26

Re: Email Template - updated for Wolf

David wrote:
Fortron wrote:

Well in the contactform you have to call the template page:
<form method="post" action="/contact/template.html">
Robots and harvasters will also find template.html and that page contains a visible e-mailaddres.

That's a help! Will have to ponder this. Got any suggestions?

Only one really: encrypt the e-mailadres on the template page and decrypt it before sending it with the mail function.
Or perhaps there's something usefull here:
http://perishablepress.com/press/2010/0 … fuscation/

Last edited by Fortron (2010-10-04 20:09)

27

Re: Email Template - updated for Wolf

Possible (at least partial) solution to make the email address less visible - return the template only if DEBUG is true. I did this in email_template.php and it seems to work:

 
} else {
                /* Or display the mail which was sent. Usefull for debugging. */
                if (DEBUG) {
                    print '<h1>debug output</h1><pre>' . htmlentities($this->content()) . '</pre>';
                } else {
                    header('HTTP/1.0 403 Forbidden');
                    print '<h1>Access forbidden</h1><p>Access not allowed, possibly because of an error in our contact form</p>'
                }

A get request now gets a 403. The only question is whether the email is exposed in some way on a post request. Also, it returns a 403 if the post array does not contain and success url.

Thumbs up

28

Re: Email Template - updated for Wolf

Thanks for this - I've added issue tracking for Email Template now. I've added this one -- hopefully can get some time over the next few weeks for this...

...unless anyone clones the repo, devises a fix and sends a pull request? wink

Using Wolf CMS professionally and for profit? Please consider supporting Wolf financially. Thanks!

29

Re: Email Template - updated for Wolf

Hi,
I have tried to use the plugin today with the newest version of wolf cms 0.7.5 and php 5.3.6 and had major problems because the function headers and function body in the email_template.php was spitting out the complete website page and not just the content comming from the email form.

I helped myself by cleaning up the arrays in the functions headers and body by adding the following code in the respective functions before the foreach loop ..

 foreach($content_array as $key => $value) {
    if (empty($value) || trim($value) == '' || preg_match("/:/i", $value) == false ) {
        unset($content_array[$key]);
    }
}
$array_clean = array_values($content_array); 

and also by stripping any tags in the $output of the content function.

However, I think using ":" in the template is in my case not a good idea ... what happens if someone enters ":" in the mail or if I had some content in the website with ":" ...

Anyone else using this plugin succesfully with php 5.3.6 ???

all the best
tina

Last edited by tkeil69575 (2011-08-06 00:13)

http://geovoyagers.de - Powered by wolfcms

30

Re: Email Template - updated for Wolf

Is it possible to send email in HTML format with this plugin?

--
Piotr