$value){
$values[$key] = htmlentities($value);
}
$values2 = $values;
// Attempt to defend against header injections:
$badStrings = array(“/content-type[[:space:]]*:/i”,
“/mime-version[[:space:]]*:/i”,
“/content-transfer-encoding[[:space:]]*:/i”,
“/(to|from|bcc|cc)[[:space:]]*:.*@/i”,
“/[\n\r]subject[[:space:]]*:/i”);
// Loop through each POST’ed value and test if it contains one of the $badStrings:
foreach($values2 as $k => $v){
foreach($badStrings as $v2){
if(preg_match($v2, strtolower($v))) {
header(“HTTP/1.0 403 Forbidden”);
$errors[] = ‘1’;
exit;
}
}
}
$values3 = $values;
foreach ($values3 as $ky=>$vl) {
$values[$ky] = strip_tags($vl);
}
$errors = array();
if ($values[‘event_submit’] && !count($errors)) {
// Send notification email
$msg = “A new event has been submitted to DerivSource by “.htmlentities(stripslashes($values[‘youremail’]));
$msg .= “\n\nEvent Title: “.htmlentities(stripslashes($values[‘title’]));
$msg .= “\nEvent Type: “.htmlentities(stripslashes($values[‘eventtype’]));
$msg .= “\nLocation: “.htmlentities(stripslashes($values[‘location’]));
$msg .= “\nDate: “.htmlentities(stripslashes($values[‘date’]));
$msg .= “\n\nSummary: “.htmlentities(stripslashes($values[‘summary’]));
$msg .= “\n\nWebsite: “.htmlentities(stripslashes($values[‘website’]));
mail(‘info@derivsource.com’, ‘[DerivSource | Events] New Event Submission!’, $msg, “From: \”DerivSource\”
}
?>
Thank you for submitting your event.
