forked from tylerhall/Shine
-
Notifications
You must be signed in to change notification settings - Fork 2
/
of-notify.php
116 lines (94 loc) · 4.28 KB
/
of-notify.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?PHP
require 'includes/master.inc.php';
// error_log(print_r($_POST, true));
// error_log($_SERVER['REQUEST_URI']);
// an ounce of prevention...
function cleanerString($input)
{
if (empty($input))
return '';
$badStuph = array('to:', 'cc:', 'bcc:', 'from:', 'return-path:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:');
// if any bad things are found don't use the input at all (as there may be other unknown bad things)
foreach ($badStuph as $badThing)
if (stripos($input, $badThing) !== false)
return 'Found bad things';
// these aren't technically bad things by themselves, but clean them up for good measure
//$input = str_replace(array("\r", "\n", "%0d", "%0a"), ' ', $input);
return trim($input);
}
function str_hex($string){
$hex='';
for ($i=0; $i < strlen($string); $i++){
$hex .= dechex(ord($string[$i]));
}
return $hex;
}
// Don't put user submitted email addresses in the From or Return-Path headers,
// if your mail server is down it will bounce back to that address.
// A malicious person could send spam that way.
// Better to use an account at a seperate email provider so you won't miss a report.
function sendReport($from, $subject, $message)
{
$from = cleanerString($from);
$to = '[email protected]';
$from = $from;
$headers = "From: {$from}\r\n";
$headers .= "Return-Path: {$from}\r\n";
$headers .= "MIME-Version: 1.0\r\n";
//j$headers .= "Content-Type: text/html; charset=\"utf-8\"\r\n";
$headers .= "Content-Type: text/plain; charset=\"utf-8\"\n";
if (empty($message))
$message = 'There is no message';
$subject = cleanerString($subject);
if (empty($subject))
$subject = 'There is no subject';
//$message = "<html><body>" . nl2br($message) . "</body></html>";
return mail($to, $subject, $message, $headers);
}
$db = Database::getDatabase();
foreach($_POST as $key => $val)
$_POST[$key] = mysql_real_escape_string($val, $db->db);
$dt = date('Y-m-d H:i:s');
$query = "INSERT INTO feedback (appname, appversion, systemversion, email, reply, `type`, message, importance, critical, dt, ip, `new`, reguser, regmail) VALUES
('{$_POST['appname']}',
'{$_POST['appversion']}',
'{$_POST['systemversion']}',
'{$_POST['email']}',
'{$_POST['reply']}',
'{$_POST['type']}',
'{$_POST['message']}',
'{$_POST['importance']}',
'{$_POST['critical']}',
'$dt',
'{$_SERVER['REMOTE_ADDR']}',
'1',
'{$_POST['reguser']}',
'{$_POST['regmail']}')";
mysql_query($query, $db->db) or die('error');
$feedback_id = $db->insertId();
$app_id = DBObject::glob('Application', "SELECT id FROM applications WHERE name = '{$_POST['appname']}' ");
$app = new Application($app_id);
// if (!is_null($app->of_email_notify)) {
// Format email to external system
$full_url = full_url_for_page('feedback-view.php');
$message = "{$_POST['type']} case: " . "$full_url?id=$feedback_id \n";
$message .= "Importance: {$_POST['importance']}\n";
$message .= "Application Name: {$_POST['appname']}\n";
$message .= "Version:{$_POST['appversion']}\n";
$message .= "System Version:{$_POST['systemversion']}\n";
$message .= "Type:{$_POST['type']}\n";
$msg = str_replace("\\n", "\n", $_POST['message']);
$message .= "Message:" . $msg . "\n";
$message .= "Importance:{$_POST['importance']}\n";
$message .= "Criticality:{$_POST['critical']}\n";
// error_log(str_hex($_POST['message']));
// error_log($msg);
if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$', $_POST['email'])) {
$email = $_POST['email'];
} else {
$email = '[email protected]';
}
sendReport($email,"Feedback from {$_POST['appname']}",$message);
// }
echo "ok";
?>