From b5f931b9c9344e9db07abfe9de1e1ca5e64342bb Mon Sep 17 00:00:00 2001 From: alyx Date: Sat, 1 Jun 2024 11:38:12 -0400 Subject: Fix POST validation bugs --- visitors.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/visitors.php b/visitors.php index a841d3a..850cefb 100644 --- a/visitors.php +++ b/visitors.php @@ -103,7 +103,7 @@ $config['captcha'] = true; // // Any entries in one mode will display fine in any other. -$config['form_mode'] = 1; +$config['form_mode'] = 2; // E-Mail display mode: choice @@ -497,6 +497,7 @@ session_start(['cookie_lifetime' => 1440]); function cleanup_post() { global $config; + error_log(var_dump($_POST, false)); if ($config['captcha'] && (@$_SESSION['captcha'] !== htmlentities($_POST['captcha']??''))) { return "Invalid captcha!"; } @@ -509,15 +510,15 @@ function cleanup_post() { else return "Invalid Website URL or E-Mail!"; } else { - if (isset($_POST['website'])) { + if (isset($_POST['website']) && $_POST['website'] !== '') { $_POST['website'] = trim($_POST['website']); if (!preg_match('/^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$/', $_POST['website'])) return "Invalid Website URL!"; $_POST['website'] = htmlentities($_POST['website']); } - if (isset($_POST['email'])) { + if (isset($_POST['email']) && $_POST['email'] !== '') { $_POST['email'] = trim($_POST['email']); - if (!preg_match('/^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['email'])) + if (!preg_match('/^[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['email'])) return "Invalid E-Mail!"; $_POST['email'] = htmlentities($_POST['email']); } -- cgit v1.2.3-70-g09d2