fix: only allow 5 mails per user, don't allow the user to change the URL

thorsten · Jan 12, 2024 · a34d94a · a34d94a
1 parent 1348dce
commit a34d94a
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 5 deletions.
diff --git a/phpmyfaq/api.service.php b/phpmyfaq/api.service.php
@@ -771,14 +771,30 @@
 
         $author = trim((string) Filter::filterVar($postData['name'], FILTER_SANITIZE_SPECIAL_CHARS));
         $email = Filter::filterVar($postData['email'], FILTER_VALIDATE_EMAIL);
-        $link = trim((string) Filter::filterVar($postData['link'], FILTER_VALIDATE_URL));
         $attached = trim((string) Filter::filterVar($postData['message'], FILTER_SANITIZE_SPECIAL_CHARS));
         $mailto = Filter::filterArray($postData['mailto[]']);
 
+        $faqLanguage = trim((string) Filter::filterVar($postData['lang'], FILTER_SANITIZE_SPECIAL_CHARS));
+        $faqId = trim((string) Filter::filterVar($postData['faqId'], FILTER_VALIDATE_INT));
+        $categoryId = trim((string) Filter::filterVar($postData['categoryId'], FILTER_VALIDATE_INT));
+
+        if (is_array($mailto) && count($mailto) > 5) {
+            $response->setStatusCode(Response::HTTP_BAD_REQUEST);
+            $response->setData(['error' => Translation::get('err_sendMail')]);
+            break;
+        }
+
         if (
             !is_null($author) && !is_null($email) && is_array($mailto) &&
             $stopWords->checkBannedWord(Strings::htmlspecialchars($attached))
         ) {
+            $send2friendLink = sprintf(
+                '%sindex.php?action=faq&amp;cat=%d&amp;id=%d&amp;artlang=%s',
+                $faqConfig->getDefaultUrl(),
+                $categoryId,
+                $faqId,
+                urlencode($faqLanguage)
+            );
 
             foreach ($mailto as $recipient) {
                 $recipient = trim(strip_tags((string) $recipient));
@@ -796,8 +812,8 @@
                         "%s\r\n\r\n%s\r\n%s\r\n\r\n%s",
                         $faqConfig->get('main.send2friendText'),
                         Translation::get('msgS2FText2'),
-                        $link,
-                        $attached
+                        $send2friendLink,
+                        strip_tags($attached)
                     );
 
                     // Send the email

diff --git a/phpmyfaq/assets/themes/default/templates/send2friend.html b/phpmyfaq/assets/themes/default/templates/send2friend.html
@@ -9,8 +9,10 @@
   </div>
 
   <form id="formValues" action="#" method="post" accept-charset="utf-8" class="needs-validation" novalidate>
-    <input type="hidden" name="{{ msgS2FReferrer }}" value="{{ send2friendLink }}" />
-    <input type="hidden" name="lang" id="lang" value="{{ lang }}" />
+    <input type="hidden" name="{{ msgS2FReferrer }}" value="{{ send2friendLink }}">
+    <input type="hidden" name="lang" id="lang" value="{{ lang }}">
+    <input type="hidden" name="faqId" id="faqId" value="{{ faqId }}">
+    <input type="hidden" name="categoryId" id="categoryId" value="{{ categoryId }}">
 
     <div class="row mb-2">
       <label class="col-sm-3 form-control-label" for="name">{{ msgS2FName }}</label>

diff --git a/phpmyfaq/send2friend.php b/phpmyfaq/send2friend.php
@@ -71,6 +71,8 @@
     'mainPageContent',
     [
         'lang' => Strings::htmlentities($faqLanguage),
+        'faqId' => $faqId,
+        'categoryId' => $faqCategory,
         'msgSend2Friend' => Translation::get('msgSend2Friend'),
         'msgS2FReferrer' => 'link',
         'msgS2FName' => Translation::get('msgS2FName'),