Skip to content

Commit 3f10a4a

Browse files
committed
fix still possible html injection
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
1 parent eaea932 commit 3f10a4a

File tree

3 files changed

+3
-6
lines changed

3 files changed

+3
-6
lines changed

Diff for: index.php

+1-6
Original file line numberDiff line numberDiff line change
@@ -353,12 +353,7 @@
353353
$message = sprintf($lng['error']['login_blocked'], Settings::Get('login.deactivatetime'));
354354
break;
355355
case 4:
356-
$cmail = isset($_GET['customermail']) ? $_GET['customermail'] : 'unknown';
357-
if (!Validate::validateEmail($cmail)) {
358-
$message = str_replace('%s', 'invalid.address', $lng['error']['errorsendingmail']);
359-
} else {
360-
$message = str_replace('%s', $cmail, $lng['error']['errorsendingmail']);
361-
}
356+
$message = $lng['error']['errorsendingmailpub'];
362357
break;
363358
case 5:
364359
$message = $lng['error']['user_banned'];

Diff for: lng/english.lng.php

+1
Original file line numberDiff line numberDiff line change
@@ -673,6 +673,7 @@
673673
$lng['admin']['text'] = 'Message';
674674
$lng['menu']['message'] = 'Messages';
675675
$lng['error']['errorsendingmail'] = 'The message to "%s" failed';
676+
$lng['error']['errorsendingmailpub'] = 'The message to the given email-address failed';
676677
$lng['error']['cannotreaddir'] = 'Unable to read directory "%s"';
677678
$lng['message']['success'] = 'Successfully sent message to %s recipients';
678679
$lng['message']['norecipients'] = 'No e-mail has been sent because there are no recipients in the database';

Diff for: lng/german.lng.php

+1
Original file line numberDiff line numberDiff line change
@@ -666,6 +666,7 @@
666666
$lng['admin']['text'] = 'Nachricht';
667667
$lng['menu']['message'] = 'Nachrichten';
668668
$lng['error']['errorsendingmail'] = 'Das Versenden der Nachricht an "%s" schlug fehl.';
669+
$lng['error']['errorsendingmailpub'] = 'Das Versenden der Nachricht an die angegebene E-Mail Adresse schlug fehl.';
669670
$lng['error']['cannotreaddir'] = 'Der Ordner "%s" kann nicht gelesen werden';
670671
$lng['message']['success'] = 'Nachricht erfolgreich an "%s" Empfänger gesendet';
671672
$lng['message']['norecipients'] = 'Es wurde keine E-Mail versendet, da sich keine Empfänger in der Datenbank befinden';

0 commit comments

Comments
 (0)