Properly remove bad characters from subject
authorAlexander Ebert <ebert@woltlab.com>
Sat, 26 Sep 2015 21:13:02 +0000 (23:13 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Sat, 26 Sep 2015 21:13:02 +0000 (23:13 +0200)
wcfsetup/install/files/lib/form/MessageForm.class.php

index 9da2da41d1b4bffad098b1a6998bd78ac8039c93..2c84625a359b2a74d7d2a4bc40aee440205bb5da 100644 (file)
@@ -197,7 +197,7 @@ abstract class MessageForm extends AbstractCaptchaForm {
        public function readFormParameters() {
                parent::readFormParameters();
                
-               if (isset($_POST['subject'])) $this->subject = StringUtil::trim($_POST['subject']);
+               if (isset($_POST['subject'])) $this->subject = StringUtil::trim(MessageUtil::stripCrap($_POST['subject']));
                if (isset($_POST['text'])) $this->text = StringUtil::trim(MessageUtil::stripCrap($_POST['text']));
                
                // settings