%1$s.'),$GLOBALS['sys_default_domain'])); } if (getStringFromRequest('send_mail')) { if (!form_key_is_valid(getStringFromRequest('form_key'))) { exit_form_double_submit(); } $subject = getStringFromRequest('subject'); $body = getStringFromRequest('body'); $name = getStringFromRequest('name'); $email = getStringFromRequest('email'); if (!$subject || !$body || !$name || !$email) { /* force them to enter all vars */ form_release_key(getStringFromRequest('form_key')); exit_missing_param(); } // we remove the CRLF in all thoses vars. This is to make sure that there will be no CRLF Injection $name = util_remove_CRLF($name); // Really don't see what wrong could happen with CRLF in message body //$email = util_remove_CRLF($email); $subject = util_remove_CRLF($subject); if ($toaddress) { /* send it to the toaddress */ $to=eregi_replace('_maillink_','@',$toaddress); $to = util_remove_CRLF($to); util_send_message($to,stripslashes($subject),stripslashes($body),$email,'',$name); $HTML->header(array('title'=>$GLOBALS['sys_name'].' ' ._('Contact') )); echo '
'._('Message has been sent').'.
'; $HTML->footer(array()); exit; } else if ($touser) { /* figure out the user's email and send it there */ $to=db_result($result,0,'email'); $to = util_remove_CRLF($to); util_send_message($to,stripslashes($subject),stripslashes($body),$email,'',$name); $HTML->header(array('title'=>$GLOBALS['sys_name'].' '._('Contact'))); echo ''._('Message has been sent').'
'; $HTML->footer(array()); exit; } } if ($toaddress) { $titleaddress = $toaddress; } else { $titleaddress = db_result($result,0,'user_name'); } if (session_loggedin()) { $user =& session_get_user(); $name = $user->getRealName(); $email = $user->getEmail(); } else { $name = ''; $email = ''; } $HTML->header(array('title'=>$GLOBALS['sys_name'].' Staff')); ?> Fill it out accurately and completely or the receiver may not be able to respond.IF YOU ARE WRITING FOR HELP: Did you read the site documentation? Did you include your user_id and user_name? If you are writing about a project, include your project id (group_id) and Project Name.'); ?> footer(array()); // Local Variables: // mode: php // c-file-style: "bsd" // End: ?>