From bf8cd29868ed77c5028e264fb31d028fd3496f34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Gaillard?= Date: Mon, 4 Nov 2013 14:21:42 +0100 Subject: [PATCH] // validator on message field --- .../admin/AdminCustomerThreadsController.php | 18 +++++++++++------- controllers/front/ContactController.php | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/controllers/admin/AdminCustomerThreadsController.php b/controllers/admin/AdminCustomerThreadsController.php index cc455ef8b..9d7b2c52b 100644 --- a/controllers/admin/AdminCustomerThreadsController.php +++ b/controllers/admin/AdminCustomerThreadsController.php @@ -320,12 +320,15 @@ class AdminCustomerThreadsControllerCore extends AdminController $cm = new CustomerMessage(); $cm->id_employee = (int)$this->context->employee->id; $cm->id_customer_thread = (int)Tools::getValue('id_customer_thread'); - $cm->ip_address = ip2long($_SERVER['REMOTE_ADDR']); + $cm->ip_address = ip2long(Tools::getRemoteAddr()); $current_employee = $this->context->employee; $id_employee = (int)Tools::getValue('id_employee_forward'); $employee = new Employee($id_employee); $email = Tools::getValue('email'); - if ($id_employee && $employee && Validate::isLoadedObject($employee)) + $message = Tools::getValue('message_forward'); + if (($error = $cm->validateField('message', $message, null, array(), true)) !== true) + $this->errors[] = $error; + elseif ($id_employee && $employee && Validate::isLoadedObject($employee)) { $params = array( '{messages}' => Tools::nl2br(stripslashes($output)), @@ -344,7 +347,7 @@ class AdminCustomerThreadsControllerCore extends AdminController null, null, _PS_MAIL_DIR_, true)) { $cm->private = 1; - $cm->message = $this->l('Message forwarded to').' '.$employee->firstname.' '.$employee->lastname."\n".$this->l('Comment:').' '.$_POST['message_forward']; + $cm->message = $this->l('Message forwarded to').' '.$employee->firstname.' '.$employee->lastname."\n".$this->l('Comment:').' '.$message; $cm->add(); } } @@ -363,7 +366,7 @@ class AdminCustomerThreadsControllerCore extends AdminController $current_employee->email, $current_employee->firstname.' '.$current_employee->lastname, null, null, _PS_MAIL_DIR_, true)) { - $cm->message = $this->l('Message forwarded to').' '.$email."\n".$this->l('Comment:').' '.$_POST['message_forward']; + $cm->message = $this->l('Message forwarded to').' '.$email."\n".$this->l('Comment:').' '.$message; $cm->add(); } } @@ -379,10 +382,11 @@ class AdminCustomerThreadsControllerCore extends AdminController $cm = new CustomerMessage(); $cm->id_employee = (int)$this->context->employee->id; $cm->id_customer_thread = $ct->id; - + $cm->ip_address = ip2long(Tools::getRemoteAddr()); $cm->message = Tools::getValue('reply_message'); - $cm->ip_address = ip2long($_SERVER['REMOTE_ADDR']); - if (isset($_FILES) && !empty($_FILES['joinFile']['name']) && $_FILES['joinFile']['error'] != 0) + if (($error = $cm->validateField('message', $cm->message, null, array(), true)) !== true) + $this->errors[] = $error; + elseif (isset($_FILES) && !empty($_FILES['joinFile']['name']) && $_FILES['joinFile']['error'] != 0) $this->errors[] = Tools::displayError('An error occurred during the file upload process.'); elseif ($cm->add()) { diff --git a/controllers/front/ContactController.php b/controllers/front/ContactController.php index 8d3e5689e..c127fa46a 100644 --- a/controllers/front/ContactController.php +++ b/controllers/front/ContactController.php @@ -147,7 +147,7 @@ class ContactControllerCore extends FrontController $cm->message = $message; if (isset($fileAttachment['rename']) && !empty($fileAttachment['rename']) && rename($fileAttachment['tmp_name'], _PS_MODULE_DIR_.'../upload/'.basename($fileAttachment['rename']))) $cm->file_name = $fileAttachment['rename']; - $cm->ip_address = ip2long($_SERVER['REMOTE_ADDR']); + $cm->ip_address = ip2long(Tools::getRemoteAddr()); $cm->user_agent = $_SERVER['HTTP_USER_AGENT']; if (!$cm->add()) $this->errors[] = Tools::displayError('An error occurred while sending the message.');