AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Email Send - Tidy

Browse Source 
- Enhance error logging in cron_mail_queue.php
- Prevent invalid sender addresses
- Prevent potential SQL injections in the sender name (admin settings and should be sanitized before being sent to queue anyway)
This commit is contained in:
wrongecho
2024-09-10 22:34:20 +01:00
parent 760f07e665
commit 517e8d42f0
3 changed files with 70 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
post/setting.php
View File

@@ -124,17 +124,17 @@ if (isset($_POST['edit_mail_from_settings'])) {
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
$config_mail_from_email = sanitizeInput($_POST['config_mail_from_email']);
$config_mail_from_name = sanitizeInput($_POST['config_mail_from_name']);
$config_mail_from_email = sanitizeInput(filter_var($_POST['config_mail_from_email'], FILTER_VALIDATE_EMAIL));
$config_mail_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_mail_from_name']));
$config_invoice_from_email = sanitizeInput($_POST['config_invoice_from_email']);
$config_invoice_from_name = sanitizeInput($_POST['config_invoice_from_name']);
$config_invoice_from_email = sanitizeInput(filter_var($_POST['config_invoice_from_email'], FILTER_VALIDATE_EMAIL));
$config_invoice_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_invoice_from_name']));
$config_quote_from_email = sanitizeInput($_POST['config_quote_from_email']);
$config_quote_from_name = sanitizeInput($_POST['config_quote_from_name']);
$config_quote_from_email = sanitizeInput(filter_var($_POST['config_quote_from_email'], FILTER_VALIDATE_EMAIL));
$config_quote_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_quote_from_name']));
$config_ticket_from_email = sanitizeInput($_POST['config_ticket_from_email']);
$config_ticket_from_name = sanitizeInput($_POST['config_ticket_from_name']);
$config_ticket_from_email = sanitizeInput(filter_var($_POST['config_ticket_from_email'], FILTER_VALIDATE_EMAIL));
$config_ticket_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_ticket_from_name']));
mysqli_query($mysqli,"UPDATE settings SET config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_from_email = '$config_invoice_from_email', config_invoice_from_name = '$config_invoice_from_name', config_quote_from_email = '$config_quote_from_email', config_quote_from_name = '$config_quote_from_name', config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name' WHERE company_id = 1");