Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: [PATCH] Validate the comments and contact forms  (Read 4302 times)

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • I'm a self-made man and worships my creator.
    • p-ahlqvist.com
[PATCH] Validate the comments and contact forms
« on: December 06, 2006, 11:56:21 AM »

This was originally posted by Elvino thanks to him for discovering this.

THIS HAS BEEN ADDED TO THE RELEASE ZIP 06-12-06 - So only if you do not have this in your forms, youo need to perform the update of this code snippets...

Open up snews.php and search for function contact, and in there you'll find this piece of code in the beginning of that function:
Quote
// CONTACT FORM
function contact() {
    if ($_POST['contactform'] == '') {
        echo '<div class="commentsbox"><h2>'.l('contact').'</h2>';
        html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', db('website'), '');
        html_input('text', 'name', 'name', '', '* '.l('name'), 'text', '', '', '', '', '', '', '', '', '');
        html_input('text', 'email', 'email', '', '* '.l('email'), 'text', '', '', '', '', '', '', '', '', '');
        html_input('text', 'weblink', 'weblink', '', l('url'), 'text', '', '', '', '', '', '', '', '', '');
       html_input('textarea', 'message', 'message', '', '* '.l('message'), '', '', '', '', '', '5', '5', '', '', '');
        echo '<p>';

        html_input('hidden', 'ip', 'ip', $_SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '');
        html_input('hidden', 'time', 'time', time(), '', '', '', '', '', '', '', '', '', '', '');
        html_input('submit', 'contactform', 'contactform', l('submit'), '', '', '', '', '', '', '', '', '', '', '');
        echo '</p></form></div>';
    }
Swap the blue marked for the red marked.
Quote
// CONTACT FORM
function contact() {
    if ($_POST['contactform'] == '') {
        echo '<div class="commentsbox"><h2>'.l('contact').'</h2>';
        html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', db('website'), '');
        html_input('text', 'name', 'name', '', '* '.l('name'), 'text', '', '', '', '', '', '', '', '', '');
        html_input('text', 'email', 'email', '', '* '.l('email'), 'text', '', '', '', '', '', '', '', '', '');
        html_input('text', 'weblink', 'weblink', '', l('url'), 'text', '', '', '', '', '', '', '', '', '');
     echo '<p>';
        html_input('textarea', 'message', 'message', '', '* '.l('message'), '', '', '', '', '', '5', '5', '', '', '');
     echo '</p><p>';

        html_input('hidden', 'ip', 'ip', $_SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '');
        html_input('hidden', 'time', 'time', time(), '', '', '', '', '', '', '', '', '', '', '');
        html_input('submit', 'contactform', 'contactform', l('submit'), '', '', '', '', '', '', '', '', '', '', '');
        echo '</p></form></div>';
    }
Then find the corresponding block in the comments function:
Quote
echo '<div class="commentsbox"><h2>'.l('addcomment').'</h2>';
      html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', db('website'), '');
      html_input('text', 'name', 'name', '', '* '.l('name'), 'text', '', '', '', '', '', '', '', '', '');
      html_input('text', 'url', 'url', '', l('url'), 'text', '', '', '', '', '', '', '', '', '');
        html_input('textarea', 'text', 'text', '', '* '.l('comment'), '', '', '', '', '', '5', '5', '', '', '');
      echo '<p>';

      html_input('hidden', 'category', 'category', $categorySEF, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'id', 'id', $articleId, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'article', 'article', $articleSEF, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'commentspage', 'commentspage', $back_to_page, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'ip', 'ip', $_SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'time', 'time', time(), '', '', '', '', '', '', '', '', '', '', '');
      html_input('submit', 'comment', 'comment', l('submit'), '', '', '', '', '', '', '', '', '', '', '');
      echo '</p></form></div>';
And swap the blue marked for the red marked.
Quote
echo '<div class="commentsbox"><h2>'.l('addcomment').'</h2>';
      html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', db('website'), '');
      html_input('text', 'name', 'name', '', '* '.l('name'), 'text', '', '', '', '', '', '', '', '', '');
      html_input('text', 'url', 'url', '', l('url'), 'text', '', '', '', '', '', '', '', '', '');
      echo '<p>';
                  html_input('textarea', 'text', 'text', '', '* '.l('comment'), '', '', '', '', '', '5', '5', '', '', '');
      echo '</p><p>';

      html_input('hidden', 'category', 'category', $categorySEF, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'id', 'id', $articleId, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'article', 'article', $articleSEF, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'commentspage', 'commentspage', $back_to_page, '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'ip', 'ip', $_SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '');
      html_input('hidden', 'time', 'time', time(), '', '', '', '', '', '', '', '', '', '', '');
      html_input('submit', 'comment', 'comment', l('submit'), '', '', '', '', '', '', '', '', '', '', '');
      echo '</p></form></div>';
Patric.
« Last Edit: January 27, 2008, 11:05:42 PM by philmoz »
Logged
"It's only dead fish that goes with the flow... "
Updated

Luka

  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 36
  • Posts: 1716
    • http://www.snewscms.com
[PATCH] Validate the comments and contact forms
« Reply #1 on: December 06, 2006, 12:49:43 PM »

I've applied this fix to the stable release and it's now include in the zip. Thanks.
Logged