMTP']); if (!$poster || !$validSMTP) { echo 'Invalid sender: ' . htmlentities($from) . "! Not adding email!\n"; if ($config["FORWARD_REJECTED_MAIL"]) { if (MailToRecipients($mimeDecodedEmail, $config['TEST_EMAIL'], array(), $config['RETURN_TO_SENDER'])) { echo "A copy of the message has been forwarded to the administrator.\n"; } else { echo "The message was unable to be forwarded to the adminstrator.\n"; } } return; } return $poster; }
/** * Determines if the sender is a valid user. * @return integer|NULL */ function ValidatePoster(&$mimeDecodedEmail) { global $wpdb; $config = GetConfig(); $poster = NULL; $from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"])); $resentFrom = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["resent-from"])); if (empty($from)) { echo 'Invalid Sender - Emtpy! '; return; } //See if the email address is one of the special authorized ones print "Confirming Access For {$from} \n"; $sql = 'SELECT id FROM ' . $wpdb->users . ' WHERE user_email=\'' . addslashes($from) . "' LIMIT 1;"; $user_ID = $wpdb->get_var($sql); $user = new WP_User($user_ID); if ($config["TURN_AUTHORIZATION_OFF"] || CheckEmailAddress($from) || CheckEmailAddress($resentFrom)) { if (empty($user_ID)) { print "{$from} is authorized to post as the administrator\n"; $from = get_option("admin_email"); $poster = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE ID = 1"); } else { $poster = $user_ID; } } else { if ($user->has_cap("post_via_postie")) { $poster = $user_ID; } } if (!$poster) { echo 'Invalid sender: ' . htmlentities($from) . "! Not adding email!\n"; if ($config["FORWARD_REJECTED_MAIL"]) { if (ForwardRejectedMailToAdmin($mimeDecodedEmail)) { echo "A copy of the message has been forwarded to the administrator.\n"; } else { echo "The message was unable to be forwarded to the adminstrator.\n"; } } return; } return $poster; }
function SendAlert($s_error, $b_filter = true, $b_non_error = false) { global $SPECIAL_VALUES, $FORMATTED_INPUT, $FROM_USER, $aServerVars, $aStrippedFormVars; global $aAlertInfo; $s_error = str_replace("\n", BODY_LF, $s_error); $b_got_filter = isset($SPECIAL_VALUES["filter"]) && !empty($SPECIAL_VALUES["filter"]); // // if there is a filter specified and we're not sending the alert // through the filter, don't show the user's data. This is // on the assumption that the filter is an encryption program; so, // we don't want to send the user's data in clear text inside the // alerts. // $b_show_data = true; if ($b_got_filter && !$b_filter) { $b_show_data = false; } $s_form_subject = $s_alert_to = ""; $b_check = true; // // might be too early to have $SPECIAL_VALUES set, so // look in the form vars too // if (isset($SPECIAL_VALUES["alert_to"])) { $s_alert_to = trim($SPECIAL_VALUES["alert_to"]); } if (empty($s_alert_to) && isset($aStrippedFormVars["alert_to"])) { $s_alert_to = trim($aStrippedFormVars["alert_to"]); } if (isset($SPECIAL_VALUES["subject"])) { $s_form_subject = trim($SPECIAL_VALUES["subject"]); } if (empty($s_form_subject) && isset($aStrippedFormVars["subject"])) { $s_form_subject = trim($aStrippedFormVars["subject"]); } if (empty($s_alert_to)) { $s_alert_to = DEF_ALERT; $b_check = false; } if (!empty($s_alert_to)) { $s_from_addr = $s_from = ""; $a_headers = array(); if (isset($FROM_USER) && !empty($FROM_USER)) { if ($FROM_USER != "NONE") { $a_headers['From'] = $FROM_USER; $s_from = "From: {$FROM_USER}"; $s_from_addr = $FROM_USER; } } else { global $SERVER; $s_from_addr = "FormMail@" . $SERVER; $a_headers['From'] = $s_from_addr; $s_from = "From: {$s_from_addr}"; } $s_mesg = "To: " . UnMangle($s_alert_to) . BODY_LF; if (!empty($s_from)) { $s_mesg .