Fix email value + fix subject and body params see BT#15596

chamilo · Sep 4, 2019 · c3b5235 · c3b5235
1 parent 2dd5d09
commit c3b5235
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 9 deletions.
diff --git a/main/inc/email_editor.php b/main/inc/email_editor.php
@@ -18,6 +18,8 @@
     api_not_allowed(true);
 }
 
+$_user = api_get_user_info();
+
 $originUrl = Session::read('origin_url');
 if (empty($originUrl)) {
     Session::write('origin_url', $_SERVER['HTTP_REFERER']);
@@ -52,8 +54,8 @@
         break;
     default:
         $emailDest = isset($_REQUEST['dest']) ? Security::remove_XSS($_REQUEST['dest']) : '';
-        $emailTitle = isset($_REQUEST['email_title']) ? Security::remove_XSS($_REQUEST['email_title']) : '';
-        $emailText = isset($_REQUEST['email_text']) ? Security::remove_XSS($_REQUEST['email_text']) : '';
+        $emailTitle = isset($_REQUEST['subject']) ? Security::remove_XSS($_REQUEST['subject']) : '';
+        $emailText = isset($_REQUEST['body']) ? Security::remove_XSS($_REQUEST['body']) : '';
         break;
 }
 
@@ -63,13 +65,13 @@
     'email_title' => $emailTitle,
     'email_text' => $emailText,
 ];
-
 $form->setDefaults($defaults);
 
 if ($form->validate()) {
-    $text = Security::remove_XSS($_POST['email_text'])."\n\n---\n".get_lang('EmailSentFromLMS').' '.api_get_path(WEB_PATH);
-    $email_administrator = Security::remove_XSS($_POST['dest']);
-    $title = Security::remove_XSS($_POST['email_title']);
+    $values = $form->getSubmitValues();
+    $text = Security::remove_XSS($values['email_text'])."\n\n---\n".get_lang('EmailSentFromLMS').' '.api_get_path(WEB_PATH);
+    $email_administrator = Security::remove_XSS($values['dest']);
+    $title = Security::remove_XSS($values['email_title']);
     if (!empty($_user['mail'])) {
         api_mail_html(
             '',

diff --git a/main/inc/lib/display.lib.php b/main/inc/lib/display.lib.php
@@ -631,12 +631,12 @@ public static function encrypted_mailto_link(
         }
 
         // "mailto:" already present?
-        if (substr($email, 0, 7) != 'mailto:') {
+        if (substr($email, 0, 7) !== 'mailto:') {
             $email = 'mailto:'.$email;
         }
 
         // Class (stylesheet) defined?
-        if ($style_class != '') {
+        if ($style_class !== '') {
             $style_class = ' class="'.$style_class.'"';
         }
 
@@ -649,7 +649,10 @@ public static function encrypted_mailto_link(
         $value = api_get_configuration_value('add_user_course_information_in_mailto');
 
         if ($value) {
-            $hmail .= '?';
+            if (api_get_setting('allow_email_editor') === 'false') {
+                $hmail .= '?';
+            }
+
             if (!api_is_anonymous()) {
                 $hmail .= '&subject='.Security::remove_XSS(api_get_setting('siteName'));
             }