Wishlist 2.0

[michael_s]

For 3.5d users. If you have register globals off, which is a good thing, then you will need to fix the following code in order for emails to friends from your wishlist.php page to be sent.

The problem:

/catalog/wishlist.php email sending script requires register globals on as the friend array and email array passed in $_POST are currently coded for register globals.

The fix:

The following code secures the $email and $friend arrays from $_POST without register globals:

1. Look for the following code:
CODE
//Check each posted name => email for errors.
$j = 0;
foreach($_POST['friend'] as $friendx) {
if($j == 0) {
2. Replace it with the following code:
CODE
//Check each posted name => email for errors.
$j = 0;
foreach($_POST['friend'] as $friendx) {
// secure post
$friendx = strip_tags($friendx);

if($j == 0) {
$friend = $_POST['friend'];

// secure posts
$x = 0;
foreach ($friend as $value) {
$friend[$x] = strip_tags($value);
$x++;
}

$email = $_POST['email'];
$x = 0;
foreach ($email as $value) {
$email[$x] = strip_tags($value);
$x++;
}

More...