Fixes possible XSS problem

slackero · Aug 25, 2021 · 6876be5 · 6876be5
1 parent 3931a03
commit 6876be5
Showing 1 changed file with 18 additions and 14 deletions.
diff --git a/include/inc_act/act_formmailer.php b/include/inc_act/act_formmailer.php
@@ -40,13 +40,15 @@
 
 if(!checkFormTrackingValue()) {
 
-	echo '<html><head><title>phpwcms Formmailer</title></head>';
-	echo '<body><pre>';
-	echo 'You are not allowed to send form!'.LF;
+    header("HTTP/1.0 405 Method Not Allowed");
+
+    echo '<html lang="en"><head><meta charset="utf-8"><title>phpwcms Formmailer</title></head>';
+	echo '<body>';
+	echo '<h1>You are not allowed to send the form!</h1><pre>';
 	if(!PHPWCMS_GDPR_MODE) {
-        echo 'Your IP: ' . getRemoteIP() . LF;
+        echo 'Your IP: ' . html(getRemoteIP()) . LF;
     }
-	echo 'HTTP-REFERER: '.(empty($ref) ? 'unknown' : $ref);
+	echo 'HTTP-REFERRER: ' . (empty($ref) ? 'unknown' : html($ref));
 	echo '</pre></body></html>';
 	exit();
 
@@ -82,13 +84,13 @@ function phpwcms_form_encode($in_str, $charset) {
 
 //check which language to use
 $lang = "EN";
-if(isset($_POST["language"]) && strlen($_POST['language']) < 3 ) {
-	$lang = trim($_POST["language"]);
-	unset($_POST["language"]);
-	$translate[$lang] = array_merge($translate['EN'], $translate[$lang]);
-}
-if(!isset($translate[$lang])) {
-	$lang = "EN";
+if(isset($_POST["language"]) && strlen($_POST['language']) < 3) {
+    $_POST["language"] = trim(strtoupper($_POST["language"]));
+	if (isset($translate[$_POST["language"]])) {
+	    $lang = $_POST["language"];
+        $translate[$lang] = array_merge($translate['EN'], $translate[$lang]);
+	}
+    unset($_POST["language"]);
 }
 
 //charset
@@ -100,7 +102,9 @@ function phpwcms_form_encode($in_str, $charset) {
 	$charset = str_replace('/', '', $charset);
 	unset($_POST["charset"]);
 }
-if(empty($charset)) $charset = 'utf-8';
+if(empty($charset)) {
+    $charset = 'utf-8';
+}
 $content_type = 'Content-Type: text/plain; charset='.$charset."\n";
 
 //getting the required fields list
@@ -243,7 +247,7 @@ function phpwcms_form_encode($in_str, $charset) {
 		$table = "";
 		foreach($form_error as $key => $value) {
   			$table .= "<tr bgcolor=\"#F4F4F4\">";
-    		$table .= "<td class=\"error\">[".$key."]</td>";
+    		$table .= "<td class=\"error\">[".html($key)."]</td>";
     		$table .= "<td class=\"error\">".html($value)."</td>";
   			$table .= "</tr>\n";
 		}