diff --git a/include/inc_act/act_formmailer.php b/include/inc_act/act_formmailer.php index ad78489e7..84a34fb9d 100644 --- a/include/inc_act/act_formmailer.php +++ b/include/inc_act/act_formmailer.php @@ -40,13 +40,15 @@ if(!checkFormTrackingValue()) { - echo '
'; - echo 'You are not allowed to send form!'.LF; + header("HTTP/1.0 405 Method Not Allowed"); + + echo 'phpwcms Formmailer '; + echo ''; + echo 'You are not allowed to send the form!
'; if(!PHPWCMS_GDPR_MODE) { - echo 'Your IP: ' . getRemoteIP() . LF; + echo 'Your IP: ' . html(getRemoteIP()) . LF; } - echo 'HTTP-REFERER: '.(empty($ref) ? 'unknown' : $ref); + echo 'HTTP-REFERRER: ' . (empty($ref) ? 'unknown' : html($ref)); echo ''; exit(); @@ -82,13 +84,13 @@ function phpwcms_form_encode($in_str, $charset) { //check which language to use $lang = "EN"; -if(isset($_POST["language"]) && strlen($_POST['language']) < 3 ) { - $lang = trim($_POST["language"]); - unset($_POST["language"]); - $translate[$lang] = array_merge($translate['EN'], $translate[$lang]); -} -if(!isset($translate[$lang])) { - $lang = "EN"; +if(isset($_POST["language"]) && strlen($_POST['language']) < 3) { + $_POST["language"] = trim(strtoupper($_POST["language"])); + if (isset($translate[$_POST["language"]])) { + $lang = $_POST["language"]; + $translate[$lang] = array_merge($translate['EN'], $translate[$lang]); + } + unset($_POST["language"]); } //charset @@ -100,7 +102,9 @@ function phpwcms_form_encode($in_str, $charset) { $charset = str_replace('/', '', $charset); unset($_POST["charset"]); } -if(empty($charset)) $charset = 'utf-8'; +if(empty($charset)) { + $charset = 'utf-8'; +} $content_type = 'Content-Type: text/plain; charset='.$charset."\n"; //getting the required fields list @@ -243,7 +247,7 @@ function phpwcms_form_encode($in_str, $charset) { $table = ""; foreach($form_error as $key => $value) { $table .= ""; - $table .= " \n"; }[".$key."] "; + $table .= "[".html($key)."] "; $table .= "".html($value)." "; $table .= "