aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoralyx <alyx@aleteoryx.me>2024-06-01 11:38:12 -0400
committeralyx <alyx@aleteoryx.me>2024-06-01 11:38:12 -0400
commitb5f931b9c9344e9db07abfe9de1e1ca5e64342bb (patch)
treec4559229f6b35b173de91699c40787e29d573ab3
parent27a98f32de4ff4972ca08b046c0ff3df3f10fdd5 (diff)
downloadvisitors_dot_php-b5f931b9c9344e9db07abfe9de1e1ca5e64342bb.tar.gz
visitors_dot_php-b5f931b9c9344e9db07abfe9de1e1ca5e64342bb.tar.bz2
visitors_dot_php-b5f931b9c9344e9db07abfe9de1e1ca5e64342bb.zip
Fix POST validation bugs
-rw-r--r--visitors.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/visitors.php b/visitors.php
index a841d3a..850cefb 100644
--- a/visitors.php
+++ b/visitors.php
@@ -103,7 +103,7 @@ $config['captcha'] = true;
//
// Any entries in one mode will display fine in any other.
-$config['form_mode'] = 1;
+$config['form_mode'] = 2;
// E-Mail display mode: choice
@@ -497,6 +497,7 @@ session_start(['cookie_lifetime' => 1440]);
function cleanup_post() {
global $config;
+ error_log(var_dump($_POST, false));
if ($config['captcha'] && (@$_SESSION['captcha'] !== htmlentities($_POST['captcha']??''))) {
return "Invalid captcha!";
}
@@ -509,15 +510,15 @@ function cleanup_post() {
else return "Invalid Website URL or E-Mail!";
}
else {
- if (isset($_POST['website'])) {
+ if (isset($_POST['website']) && $_POST['website'] !== '') {
$_POST['website'] = trim($_POST['website']);
if (!preg_match('/^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$/', $_POST['website']))
return "Invalid Website URL!";
$_POST['website'] = htmlentities($_POST['website']);
}
- if (isset($_POST['email'])) {
+ if (isset($_POST['email']) && $_POST['email'] !== '') {
$_POST['email'] = trim($_POST['email']);
- if (!preg_match('/^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['email']))
+ if (!preg_match('/^[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['email']))
return "Invalid E-Mail!";
$_POST['email'] = htmlentities($_POST['email']);
}