[Typo3-dev] formmail, locationData and TemplaVoila! A Fix and a Workaround.

Georg Rehfeld georg.rehfeld at gmx.de
Wed Jan 19 19:37:55 CET 2005 

Hi again,

> That functions purpose is to assure, that the email sender is on some
> valid page of the site (at least; more checks are done in the function
> and elsewhere, to avoid abuse by spammers). My proposed change to this
> function follows (similar to a context diff, sorry for the confusing
> formatting due to Mozilla and Typo3.org reformatting to HTML):

studying the code a little bit more I think my first patch was NOT OK.
The new patch below additionaly checks for '_NO_TABLE', handles this
similar to no table given and leaves the rest of the logic intact:

FILE: typo3/sysext/cms/tslib/class.tslib_fe.php


   /**
     * Checks if a formmail submission can be sent as email
+   * The given locationData is of the form: [page id]:[current record 
table]:[current record id] .
+   * At least the [page_id] must be given and be a valid page UID. If 
[current record table] is
+   * given and not '_NO_TABLE', then [current record id] must be given 
also and a valid UID in the given table.
     *
     * @param       string          The input from $_POST['locationData']
-   * @return      void
+   * @return      boolean         True, when email may be sent, false 
otherwise
     * @access private
     * @see checkDataSubmission()
+   * @see TSRef, FORM.locationData
     */
   function locDataCheck($locationData)    {
       $locData = explode(':',$locationData);
-     if (!$locData[1] || 
$this->sys_page->checkRecord($locData[1],$locData[2],1)) {
+     if (!$locData[1] || ($locData[1] == '_NO_TABLE') || 
$this->sys_page->checkRecord($locData[1],$locData[2],1)) {
           if (count($this->sys_page->getPage($locData[0]))) {
               // $locData[1] -check means that a record is checked only 
if the locationData has a value for a record else than the page.
               return 1;
-         } else $GLOBALS['TT']->setTSlogMessage('LocationData Error: 
The page pointed to by location data ('.$locationData.') was not 
accessible.',2);
+         }
-     } else $GLOBALS['TT']->setTSlogMessage('LocationData Error: 
Location data ('.$locationData.') record pointed to was not accessible.',2);
+     }
+     // fall through == error. Saves 2 else statements :-)
+     $GLOBALS['TT']->setTSlogMessage('LocationData Error: Location data 
('.$locationData.') record pointed to was not accessible.',2);
   }


Should I file a Bug report for this?

regards

Georg
-- 
  ___   ___
| + | |__    Georg Rehfeld      Woltmanstr. 12     20097 Hamburg
|_|_\ |___   georg.rehfeld.nospam at gmx.de    +49 (40) 23 53 27 10

More information about the TYPO3-dev mailing list