[Sommaire] [Imprimer]

   1  <?php
   2  
   3  ////////////////////////////////////////////////////////////////////////////////
   4  //                                                                            //
   5  //   Copyright (C) 2006  Phorum Development Team                              //
   6  //   http://www.phorum.org                                                    //
   7  //                                                                            //
   8  //   This program is free software. You can redistribute it and/or modify     //
   9  //   it under the terms of either the current Phorum License (viewable at     //
  10  //   phorum.org) or the Phorum License that was distributed with this file    //
  11  //                                                                            //
  12  //   This program is distributed in the hope that it will be useful,          //
  13  //   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
  14  //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
  15  //                                                                            //
  16  //   You should have received a copy of the Phorum License                    //
  17  //   along with this program.                                                 //
  18  ////////////////////////////////////////////////////////////////////////////////
  19  
  20  if(!defined("PHORUM")) return;
  21  
  22  // Create an empty message structure.
  23  $message = array();
  24  
  25  // Inject form field data into the message structure. No checks
  26  // are done on the data over here. Here we just take care of
  27  // putting the data in the right format in the data structure.
  28  foreach ($PHORUM["post_fields"] as $var => $spec)
  29  {
  30      // Check the signature of signed fields.
  31      if ($spec[pf_SIGNED]) {
  32          $qvar = htmlspecialchars($var);
  33          if (! isset($_POST["$var:signature"]))
  34              die("Data signing error: signature for field $qvar is missing in the form data.");
  35          if (! isset($_POST["$var"]))
  36              die("Data signing error: field $qvar is missing in the form data.");
  37          if (! phorum_check_data_signature($_POST["$var"], $_POST["$var:signature"]))
  38              die("Data signing error: signature for field $qvar is wrong; there was probably tampered with the form data");
  39      }
  40  
  41      // Format and store the data based on the configuration.
  42      switch ($spec[pf_TYPE])
  43      {
  44          case "boolean":
  45              $message[$var] = isset($_POST[$var]) && $_POST[$var] ? 1 : 0;
  46              break;
  47  
  48          case "integer":
  49              $message[$var] = isset($_POST[$var]) ? (int) $_POST[$var] : NULL;
  50              break;
  51  
  52          case "array":
  53              // Serialized arrays are base64 encoded, to prevent special
  54              // character (especially newline) mangling by the browser.
  55              $message[$var] = isset($_POST[$var])
  56                             ? unserialize(base64_decode($_POST[$var]))
  57                             : array();
  58              break;
  59  
  60          case "string":
  61              $message[$var] = isset($_POST[$var]) ? trim($_POST[$var]) : '';
  62              // Prevent people from impersonating others by using
  63              // multiple spaces in the author name.
  64              if ($var == 'author') {
  65                  $message[$var] = preg_replace('/\s+/', ' ', $message[$var]);
  66              }
  67              break;
  68  
  69          default:
  70              die ("Illegal field type used for field $var: " . $spec[pf_TYPE]);
  71      }
  72  }
  73  
  74  ?>