diff --git a/contacts.php b/contacts.php
index 229e040bec042e46b6644834d7ab000e07fe236f..6d19c67d9b4ed39ddde94466085139031913e1cb 100644
--- a/contacts.php
+++ b/contacts.php
@@ -47,14 +47,15 @@ else
include_once('bandeaux.php');
// action du bouton annuler
-if ($_POST["envoiquestion"]&&$_POST["nom"]!=""&&$_POST["question"]!=""){
+if ((isset($_POST['envoiquestion']) || isset($_POST['envoiquestion_x'])) && isset($_POST['nom']) && !empty($_POST['nom']) && isset($_POST['question']) && !empty($_POST['question'])){
+
$message=str_replace("\\","",$_POST["question"]);
//envoi des mails
$headers="From: ".NOMAPPLICATION." <".ADRESSEMAILADMIN.">\r\nContent-Type: text/plain; charset=\"UTF-8\"\nContent-Transfer-Encoding: 8bit";
mail (ADRESSEMAILADMIN, "" . _("[CONTACT] You have sent a question ") . "".NOMAPPLICATION, "" . _("You have a question from a user ") . " ".NOMAPPLICATION."\n\n" . _("User") . " : ".$_POST["nom"]."\n\n" . _("User's email address") . " : $_POST[adresse_mail]\n\n" . _("Message") . " :".$message,$headers);
- if ($_POST["adresse_mail"]!=""){
+ if (isset($_POST['adresse_mail']) && !empty($_POST['adresse_mail']) && validateEmail($_POST['adresse_mail'])){
$headers="From: ".NOMAPPLICATION." <".ADRESSEMAILADMIN.">\r\nContent-Type: text/plain; charset=\"UTF-8\"\nContent-Transfer-Encoding: 8bit";
mail ("$_POST[adresse_mail]", "" . _("[COPY] Someone has sent a question ") . "".NOMAPPLICATION, "" . _("Here is a copy of your question") . " :\n\n".$message." \n\n" . _("We're going to answer your question shortly.") . "\n\n" . _("Thanks for your confidence.") . "\n".NOMAPPLICATION,$headers);
}
@@ -85,9 +86,14 @@ if ($_POST["envoiquestion"]&&$_POST["nom"]!=""&&$_POST["question"]!=""){
}
else {
- $_SESSION["question"]=$_POST["question"];
- $_SESSION["nom"]=$_POST["nom"];
- $_SESSION["adresse_mail"]=$_POST["adresse_mail"];
+ $post_var = array('question', 'nom', 'adresse_mail', );
+ foreach ($post_var as $var) {
+ if (isset($_POST[$var]) && !empty($_POST[$var])) {
+ $_SESSION[$var] = $_POST[$var];
+ } else {
+ $_SESSION[$var] = null;
+ }
+ }
//affichage de la page
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">'."\n";
@@ -115,7 +121,7 @@ else {
echo _("Your name") .' :<br>'."\n";
echo '<input type="text" size="40" maxlength="64" name="nom" value="'.$_SESSION["nom"].'">';
- if ($_POST["envoiquestion"]&&$_SESSION["nom"]==""){
+ if ((isset($_POST['envoiquestion']) || isset($_POST['envoiquestion_x'])) && $_SESSION["nom"]==""){
echo ' <font color="#FF0000">'. _("Enter a name") .'</font>';
}
@@ -129,7 +135,7 @@ else {
echo _("Question") .' :<br>'."\n";
echo '<textarea name="question" rows="7" cols="40">'.$_SESSION["question"].'</textarea>';
- if ($_POST["envoiquestion"]&&$_SESSION["question"]==""){
+ if ((isset($_POST['envoiquestion']) || isset($_POST['envoiquestion_x'])) && $_SESSION["question"]==""){
echo ' <font color="#FF0000"> Il faut poser une question !</font>';
}
diff --git a/fonctions.php b/fonctions.php
index f647b6f3bd8b2a4839b5b946e6e72716557ec1b5..33d91c5bc0422c75bc30cfda1bae6bff6e0abb9f 100644
--- a/fonctions.php
+++ b/fonctions.php
@@ -131,4 +131,19 @@ function check_table_sondage() {
return false;
}
+
+
+/**
+ * Vérifie une adresse e-mail selon les normes RFC
+ * @param string $email l'adresse e-mail a vérifier
+ * @return bool vrai si l'adresse est correcte, faux sinon
+ * @see http://fightingforalostcause.net/misc/2006/compare-email-regex.php
+ * @see http://svn.php.net/viewvc/php/php-src/trunk/ext/filter/logical_filters.c?view=markup
+ */
+function validateEmail($email) {
+ $pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';
+
+ return (bool)preg_match($pattern, $email);
+}
+
?>