[Fixed]: ecard invalid address error mesage [Fixed]: ecard invalid address error mesage
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Fixed]: ecard invalid address error mesage

Started by Nibbler, March 02, 2008, 03:38:49 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Nibbler

March 02, 2008, 03:38:49 PM Last Edit: October 18, 2008, 05:06:57 PM by Joachim Müller
Code Select

// Check supplied email address
$valid_email_pattern = "^[_\.0-9a-z\-]+@([0-9a-z][0-9a-z-]*\.)+[a-z]{2,6}$";
$valid_sender_email = eregi($valid_email_pattern, $sender_email);
$valid_recipient_email = eregi($valid_email_pattern, $recipient_email);
$invalid_email = '<font size="1">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</font>';
if (!$valid_sender_email && count($_POST) > 0) $sender_email_warning = $invalid_email;
if (!$valid_recipient_email && count($_POST) > 0) $recipient_email_warning = $invalid_email;


That shows the recipient email address in the message even if it's the sender address that is invalid.

Joachim Müller

#1
October 18, 2008, 05:06:45 PM
Suggested change:
Code Select
// Check supplied email address
$valid_email_pattern = "^[_\.0-9a-z\-]+@([0-9a-z][0-9a-z-]*\.)+[a-z]{2,6}$";
$valid_sender_email = eregi($valid_email_pattern, $sender_email);
$valid_recipient_email = eregi($valid_email_pattern, $recipient_email);
if (!$valid_sender_email && count($_POST) > 0) {
$sender_email_warning = '<font size="1">' . $lang_ecard_php['invalid_email'] . ' (' . $sender_email . ')</font>';
}
if (!$valid_recipient_email && count($_POST) > 0) {
$recipient_email_warning = '<font size="1">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</font>';
}Applied and committed to cpg1.4.x (SVN repository), so the fix will be in cpg1.4.20 and better. Applied similar fix to cpg1.5.x as well.
Print
Go Up Pages1
User actions