function validate(&$d) { global $vmLogger, $VM_LANG; if (empty($d['sender_name'])) { $vmLogger->err($VM_LANG->_('CONTACT_FORM_NC', false)); return false; } if (empty($d['sender_mail']) || empty($d['recipient_mail'])) { $vmLogger->err($VM_LANG->_('CONTACT_FORM_NC', false)); return false; } $validate = vmGet($_POST, vmCreateHash(), 0); // probably a spoofing attack if (!$validate) { $vmLogger->err('Hash not valid - ' . vmCreateHash() . $VM_LANG->_('NOT_AUTH', false)); return false; } if (!$_SERVER['REQUEST_METHOD'] == 'POST') { $vmLogger->err('Request must be POSTed - ' . $VM_LANG->_('NOT_AUTH', false)); return false; } // Attempt to defend against header injections: $badStrings = array('Content-Type:', 'MIME-Version:', 'Content-Transfer-Encoding:', 'bcc:', 'cc:'); // Loop through each POST'ed value and test if it contains // one of the $badStrings: foreach ($_POST as $k => $v) { foreach ($badStrings as $v2) { if (strpos($v, $v2) !== false) { $vmLogger->err($VM_LANG->_('NOT_AUTH', false)); return false; } } } // Made it past spammer test, free up some memory // and continue rest of script: unset($v, $v2, $badStrings); $email = vmGet($_POST, 'email', ''); $text = vmGet($_POST, 'text', ''); $sender_mail = vmGet($_REQUEST, 'sender_mail', null); $recipient_mail = vmGet($_REQUEST, 'recipient_mail', null); $message = vmGet($_REQUEST, 'recommend_message', null); // Get Session Cookie `value` $sessioncookie = vmGet($_COOKIE, 'virtuemart', null); if (strlen($sessioncookie) < 16 || $sessioncookie == '-') { $vmLogger->err($VM_LANG->_('VM_COOKIE_MISSING') . '. ' . $VM_LANG->_('NOT_AUTH', false)); return false; } // test to ensure that only one email address is entered $check = explode('@', $email); if (strpos($email, ';') || strpos($email, ',') || strpos($email, ' ') || count($check) > 2) { $vmLogger->err($VM_LANG->_('EMAIL_ERR_ONLYONE')); return false; } if (!$email && !$sender_mail || !$text && !$message) { $vmLogger->err($VM_LANG->_('CONTACT_FORM_NC', false)); return false; } if (!empty($email)) { if (ps_communication::is_email($email) == false) { $vmLogger->err($VM_LANG->_('REGWARN_MAIL', false)); return false; } } if (!empty($sender_mail)) { if (!ps_communication::is_email($sender_mail) || !ps_communication::is_email($recipient_mail)) { $vmLogger->err($VM_LANG->_('EMAIL_ERR_NOINFO', false)); return false; } } return true; }
* * @version $Id: shop.recommend.php * @package VirtueMart * @subpackage html * @copyright Copyright (C) 2006 Alatis GmbH & Co. KG. All rights reserved. * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php * VirtueMart is free software. This version may have been modified pursuant * to the GNU General Public License, and as distributed it includes or * is derivative of works licensed under the GNU General Public License or * other free or open source software licenses. * See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details. * * http://virtuemart.net */ mm_showMyFileName(__FILE__); global $ok; include_once CLASSPATH . 'ps_communication.php'; $vm_mainframe->addStyleSheet('templates/' . $mainframe->getTemplate()); if (empty($_POST['submit']) || !$ok) { $mainframe->setPageTitle($VM_LANG->_('VM_RECOMMEND_FORM_LBL')); echo '<h3>' . $VM_LANG->_('VM_RECOMMEND_FORM_LBL') . '</h3>'; ps_communication::showRecommendForm($product_id); } else { $mainframe->setPageTitle($VM_LANG->_('VM_RECOMMEND_FORM_LBL')); echo '<span class="contentheading">' . $VM_LANG->_('VM_RECOMMEND_DONE') . ' ' . shopMakeHtmlSafe(vmGet($_POST, 'recipient_mail')) . '</span> <br /> <br /> <br /> <a href="javascript:window.close();"> <span class="small">' . $VM_LANG->_('PROMPT_CLOSE') . '</span> </a>'; }