= $s_from . BODY_LF; } $s_mesg .= BODY_LF; if (count($aAlertInfo) > 0) { if ($b_show_data) { $s_error .= BODY_LF . GetMessage(MSG_MORE_INFO) . BODY_LF; $s_error .= implode(BODY_LF, $aAlertInfo); } else { $s_error .= BODY_LF . GetMessage(MSG_INFO_STOPPED) . BODY_LF; } } if ($b_non_error) { $s_mesg .= $s_error . BODY_LF . BODY_LF; $s_subj = GetMessage(MSG_FM_ALERT); if (!empty($s_form_subject)) { $s_subj .= " ({$s_form_subject})"; } } else { $s_mesg .= GetMessage(MSG_FM_ERROR_LINE) . BODY_LF . $s_error . BODY_LF . BODY_LF; $s_subj = GetMessage(MSG_FM_ERROR); if (!empty($s_form_subject)) { $s_subj .= " ({$s_form_subject})"; } if ($b_show_data) { $s_mesg .= implode(BODY_LF, $FORMATTED_INPUT); } else { $s_mesg .= GetMessage(MSG_USERDATA_STOPPED); } } if ($b_filter && $b_got_filter) { $s_mesg = GetMessage(MSG_FILTERED, array("FILTER" => $SPECIAL_VALUES["filter"])) . BODY_LF . BODY_LF . Filter($SPECIAL_VALUES["filter"], $s_mesg); } if ($b_check) { if (CheckEmailAddress($s_alert_to, $s_valid, $s_invalid)) { return SendCheckedMail($s_valid, $s_subj, $s_mesg, $s_from_addr, $a_headers); } } else { return SendCheckedMail($s_alert_to, $s_subj, $s_mesg, $s_from_addr, $a_headers); } } return false; }
} $postId = $_GET['postId']; if ($postId == null) { $postId = -1; } echo GetPostList($_GET['boardName'], $postId, $pageNo, $_GET['postLimit'], json_decode($_GET['tags'], true), $searchParam, $_GET['searchOptions']); //BY: added json_decode } else { if ($_GET['t'] == 2) { echo GetPostContent($_GET['postId']); } else { if ($_GET['t'] == 3) { echo CheckUserName($_GET['UserName']); } else { if ($_GET['t'] == 4) { echo CheckEmailAddress($_GET['EmailAddress']); } else { if ($_GET['t'] == 5) { echo GetLatestFeed(json_decode($_GET['FeedBoard'], true)); //BY: added json_decode } else { if ($_GET['t'] == 6) { for ($i = 0; $i < sizeof($addedTags); $i++) { echo $addedTags[$i] . " "; } echo DBSavePost(-1, $_GET['pinned'], $_GET['bName'], $_GET['title'], $_GET['content'], $_GET['UserID'], $_GET['addedTags'], $_GET['deletedTags']); } else { if ($_GET['t'] == 7) { echo EnableUser(fnDecrypt($_GET['c'])); } else { if ($_GET['t'] == 8) {
function SendAlert($s_error, $b_filter = true, $b_non_error = false) { global $SPECIAL_VALUES, $FORMATTED_INPUT, $FROM_USER, $aServerVars, $aStrippedFormVars; global $aAlertInfo; $s_error = str_replace("\n", BODY_LF, $s_error); $b_got_filter = isset($SPECIAL_VALUES["filter"]) && !empty($SPECIAL_VALUES["filter"]); // // if there is a filter specified and we're not sending the alert // through the filter, don't show the user's data. This is // on the assumption that the filter is an encryption program; so, // we don't want to send the user's data in clear text inside the // alerts. // $b_show_data = true; if ($b_got_filter && !