Harden controllers and password randomness

Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
2026-01-24 13:18:35 +00:00
parent fd29d07911
commit 0ef2679808
5 changed files with 87 additions and 28 deletions
--- a/controllers/d.contact.php
+++ b/controllers/d.contact.php
@@ -11,8 +11,9 @@ if(isset($_POST['submit'])) {
 	$message .= "<hr>\r\n";
 	$message .= "<pre style='padding: 10px; background: #ccc;'>".strip_tags(post('message'))."</pre><br>\r\n";

-	$headers = 'From: '. post('email') . "\r\n" .
-	'Reply-To: '. post('email') . "\r\n" .
+	$sender = str_replace(["\r", "\n"], '', post('email'));
+	$headers = 'From: '. $sender . "\r\n" .
+	'Reply-To: '. $sender . "\r\n" .
 	'X-Mailer: PHP/' . phpversion() . "\r\n" .
 	'MIME-Version: 1.0' . "\r\n" .
 	'Content-type: text/html; charset=UTF-8' . "\r\n";