corrade-http-templates
/instantMessage/sendInstantMessage.php |
@@ -13,28 +13,16 @@ |
|
require_once('config.php'); |
require_once('functions.php'); |
require_once('vendor/was/utilities/src/formats/kvp/kvp.php'); |
|
########################################################################### |
## INTERNALS ## |
########################################################################### |
|
# CRSF. |
session_start(); |
if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) { |
http_response_code(403); |
die('Forbidden.'); |
} |
|
# Check that we have all the necessary variables. |
# If there is no "message" or "name" POST variable set then bail. |
if(!isset($_POST['message']) || |
empty($_POST['message']) || |
!isset($_POST['name']) || |
empty($_POST['name']) || |
!isset($_POST['firstname']) || |
empty($_POST['firstname']) || |
!isset($_POST['lastname']) || |
empty($_POST['lastname'])) return; |
!isset($_POST['lastname'])) return; |
|
#### |
# I. Build the POST array to send to Corrade. |
@@ -52,7 +40,7 @@ |
# II. Escape the data to be sent to Corrade. |
array_walk($params, |
function(&$value, $key) { |
$value = urlencode($key)."=".urlencode($value); |
$value = rawurlencode($key)."=".rawurlencode($value); |
} |
); |
$postvars = implode('&', $params); |
@@ -132,3 +120,5 @@ |
); |
break; |
} |
|
?> |