$b_filter) { $b_show_data = false; } $s_form_subject = $s_alert_to = ""; $b_check = true; // // might be too early to have $SPECIAL_VALUES set, so // look in the form vars too // if (isset($SPECIAL_VALUES["alert_to"])) { $s_alert_to = trim($SPECIAL_VALUES["alert_to"]); } if (empty($s_alert_to) && isset($aStrippedFormVars["alert_to"])) { $s_alert_to = trim($aStrippedFormVars["alert_to"]); } if (isset($SPECIAL_VALUES["subject"])) { $s_form_subject = trim($SPECIAL_VALUES["subject"]); } if (empty($s_form_subject) && isset($aStrippedFormVars["subject"])) { $s_form_subject = trim($aStrippedFormVars["subject"]); } if (empty($s_alert_to)) { $s_alert_to = DEF_ALERT; $b_check = false; } if (!empty($s_alert_to)) { $s_from_addr = $s_from = ""; $a_headers = array(); if (isset($FROM_USER)) { if ($FROM_USER != "NONE") { $a_headers['From'] = $FROM_USER; $s_from = "From: {$FROM_USER}"; $s_from_addr = $FROM_USER; } } else { global $SERVER; $s_from_addr = "FormMail@" . $SERVER; $a_headers['From'] = $s_from_addr; $s_from = "From: {$s_from_addr}"; } $s_mesg = "To: " . UnMangle($s_alert_to) . BODY_LF; if (!empty($s_from)) { $s_mesg .= $s_from . BODY_LF; } $s_mesg .= BODY_LF; if (count($aAlertInfo) > 0) { if ($b_show_data) { $s_error .= BODY_LF . "More information:" . BODY_LF; $s_error .= implode(BODY_LF, $aAlertInfo); } else { $s_error .= BODY_LF . "(Extra alert information suppressed for security purposes.)" . BODY_LF; } } if ($b_non_error) { $s_mesg .= $s_error . BODY_LF . BODY_LF; $s_subj = "FormMail alert"; if (!empty($s_form_subject)) { $s_subj .= " ({$s_form_subject})"; } } else { $s_mesg .= "The following error occurred in FormMail:" . BODY_LF . $s_error . BODY_LF . BODY_LF; $s_subj = "FormMail script error"; if (!empty($s_form_subject)) { $s_subj .= " ({$s_form_subject})"; } if ($b_show_data) { $s_mesg .= implode(BODY_LF, $FORMATTED_INPUT); } else { $s_mesg .= "(User data suppressed for security purposes.)"; } } if ($b_filter && $b_got_filter) { $s_mesg = "This alert has been filtered through '" . $SPECIAL_VALUES["filter"] . "' for security purposes." . BODY_LF . BODY_LF . Filter($SPECIAL_VALUES["filter"], $s_mesg); } if ($b_check) { if (CheckEmailAddress($s_alert_to, $s_valid, $s_invalid)) { return SendCheckedMail($s_valid, $s_subj, $s_mesg, $s_from_addr, $a_headers); } } else { return SendCheckedMail($s_alert_to, $s_subj, $s_mesg, $s_from_addr, $a_headers); } } return false; }
function SendAlert($s_error, $b_filter = true, $b_non_error = false) { global $SPECIAL_VALUES, $FORMATTED_INPUT, $FROM_USER, $aServerVars, $aStrippedFormVars; global $aAlertInfo, $aCleanedValues, $aFieldOrder; $s_error = str_replace("\n", BODY_LF, $s_error); $b_got_filter = isset($SPECIAL_VALUES["filter"]) && !empty($SPECIAL_VALUES["filter"]); // // if there is a filter specified and we're not sending the alert // through the filter, don't show the user's data. This is // on the assumption that the filter is an encryption program; so, // we don't want to send the user's data in clear text inside the // alerts. // $b_show_data = true; if ($b_got_filter && !