From d8d7639c1a3a0303a0af9593d7aa2f4a2a209d31 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Thu, 7 Mar 2013 15:48:28 -0500
Subject: [PATCH] Added server-side validation for feedback module; corrected
typo.
---
.../src/VuFind/Controller/FeedbackController.php | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/module/VuFind/src/VuFind/Controller/FeedbackController.php b/module/VuFind/src/VuFind/Controller/FeedbackController.php
index 4164936a6fd..b2f78d4ed8e 100644
--- a/module/VuFind/src/VuFind/Controller/FeedbackController.php
+++ b/module/VuFind/src/VuFind/Controller/FeedbackController.php
@@ -45,9 +45,17 @@ class FeedbackController extends AbstractBase
*/
public function emailAction()
{
- $name = $this->params()->fromPost('name', 'No Name Given');
- $users_email = $this->params()->fromPost('email', 'user@noemail.com');
- $comments = $this->params()->fromPost('comments', '');
+ $name = $this->params()->fromPost('name');
+ $users_email = $this->params()->fromPost('email');
+ $comments = $this->params()->fromPost('comments');
+
+ if (empty($name) || empty($users_email) || empty($comments)) {
+ throw new \Exception('Missing data.');
+ }
+ $validator = new \Zend\Validator\EmailAddress();
+ if (!$validator->isValid($users_email)) {
+ throw \Exception('Email address is invalid');
+ }
// These settings are set in the feedback settion of your config.ini
$config = $this->getServiceLocator()->get('VuFind\Config')->get('config');
@@ -57,7 +65,7 @@ class FeedbackController extends AbstractBase
$recipient_name = isset($feedback->recipient_name)
? $feedback->recipient_name : 'Your Library';
$email_subject = isset($feedback->email_subject)
- ? $feedback->email_subject : 'Vufind Feedback';
+ ? $feedback->email_subject : 'VuFind Feedback';
$sender_email = isset($feedback->sender_email)
? $feedback->sender_email : 'noreply@vufind.org';
$sender_name = isset($feedback->sender_name)
--
GitLab