[Typo3-dev] formmail, locationData and TemplaVoila! A Fix and a Workaround.
Georg Rehfeld
georg.rehfeld at gmx.de
Wed Jan 19 19:37:55 CET 2005
Hi again,
> That functions purpose is to assure, that the email sender is on some
> valid page of the site (at least; more checks are done in the function
> and elsewhere, to avoid abuse by spammers). My proposed change to this
> function follows (similar to a context diff, sorry for the confusing
> formatting due to Mozilla and Typo3.org reformatting to HTML):
studying the code a little bit more I think my first patch was NOT OK.
The new patch below additionaly checks for '_NO_TABLE', handles this
similar to no table given and leaves the rest of the logic intact:
FILE: typo3/sysext/cms/tslib/class.tslib_fe.php
/**
* Checks if a formmail submission can be sent as email
+ * The given locationData is of the form: [page id]:[current record
table]:[current record id] .
+ * At least the [page_id] must be given and be a valid page UID. If
[current record table] is
+ * given and not '_NO_TABLE', then [current record id] must be given
also and a valid UID in the given table.
*
* @param string The input from $_POST['locationData']
- * @return void
+ * @return boolean True, when email may be sent, false
otherwise
* @access private
* @see checkDataSubmission()
+ * @see TSRef, FORM.locationData
*/
function locDataCheck($locationData) {
$locData = explode(':',$locationData);
- if (!$locData[1] ||
$this->sys_page->checkRecord($locData[1],$locData[2],1)) {
+ if (!$locData[1] || ($locData[1] == '_NO_TABLE') ||
$this->sys_page->checkRecord($locData[1],$locData[2],1)) {
if (count($this->sys_page->getPage($locData[0]))) {
// $locData[1] -check means that a record is checked only
if the locationData has a value for a record else than the page.
return 1;
- } else $GLOBALS['TT']->setTSlogMessage('LocationData Error:
The page pointed to by location data ('.$locationData.') was not
accessible.',2);
+ }
- } else $GLOBALS['TT']->setTSlogMessage('LocationData Error:
Location data ('.$locationData.') record pointed to was not accessible.',2);
+ }
+ // fall through == error. Saves 2 else statements :-)
+ $GLOBALS['TT']->setTSlogMessage('LocationData Error: Location data
('.$locationData.') record pointed to was not accessible.',2);
}
Should I file a Bug report for this?
regards
Georg
--
___ ___
| + | |__ Georg Rehfeld Woltmanstr. 12 20097 Hamburg
|_|_\ |___ georg.rehfeld.nospam at gmx.de +49 (40) 23 53 27 10
More information about the TYPO3-dev
mailing list