Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Fixed]: ecard invalid address error mesage  (Read 30892 times)

0 Members and 1 Guest are viewing this topic.

Nibbler

  • Guest
[Fixed]: ecard invalid address error mesage
« on: March 02, 2008, 03:38:49 pm »

Code: [Select]
// Check supplied email address
$valid_email_pattern = "^[_\.0-9a-z\-]+@([0-9a-z][0-9a-z-]*\.)+[a-z]{2,6}$";
$valid_sender_email = eregi($valid_email_pattern, $sender_email);
$valid_recipient_email = eregi($valid_email_pattern, $recipient_email);
$invalid_email = '<font size="1">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</font>';
if (!$valid_sender_email && count($_POST) > 0) $sender_email_warning = $invalid_email;
if (!$valid_recipient_email && count($_POST) > 0) $recipient_email_warning = $invalid_email;

That shows the recipient email address in the message even if it's the sender address that is invalid.
« Last Edit: October 18, 2008, 05:06:57 pm by Joachim Müller »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: ecard invalid address error mesage
« Reply #1 on: October 18, 2008, 05:06:45 pm »

Suggested change:
Code: [Select]
// Check supplied email address
$valid_email_pattern = "^[_\.0-9a-z\-]+@([0-9a-z][0-9a-z-]*\.)+[a-z]{2,6}$";
$valid_sender_email = eregi($valid_email_pattern, $sender_email);
$valid_recipient_email = eregi($valid_email_pattern, $recipient_email);
if (!$valid_sender_email && count($_POST) > 0) {
$sender_email_warning = '<font size="1">' . $lang_ecard_php['invalid_email'] . ' (' . $sender_email . ')</font>';
}
if (!$valid_recipient_email && count($_POST) > 0) {
$recipient_email_warning = '<font size="1">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</font>';
}
Applied and committed to cpg1.4.x (SVN repository), so the fix will be in cpg1.4.20 and better. Applied similar fix to cpg1.5.x as well.
Logged
Pages: [1]   Go Up
 

Page created in 0.015 seconds with 18 queries.