Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Join Date
    Jan 2006
    Posts
    229
    Plugin Contributions
    0

    Default Quick question about the contact form

    I just had a quick general question about the contact form. I've searched, but I can't find a straightforward answer on this.

    I've created my own contact form that works very well agains injection attacks, but the person I'm doing this site for wants to use the one that comes with ZenCart. That's fine with me - but my question is this:

    Does the standard contact from come with the proper input checks? Like stripping the "/r/n" tags and looking for other methods of injection? I just implemented the contact form on the site I'm working on, and I tried to inject it with my own spam (and sent it to myself!) and the emil sent.

    Now, the *good* thing is that it hasn't arrived to *any* of my inboxes - not the one set for the form, nor any of the ones I entered into the fields. So I like that it *looks* like it's sent, but it really doesn't go through. But then again, I'm not usually a spammer by trade, so I don't know how effective my method for testing is.

    So I was wondering if my initial assumption here is correct - that the standard contact form *does* come with such protection, and checks all user input for injection attempts? From what I'm seeing - it does, but I just wanted to be absolutely sure.

    Thanks!

  2. #2
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Quick question about the contact form

    All of Zen Cart is written to protect against security issues such as this and more ...

    Any that are found are usually fixed within 24 to 48 hours and a new release or post on the required fix is made ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today: v1.5.5]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  3. #3
    Join Date
    Jan 2006
    Posts
    229
    Plugin Contributions
    0

    Default Re: Quick question about the contact form

    Cool - thank you for verifying that for me. I was pretty sure it was - but sometimes you never know! Thanks a bunch :)

  4. #4
    Join Date
    Jan 2006
    Posts
    229
    Plugin Contributions
    0

    Default Re: Quick question about the contact form

    And, I'll be a weiner and hijack my own thread...

    I'd like to have a copy of the message sent appear on the "thank you" portion of the contact form thing. So when the end user hits "send", a copy of the message they send shows up beneath the "Your message has been sent" area.

    I've done this before - usually you just have to put in <?php echo $message ?> and there it is. However, I can't seem to find the right variable to display the copy of the message. I'm pretty sure I just have to put the code in the /includes/templates/MY TEMPLATE/templates/tpl_contact_us_default.php file, right below "<?php echo TEXT_SUCCESS; ?>" but I just can't seem to find the right variable to make it actually show up. I've tried <?php echo $email_address ?> (and the other variables - $name, $enquiry - I've also tried $html_msg) to no avail. Would anyone happen to know what the variable is to get the info to show up? (Maybe I'm formatting it incorrectly?)

    I'm no PHP guru - but I usually know enough to get around - I'm just a little stuck on this.

  5. #5
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Quick question about the contact form

    In the header file:
    /includes/pages/contact_us/header_php.php

    Just after where the $enquiry is set you could set:
    PHP Code:
    $_SESSION['text_message'] = nl2br(stripslashes($enquiry)); 
    Then on the tpl_ file just after the TEXT_SUCCESS you could jazz this up for display:
    PHP Code:
    <?php
      
    echo $_SESSION['text_message'];
      unset(
    $_SESSION['text_message']);
    ?>
    There are more elequent ways to do this, but it works in a pinch ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today: v1.5.5]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  6. #6
    Join Date
    Jan 2006
    Posts
    229
    Plugin Contributions
    0

    Default Re: Quick question about the contact form

    Rock on! Thank you so much!

  7. #7
    Join Date
    Jan 2006
    Posts
    229
    Plugin Contributions
    0

    Default Re: Quick question about the contact form

    I must edit that reply - it's not working When I put it in just like you had it, the email stopped coming to me altogther. Then I realized I forgot to put in a "session_start()" command at the top of the header file. Now the emails come, but the message still won't show up on the accept page. Everything else comes through as usual, though - but this just doesn't seem to want to pass the variable on to the "accept" page.

    I'm still plugging away at it, though!

  8. #8
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Quick question about the contact form

    I only used that code in those two files ...

    tpl_contact_us_default.php
    PHP Code:
    <div class="mainContent success"><?php echo TEXT_SUCCESS?></div>
    <?php
      
    echo $_SESSION['text_message'];
      unset(
    $_SESSION['text_message']);
    ?>

    <div class="buttonRow"><?php echo zen_back_link() . zen_image_button(BUTTON_IMAGE_BACKBUTTON_BACK_ALT) . '</a>'?></div>
    header_php.php
    PHP Code:
      $name zen_db_prepare_input($_POST['contactname']);
      
    $email_address zen_db_prepare_input($_POST['email']);
      
    $enquiry zen_db_prepare_input(strip_tags($_POST['enquiry']));
      
      
    $_SESSION['text_message'] = nl2br(stripslashes($enquiry)); 
    Now it doesn't look "pretty" yet ... but works fine ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today: v1.5.5]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  9. #9
    Join Date
    Jan 2006
    Posts
    229
    Plugin Contributions
    0

    Default Re: Quick question about the contact form

    Yep - that's exactly what I did - and it's not doing anything. How weird...

    maybe it's some kind of cache thing...I don't know. Or maybe my brain is fried from looking at all of this code today - but I'll give it another shot.

  10. #10
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Quick question about the contact form

    Note: be sure from a fresh clean install, meaning you did not change these files at all prior to the code changes I made ... as in delete whatever you did up until now and reload the files from a clean v1.3.6 ...

    Copy the file:
    /includes/templates/template_default/tpl_contact_us_default.php

    /includes/templates/your_template_dir/tpl_contact_us_default.php


    Note: there are no overrides for the file:
    /includes/modules/pages/contact_us/header_php.php

    Then apply the two change to these files ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today: v1.5.5]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v151 I have a quick question about the EZ-pages.
    By coffeebean2009 in forum General Questions
    Replies: 10
    Last Post: 10 Mar 2013, 11:20 PM
  2. Question about https in Contact Form
    By Athens Collectibles in forum Basic Configuration
    Replies: 8
    Last Post: 6 Dec 2012, 08:53 PM
  3. Quick question about contact us
    By leisbi in forum General Questions
    Replies: 3
    Last Post: 14 May 2011, 12:14 AM
  4. This might be a silly question about the contact us form
    By Soul39 in forum General Questions
    Replies: 3
    Last Post: 16 Jan 2009, 08:40 PM
  5. Replies: 2
    Last Post: 17 Aug 2007, 05:26 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR