Now sanitizing variables and enabled logging on sent emails
Signed-off-by: Edouard Poitras <edouard@eclipse.org>
diff --git a/emails.php b/emails.php
index e12a0e2..1e7b768 100644
--- a/emails.php
+++ b/emails.php
@@ -10,6 +10,7 @@
* Edouard Poitras (Eclipse Foundation) - Further modifications
******************************************************************************/
+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/evt_log.class.php");
include_once "tshirt.php";
define('HEADERS', 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>' . "\n" . 'Content-Type: text/plain; charset=UTF-8');
@@ -26,15 +27,13 @@
}
function _send_email($to, $subject, $content) {
- mail($to, $subject, $content, HEADERS);
- // This fails on staging but will probably succeed live
- // Should I enable this???
- //$EventLog = new EvtLog();
- //$EventLog->setLogTable("__donations");
- //$EventLog->setPK1($to);
- //$EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- //$EventLog->setLogAction("DONATION_EMAIL_SENT");
- //$EventLog->insertModLog($to);
+ mail($to, $subject, $content, HEADERS);
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__paypal.class"); // To make browsing the log table easier
+ $EventLog->setPK1($to);
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("DONATION_EMAIL_SENT");
+ $EventLog->insertModLog($to);
}
function get_email_content($data) {
diff --git a/thankyou.php b/thankyou.php
index 62e2e41..d6e5518 100644
--- a/thankyou.php
+++ b/thankyou.php
@@ -58,11 +58,16 @@
// Handle Logged in User Session
$Session = new Session();
$friend = $Session->getFriend();
+
+// Sanitize Variables
+$_POST['first_name'] = $App->sqlSanitize(filter_var($_POST['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+$_POST['last_name'] = $App->sqlSanitize(filter_var($_POST['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+$_POST['comment'] = $App->sqlSanitize(filter_var($_POST['comment'], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+$_POST['bugzilla'] = $App->sqlSanitize(filter_var($_POST['bugzilla'], FILTER_SANITIZE_EMAIL));
+
// Handle User Updating Information (anonymity, comments, etc)
-$Paypal->set_comment($App->sqlSanitize($_POST['comment']));
+$Paypal->set_comment($_POST['comment']);
if (isset($_POST['bugzilla'])) { // Eclipse.org ID submitted by user
- $_POST['bugzilla'] = filter_var($_POST['bugzilla'], FILTER_SANITIZE_EMAIL);
- $_POST['bugzilla'] = $App->sqlSanitize($_POST['bugzilla']);
$Paypal->set_bugzilla_email($_POST['bugzilla']);
} else if ($friend->getEmail()) { // User session information used otherwise
$Paypal->set_bugzilla_email($friend->getEmail());
@@ -196,7 +201,7 @@
$pageTitle = "Thank You";
$pageKeywords = "friends of eclipse, donation, contribution";
-$pageAuthor = "Christopher Guindon";
+$pageAuthor = "Edouard Poitras";
ob_start();
include('content/en_thankyou.php');
