diff --git a/include/inc_act/act_formmailer.php b/include/inc_act/act_formmailer.php
index ad78489e7..84a34fb9d 100644
--- a/include/inc_act/act_formmailer.php
+++ b/include/inc_act/act_formmailer.php
@@ -40,13 +40,15 @@
if(!checkFormTrackingValue()) {
- echo 'phpwcms Formmailer';
- echo '';
- echo 'You are not allowed to send form!'.LF;
+ header("HTTP/1.0 405 Method Not Allowed");
+
+ echo 'phpwcms Formmailer';
+ echo '';
+ echo 'You are not allowed to send the form!
';
if(!PHPWCMS_GDPR_MODE) {
- echo 'Your IP: ' . getRemoteIP() . LF;
+ echo 'Your IP: ' . html(getRemoteIP()) . LF;
}
- echo 'HTTP-REFERER: '.(empty($ref) ? 'unknown' : $ref);
+ echo 'HTTP-REFERRER: ' . (empty($ref) ? 'unknown' : html($ref));
echo '';
exit();
@@ -82,13 +84,13 @@ function phpwcms_form_encode($in_str, $charset) {
//check which language to use
$lang = "EN";
-if(isset($_POST["language"]) && strlen($_POST['language']) < 3 ) {
- $lang = trim($_POST["language"]);
- unset($_POST["language"]);
- $translate[$lang] = array_merge($translate['EN'], $translate[$lang]);
-}
-if(!isset($translate[$lang])) {
- $lang = "EN";
+if(isset($_POST["language"]) && strlen($_POST['language']) < 3) {
+ $_POST["language"] = trim(strtoupper($_POST["language"]));
+ if (isset($translate[$_POST["language"]])) {
+ $lang = $_POST["language"];
+ $translate[$lang] = array_merge($translate['EN'], $translate[$lang]);
+ }
+ unset($_POST["language"]);
}
//charset
@@ -100,7 +102,9 @@ function phpwcms_form_encode($in_str, $charset) {
$charset = str_replace('/', '', $charset);
unset($_POST["charset"]);
}
-if(empty($charset)) $charset = 'utf-8';
+if(empty($charset)) {
+ $charset = 'utf-8';
+}
$content_type = 'Content-Type: text/plain; charset='.$charset."\n";
//getting the required fields list
@@ -243,7 +247,7 @@ function phpwcms_form_encode($in_str, $charset) {
$table = "";
foreach($form_error as $key => $value) {
$table .= "";
- $table .= "| [".$key."] | ";
+ $table .= "[".html($key)."] | ";
$table .= "".html($value)." | ";
$table .= "
\n";
}