From 4eb0a46238240bbf673d7f0ff1caa46bc7321d2a Mon Sep 17 00:00:00 2001
From: Simon Leblanc <contact@leblanc-simon.eu>
Date: Sun, 15 May 2011 01:47:36 +0200
Subject: [PATCH] mail injection bug

---
 contacts.php  | 20 +++++++++++++-------
 fonctions.php | 15 +++++++++++++++
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/contacts.php b/contacts.php
index 229e040..6d19c67 100644
--- a/contacts.php
+++ b/contacts.php
@@ -47,14 +47,15 @@ else
 	include_once('bandeaux.php');
 
 // action du bouton annuler
-if ($_POST["envoiquestion"]&&$_POST["nom"]!=""&&$_POST["question"]!=""){
+if ((isset($_POST['envoiquestion']) || isset($_POST['envoiquestion_x'])) && isset($_POST['nom']) && !empty($_POST['nom']) && isset($_POST['question']) && !empty($_POST['question'])){
+
 
 	$message=str_replace("\\","",$_POST["question"]);
 	
 	//envoi des mails
 	$headers="From: ".NOMAPPLICATION." <".ADRESSEMAILADMIN.">\r\nContent-Type: text/plain; charset=\"UTF-8\"\nContent-Transfer-Encoding: 8bit";
 	mail (ADRESSEMAILADMIN, "" . _("[CONTACT] You have sent a question ") . "".NOMAPPLICATION, "" . _("You have a question from a user ") . " ".NOMAPPLICATION."\n\n" . _("User") . " : ".$_POST["nom"]."\n\n" . _("User's email address") . " : $_POST[adresse_mail]\n\n" . _("Message") . " :".$message,$headers);
-	if ($_POST["adresse_mail"]!=""){
+	if (isset($_POST['adresse_mail']) && !empty($_POST['adresse_mail']) && validateEmail($_POST['adresse_mail'])){
 		$headers="From: ".NOMAPPLICATION." <".ADRESSEMAILADMIN.">\r\nContent-Type: text/plain; charset=\"UTF-8\"\nContent-Transfer-Encoding: 8bit";
 		mail ("$_POST[adresse_mail]", "" . _("[COPY] Someone has sent a question ") . "".NOMAPPLICATION, "" . _("Here is a copy of your question") . " :\n\n".$message." \n\n" . _("We're going to answer your question shortly.") . "\n\n" . _("Thanks for your confidence.") . "\n".NOMAPPLICATION,$headers);
 	}
@@ -85,9 +86,14 @@ if ($_POST["envoiquestion"]&&$_POST["nom"]!=""&&$_POST["question"]!=""){
 }
 
 else {
-	$_SESSION["question"]=$_POST["question"];
-	$_SESSION["nom"]=$_POST["nom"];
-	$_SESSION["adresse_mail"]=$_POST["adresse_mail"];
+	$post_var = array('question', 'nom', 'adresse_mail', );
+	foreach ($post_var as $var) {
+		if (isset($_POST[$var]) && !empty($_POST[$var])) {
+			$_SESSION[$var] = $_POST[$var];
+		} else {
+			$_SESSION[$var] = null;
+		}
+	}
 
 	//affichage de la page
 	echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">'."\n";
@@ -115,7 +121,7 @@ else {
 	echo _("Your name") .' :<br>'."\n";
 	echo '<input type="text" size="40" maxlength="64" name="nom" value="'.$_SESSION["nom"].'">';
 
-	if ($_POST["envoiquestion"]&&$_SESSION["nom"]==""){
+	if ((isset($_POST['envoiquestion']) || isset($_POST['envoiquestion_x'])) && $_SESSION["nom"]==""){
 		echo ' <font color="#FF0000">'. _("Enter a name") .'</font>';
 	}
 
@@ -129,7 +135,7 @@ else {
 	echo _("Question") .' :<br>'."\n";
 	echo '<textarea name="question" rows="7" cols="40">'.$_SESSION["question"].'</textarea>';
 
-	if ($_POST["envoiquestion"]&&$_SESSION["question"]==""){
+	if ((isset($_POST['envoiquestion']) || isset($_POST['envoiquestion_x'])) && $_SESSION["question"]==""){
 		echo ' <font color="#FF0000">&nbsp;Il faut poser une question !</font>';
 	}
 
diff --git a/fonctions.php b/fonctions.php
index f647b6f..33d91c5 100644
--- a/fonctions.php
+++ b/fonctions.php
@@ -131,4 +131,19 @@ function check_table_sondage() {
   return false;
 }
 
+
+
+/**
+ * Vérifie une adresse e-mail selon les normes RFC
+ * @param	string	$email	l'adresse e-mail a vérifier
+ * @return	bool		vrai si l'adresse est correcte, faux sinon
+ * @see http://fightingforalostcause.net/misc/2006/compare-email-regex.php
+ * @see http://svn.php.net/viewvc/php/php-src/trunk/ext/filter/logical_filters.c?view=markup
+ */
+function validateEmail($email) {
+  $pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';
+  
+  return (bool)preg_match($pattern, $email);
+}
+
 ?>