Improved email contact form
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Pluck CMS |
Fix Committed
|
Medium
|
Unassigned |
Bug Description
Attached modified version of contactform.
Checks for SMTP header injection in $name and $header.
Set Return-Path and add some useful SMTP headers, e.g. Hotmail style X-Originating-IP.
Makes "message sent" or "sending failed" messages more easily visible and more grammatically correct (hardcoded English, these would need to be incorporated into the translation files).
Fixed message subject (missing space before $name).
Changes $message to plain text instead of html, removing some security risks.
Removed sanitize calls, as these resulted in ugly escaped quotes and didn't provide extra security.
I'm using this on my site and it works nicely. It may have problems on servers where $_SERVER[
tags: | added: contact-form |
Thanks Kitserve for your code. In rev. 394 I updated the contact form, based on your code. I improved it a little bit further by adding UTF-8 encoding to the sent message.
If someone has time to do some more testing on it (especially concerning compatibility with mail applications / web mail services), that would be great. I can confirm that messages sent with current code work with both Squirellmail and Horde webmail applications.