$b_filter) { $b_show_data = false; } $s_form_subject = $s_alert_to = ""; $b_check = true; // // might be too early to have $SPECIAL_VALUES set, so // look in the form vars too // if (isset($SPECIAL_VALUES["alert_to"])) { $s_alert_to = trim($SPECIAL_VALUES["alert_to"]); } if (empty($s_alert_to) && isset($aStrippedFormVars["alert_to"])) { $s_alert_to = trim($aStrippedFormVars["alert_to"]); } if (isset($SPECIAL_VALUES["subject"])) { $s_form_subject = trim($SPECIAL_VALUES["subject"]); } if (empty($s_form_subject) && isset($aStrippedFormVars["subject"])) { $s_form_subject = trim($aStrippedFormVars["subject"]); } if (empty($s_alert_to)) { $s_alert_to = DEF_ALERT; $b_check = false; } if (!empty($s_alert_to)) { $s_from_addr = $s_from = ""; $a_headers = array(); if (isset($FROM_USER) && !empty($FROM_USER)) { if ($FROM_USER != "NONE") { $a_headers['From'] = $FROM_USER; $s_from = "From: {$FROM_USER}"; $s_from_addr = $FROM_USER; } } else { global $SERVER; $s_from_addr = "FormMail@" . $SERVER; $a_headers['From'] = $s_from_addr; $s_from = "From: {$s_from_addr}"; } $s_mesg = "To: " . UnMangle($s_alert_to) . BODY_LF; if (!empty($s_from)) { $s_mesg .= $s_from . BODY_LF; } $s_mesg .= BODY_LF; if (count($aAlertInfo) > 0) { if ($b_show_data) { $s_error .= BODY_LF . GetMessage(MSG_MORE_INFO) . BODY_LF; $s_error .= implode(BODY_LF, $aAlertInfo); } else { $s_error .= BODY_LF . GetMessage(MSG_INFO_STOPPED) . BODY_LF; } } // // some fields aren't security issues - show those in the alert // $a_safe_fields = array("email: " . $SPECIAL_VALUES["email"], "name: " . $SPECIAL_VALUES["name"]); $s_safe_data = implode(BODY_LF, $a_safe_fields); if ($b_non_error) { $s_preamble = $s_error . BODY_LF . BODY_LF; $s_mesg .= $s_preamble; $s_subj = GetMessage(MSG_FM_ALERT); if (!empty($s_form_subject)) { $s_subj .= " ({$s_form_subject})"; } } else { $s_preamble = GetMessage(MSG_FM_ERROR_LINE) . BODY_LF . $s_error . BODY_LF . BODY_LF; $s_mesg .= $s_preamble; $s_subj = GetMessage(MSG_FM_ERROR); if (!empty($s_form_subject)) { $s_subj .= " ({$s_form_subject})"; } $s_mesg .= $s_safe_data; $s_mesg .= BODY_LF . BODY_LF; if ($b_show_data) { $s_mesg .= implode(BODY_LF, $FORMATTED_INPUT); } else { $s_mesg .= GetMessage(MSG_USERDATA_STOPPED); } } /* * We only need to filter the form fields if the filter that * is specified is an encrypting filter. */ if ($b_filter && $b_got_filter && IsFilterAttribSet($SPECIAL_VALUES["filter"], "Encrypts")) { $s_new_mesg = $s_preamble . $s_safe_data; $s_new_mesg .= BODY_LF . BODY_LF; $s_filter = $SPECIAL_VALUES["filter"]; if (($a_filter_list = GetFilterList()) !== false) { // // just filter the critical fields // list($s_unfiltered, $s_filtered_results) = GetFilteredOutput($aFieldOrder, $aCleanedValues, $s_filter, $a_filter_list); $s_new_mesg .= $s_unfiltered; } else { // // filter everything // $s_filtered_results = Filter($s_filter, $s_mesg); } $s_new_mesg .= GetMessage(MSG_FILTERED, array("FILTER" => $s_filter)) . BODY_LF . BODY_LF . $s_filtered_results; $s_mesg = $s_new_mesg; } if (isset($aServerVars['HTTP_REFERER'])) { $s_mesg .= BODY_LF . BODY_LF . "Referring page was " . $aServerVars['HTTP_REFERER']; } elseif (isset($SPECIAL_VALUES['this_form']) && $SPECIAL_VALUES['this_form'] !== "") { $s_mesg .= BODY_LF . BODY_LF . "Referring form was " . $SPECIAL_VALUES['this_form']; } if (isset($aServerVars['REMOTE_ADDR'])) { $s_mesg .= BODY_LF . BODY_LF . "User IP address was " . $aServerVars['REMOTE_ADDR']; } if ($b_check) { if (CheckEmailAddress($s_alert_to, $s_valid, $s_invalid)) { return SendCheckedMail($s_valid, $s_subj, $s_mesg, $s_from_addr, $a_headers); } } else { return SendCheckedMail($s_alert_to, $s_subj, $s_mesg, $s_from_addr, $a_headers); } } return false; }