diff options
Diffstat (limited to 'program/steps/mail')
| -rw-r--r-- | program/steps/mail/addcontact.inc | 4 | ||||
| -rw-r--r-- | program/steps/mail/compose.inc | 6 | ||||
| -rw-r--r-- | program/steps/mail/sendmail.inc | 24 |
3 files changed, 17 insertions, 17 deletions
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc index b1129ec9d..722b0f287 100644 --- a/program/steps/mail/addcontact.inc +++ b/program/steps/mail/addcontact.inc @@ -21,9 +21,9 @@ $REMOTE_REQUEST = TRUE; -if ($_GET['_address']) +if (!empty($_GET['_address'])) { - $contact_arr = $IMAP->decode_address_list($_GET['_address']); + $contact_arr = $IMAP->decode_address_list(get_input_value('_address', RCUBE_INPUT_GET)); if (sizeof($contact_arr)) { $contact = $contact_arr[1]; diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 2241e6b87..58465062f 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -142,7 +142,7 @@ function rcmail_compose_headers($attrib) if ($fname && !empty($_POST[$fname])) - $fvalue = $_POST[$fname]; + $fvalue = get_input_value($fname, RCUBE_INPUT_POST); else if ($header && is_object($REPLY_MESSAGE['headers'])) { // get recipent address(es) out of the message headers @@ -309,7 +309,7 @@ function rcmail_compose_body($attrib) // use posted message body if (!empty($_POST['_message'])) - $body = stripslashes($_POST['_message']); + $body = get_input_value('_message', RCUBE_INPUT_POST, TRUE); // compose reply-body else if (is_array($REPLY_MESSAGE['parts'])) @@ -433,7 +433,7 @@ function rcmail_compose_subject($attrib) // use subject from post if (isset($_POST['_subject'])) - $subject = stripslashes($_POST['_subject']); + $subject = get_input_value('_subject', RCUBE_INPUT_POST); // create a reply-subject else if (isset($REPLY_MESSAGE['subject'])) diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index ec0f1166f..70baba039 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -83,7 +83,7 @@ $mailto_regexp = array('/[,;]\s*[\r\n]+/', '/[\r\n]+/', '/[,;]\s*$/m'); $mailto_replace = array(', ', ', ', ''); // repalce new lines and strip ending ', ' -$mailto = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_to'])); +$mailto = preg_replace($mailto_regexp, $mailto_replace, get_input_value('_to', RCUBE_INPUT_POST, TRUE, $message_charset)); // decode address strings $to_address_arr = $IMAP->decode_address_list($mailto); @@ -104,22 +104,22 @@ $headers = array('Date' => date('D, j M Y G:i:s O'), 'To' => rcube_charset_convert($mailto, $input_charset, $message_charset)); // additional recipients -if ($_POST['_cc']) - $headers['Cc'] = rcube_charset_convert(preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_cc'])), $input_charset, $message_charset); +if (!empty($_POST['_cc'])) + $headers['Cc'] = preg_replace($mailto_regexp, $mailto_replace, get_input_value('_cc', RCUBE_INPUT_POST, TRUE, $message_charset)); -if ($_POST['_bcc']) - $headers['Bcc'] = rcube_charset_convert(preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_bcc'])), $input_charset, $message_charset); +if (!empty($_POST['_bcc'])) + $headers['Bcc'] = preg_replace($mailto_regexp, $mailto_replace, get_input_value('_bcc', RCUBE_INPUT_POST, TRUE, $message_charset)); -if (strlen($identity_arr['bcc'])) +if (!empty($identity_arr['bcc'])) $headers['Bcc'] = ($headers['Bcc'] ? $headers['Bcc'].', ' : '') . $identity_arr['bcc']; // add subject -$headers['Subject'] = rcube_charset_convert(trim($_POST['_subject']), $input_charset, $message_charset); +$headers['Subject'] = trim(get_input_value('_subject', RCUBE_INPUT_POST, FALSE, $message_charset)); -if (strlen($identity_arr['organization'])) +if (!empty($identity_arr['organization'])) $headers['Organization'] = $identity_arr['organization']; -if (strlen($identity_arr['reply-to'])) +if (!empty($identity_arr['reply-to'])) $headers['Reply-To'] = $identity_arr['reply-to']; if (!empty($_SESSION['compose']['reply_msgid'])) @@ -128,7 +128,7 @@ if (!empty($_SESSION['compose']['reply_msgid'])) if (!empty($_SESSION['compose']['references'])) $headers['References'] = $_SESSION['compose']['references']; -if ($_POST['_priority']) +if (!empty($_POST['_priority'])) { $priority = (int)$_POST['_priority']; $a_priorities = array(1=>'lowest', 2=>'low', 4=>'high', 5=>'highest'); @@ -141,11 +141,11 @@ if ($_POST['_priority']) $headers['Message-ID'] = $message_id; $headers['X-Sender'] = $from; -if ($CONFIG['useragent']) +if (!empty($CONFIG['useragent'])) $headers['User-Agent'] = $CONFIG['useragent']; // fetch message body -$message_body = rcube_charset_convert($_POST['_message'], $input_charset, $message_charset); +$message_body = get_input_value('_message', RCUBE_INPUT_POST, TRUE, $message_charset); // append generic footer to all messages if (!empty($CONFIG['generic_message_footer'])) |