Fix POST validation bugs

1 files changed, 5 insertions, 4 deletions

diff --git a/visitors.php b/visitors.php
index a841d3a..850cefb 100644
--- a/visitors.php
+++ b/visitors.php
@@ -103,7 +103,7 @@ $config['captcha'] = true;
 //
 // Any entries in one mode will display fine in any other.
 
-$config['form_mode'] = 1;
+$config['form_mode'] = 2;
 
 
 // E-Mail display mode: choice
@@ -497,6 +497,7 @@ session_start(['cookie_lifetime' => 1440]);
 
 function cleanup_post() {
   global $config;
+  error_log(var_dump($_POST, false));
   if ($config['captcha'] && (@$_SESSION['captcha'] !== htmlentities($_POST['captcha']??''))) {
     return "Invalid captcha!";
   }
@@ -509,15 +510,15 @@ function cleanup_post() {
     else return "Invalid Website URL or E-Mail!";
   }
   else {
-    if (isset($_POST['website'])) {
+    if (isset($_POST['website']) && $_POST['website'] !== '') {
       $_POST['website'] = trim($_POST['website']);
       if (!preg_match('/^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$/', $_POST['website']))
         return "Invalid Website URL!";
       $_POST['website'] = htmlentities($_POST['website']);
     }
-    if (isset($_POST['email'])) {
+    if (isset($_POST['email']) && $_POST['email'] !== '') {
       $_POST['email'] = trim($_POST['email']);
-      if (!preg_match('/^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['email']))
+      if (!preg_match('/^[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['email']))
         return "Invalid E-Mail!";
       $_POST['email'] = htmlentities($_POST['email']);
     }