commit proposed changes by @Quy

joomla · May 2, 2018 · a43a17d · a43a17d
1 parent 0198123
commit a43a17d
Showing 1 changed file with 4 additions and 17 deletions.
diff --git a/components/com_mailto/controller.php b/components/com_mailto/controller.php
@@ -83,31 +83,18 @@ public function send()
 			'cc:'
 		);
 
-		// An array of the input fields to scan for injected headers
-		$fields = array(
-			'emailto',
-			'sender',
-			'emailfrom',
-			'subject',
-			'link',
-			'captcha',
-		);
-
 		/*
 		 * Here is the meat and potatoes of the header injection test.  We
 		 * iterate over the array of form input and check for header strings.
 		 * If we find one, send an unauthorized header and die.
 		 */
-		foreach ($fields as $field)
+		foreach ($data as $key => $value)
 		{
-			if (!empty($_POST[$field]))
+			foreach ($headers as $header)
 			{
-				foreach ($headers as $header)
+				if (strpos($value, $header) !== false)
 				{
-					if (strpos($_POST[$field], $header) !== false)
-					{
-						JError::raiseError(403, '');
-					}
+					JError::raiseError(403, '');
 				}
 			}
 		}