Fixed embedded form validation issues with CR/LF. Thanks to jmason03 …

…on the forums for catching this.

core/admin/ajax/auto-modules/embeddable-form/process.php

@@ -15,8 +15,18 @@
 	};
 	$hash_recurse($_POST);
 
+	// Clean out carriage return and line feed characters since JS and PHP seem to disagree on their presence
+	$cleaned_string = "";
+	for ($i = 0; $i < strlen($complete_string); $i++) {
+		$char = substr($complete_string,$i,1);
+		$code = ord($char);
+		if ($code != 10 && $code != 13) {
+			$cleaned_string .= $char;
+		}
+	}
+
 	// Stop Robots - See if it matches the passed hash and that _bigtree_email wasn't filled out
-	if ($_POST["_bigtree_hashcash"] != md5($complete_string) || $_POST["_bigtree_email"]) {
+	if ($_POST["_bigtree_hashcash"] != md5($cleaned_string) || $_POST["_bigtree_email"]) {
 		$_SESSION["bigtree_admin"]["post_hash_failed"] = true;
 		BigTree::redirect($_SERVER["HTTP_REFERER"]);
 	}

core/admin/js/main.js

@@ -2354,7 +2354,7 @@ var BigTreeFormValidator = Class.extend({
 		});
 
 		// If this is an embedded form, we want to generate a hash of everything
-		complete_submission = "";
+		var complete_submission = "";
 		if ($("#bigtree_hashcash_field").length) {
 			this.form.find("input,select,textarea").not("#bigtree_hashcash_field").each(function() {
 				if ($(this).is("textarea") && $(this).css("display") == "none") {
@@ -2373,7 +2373,17 @@ var BigTreeFormValidator = Class.extend({
 					}
 				}
 			});
-			$("#bigtree_hashcash_field").val(md5(complete_submission));
+
+			// Remove carriage return and line feed since PHP and JS disagree on their presence
+			var cleaned_submission = "";
+			for (i = 0; i < complete_submission.length; i++) {
+				var code = complete_submission.charCodeAt(i);
+				if (code != 10 && code != 13) {
+					cleaned_submission += complete_submission[i];
+				}
+			}
+
+			$("#bigtree_hashcash_field").val(md5(cleaned_submission));
 		}
 
 		if (this.form.find(".form_error").length) {