X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/5ee0e5fcab7c55065de6603833ea6f5e86ac2d32..e7a8a9311f482c787aa98a9ee5ef8f693f9832ac:/widget/contact.php

diff --git a/widget/contact.php b/widget/contact.php
index ed0a082..b2d41cb 100644
--- a/widget/contact.php
+++ b/widget/contact.php
@@ -1,25 +1,28 @@
 <?php
+if (!$_POST) {
+	return;
+}
+
 $error = NULL;
-if ($_POST) {
-	global $User;
-	if ($User) {
-		$_REQUEST['login'] = $User->login;
-		$_REQUEST['email'] = $_REQUEST['email'] ?: $User->email;
-	}
-	else {
-		unset($_REQUEST['login']);
-	}
-	$error = mailform($_REQUEST);
-	if (!empty($error)) {
-		print "<p class=warn>$error</p>\n\n";
-	}
+global $User;
+if ($User->login) {
+	$_REQUEST['login'] = $User->login;
+	$_REQUEST['email'] = $_REQUEST['email'] ?: $User->email;
+}
+else {
+	unset($_REQUEST['login']);
+}
+$error = mailform($_REQUEST, $Page->place);
+if (!empty($error)) {
+	print "<p class=warn>$error</p>\n\n";
 }
 
-function mailform($input = [])
+function mailform($input = [], $config = [])
 {
-	$source = empty($input['subject']) ? 'reactie' : $input['subject'];
+	$source = $config['subject'] ??
+		(empty($input['subject']) ? 'reactie' : $input['subject']);
 	$domain = preg_replace('/^www\./', '', $_SERVER['HTTP_HOST']);
-	$rcpt = "info@$domain";
+	$rcpt = $config['rcpt'] ?? "info@$domain";
 	$subject = "Formulier {$_SERVER['HTTP_HOST']}: $source";
 
 	if (!$input) {
@@ -39,7 +42,6 @@ switch ($source) {
 		if (empty($input['naam']) or empty($input['huis'])) {
 			return 'De bedoeling is juist dat je opgeeft wie er komt.';
 		}
-		$rcpt .= ', Heleen <heleen.terlouw.2910@gmail.com>';
 		break;
 	default:
 	if (empty($input['email']) or !preg_match('/.+@.+\..+/', $input['email'])) {
@@ -50,15 +52,18 @@ switch ($source) {
 	}
 }
 
-	$reply = preg_match('/\A\w+@\w+\.[a-z]+\z/', @$input['email'])
+	$reply = preg_match('/\A[^\s\'@]{1,64}@[.a-zA-Z0-9-]{4,63}\z/', @$input['email'])
 		? $input['email'] : "noreply@$domain";
+	if ($displayname = @$input['naam']) {
+		$reply = sprintf('"%s" <%s>', addcslashes($displayname, "\\\"\0..\37"), $reply);
+	}
 	$header = "From: $reply";
 
 	foreach (array(
 		'X-Accept-Language' => 'HTTP_ACCEPT_LANGUAGE',
 		'User-Agent'        => 'HTTP_USER_AGENT',
 	) as $mailhdr => $serverhdr) {
-		if (!$_SERVER[$serverhdr]) continue;
+		if (empty($_SERVER[$serverhdr])) continue;
 		$header .= "\r\n$mailhdr: ".$_SERVER[$serverhdr];
 	}