tobias/t-r.de
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added some more tests to block bots calling the script directly

Browse Source
This commit is contained in:
eclipse 2025-03-23 15:03:58 +01:00
parent 1bce64b722
commit eb6e496989
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
content/misc/contact.php
View File

@ -1,6 +1,19 @@
<?php
// inspired by: https://www.unixdude.net/posts/2017/Nov/29/pelican-contact-form/
// make sure method is POST
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
header('Location: /');
exit;
}
// make sure all required fields are set
// HTML already validates this, but bots sometimes call the script directly
if ( $_POST['name'] == '' or $_POST['email'] == '' or $_POST['nachricht'] == '') {
header('Location: /');
exit;
}
// The 'address' form field is in the code but doesn't get rendered on the page. The message will only get sent if the field is empty, thus weeding out bots that will just fill out any form field
if ( $_POST['address'] != '' ) {
header('Location: /');