Browse code

anmerkungen ermöglicht

Bernd Wurst authored on 17/03/2018 17:22:24
Showing 2 changed files
... ...
@@ -36,7 +36,7 @@ if (isset($_REQUEST['form'])) {
36 36
             }
37 37
             $number = format_number($number);
38 38
 
39
-            $_SESSION['phone'] = $number;
39
+            $_SESSION['phone'] = htmlspecialchars($number);
40 40
             setcookie('NUMBER', $number, time() + 24*3600*500, "");
41 41
 
42 42
             if (! $_SESSION['phone']) {
... ...
@@ -51,7 +51,7 @@ if (isset($_REQUEST['form'])) {
51 51
             $fields = array("fname", "lname", "address", "zip", "city");
52 52
             foreach ($fields as $f) {
53 53
                 if (isset($_REQUEST[$f])) {
54
-                    $_SESSION[$f] = trim($_REQUEST[$f]);
54
+                    $_SESSION[$f] = trim(htmlspecialchars($_REQUEST[$f]));
55 55
                 } else {
56 56
                     if (! isset($_SESSION[$f])) {
57 57
                         $_SESSION[$f] = '';
... ...
@@ -83,11 +83,11 @@ if (isset($_REQUEST['form'])) {
83 83
             if (isset($_REQUEST['lieferart'])) {
84 84
                 if ($_REQUEST['lieferart'] == 'gitterbox') {
85 85
                     $_SESSION['lieferart'] = 'gitterbox';
86
-                    $_SESSION['gbcount'] = $_REQUEST['gbcount'];
86
+                    $_SESSION['gbcount'] = htmlspecialchars($_REQUEST['gbcount']);
87 87
                 }
88 88
                 if ($_REQUEST['lieferart'] == 'anhaenger') {
89 89
                     $_SESSION['lieferart'] = 'anhaenger';
90
-                    $_SESSION['kennz'] = $_REQUEST['kennz'];
90
+                    $_SESSION['kennz'] = htmlspecialchars($_REQUEST['kennz']);
91 91
                     if ($_SESSION['angeliefert'] === false && ! $_SESSION['kennz']) {
92 92
                         $redirect = 'gitterbox_spaeter.php?error';
93 93
                         break;
... ...
@@ -116,7 +116,7 @@ if (isset($_REQUEST['form'])) {
116 116
             }
117 117
             if (isset($_REQUEST['submit']) && isset($_REQUEST['sonstiges']) && $_REQUEST['sonstiges'] != '') {
118 118
                 $_SESSION['neue'] = 'sonstiges';
119
-                $_SESSION['sonstiges'] = $_REQUEST['sonstiges'];
119
+                $_SESSION['sonstiges'] = htmlspecialchars($_REQUEST['sonstiges']);
120 120
             }
121 121
 
122 122
 
... ...
@@ -127,12 +127,15 @@ if (isset($_REQUEST['form'])) {
127 127
             if (isset($_REQUEST['frischsaftnein'])) {
128 128
                 $_SESSION['frischsaft'] = 0;
129 129
             } elseif (isset($_REQUEST['frischsaft'])) {
130
-                $_SESSION['frischsaft'] = (int) $_REQUEST['frischsaft'];
130
+                $_SESSION['frischsaft'] = htmlspecialchars($_REQUEST['frischsaft']);
131 131
             }
132 132
 
133 133
             $redirect = 'summary.php';
134 134
             break;
135 135
         case 'summary':
136
+            if (isset($_REQUEST['anmerkungen'])) {
137
+                $_SESSION['anmerkungen'] = htmlspecialchars($_REQUEST['anmerkungen']);
138
+            }
136 139
             if (!isset($_REQUEST['agb'])) {
137 140
                 $redirect = 'summary.php?error';
138 141
                 break;
... ...
@@ -124,6 +124,9 @@ $content .= '
124 124
     <input type="hidden" name="form" value="summary">
125 125
     <p>Wenn diese Angaben stimmen, bestätigen Sie bitte unten unsere Bedingungen und erteilen Sie den Auftrag.</p>
126 126
 
127
+    <div class="form-group form-group-lg row">
128
+        <div class="col-sm-10 col-sm-offset-1 col-xs-12"><label for="anmerkungen">Hier ist Platz für weitere Anmerkungen</label><textarea class="form-control" name="anmerkungen" placeholder="Weitere Anmerkungen">'.$_SESSION['anmerkungen'].'</textarea></div>
129
+    </div>
127 130
     <div class="form-group form-group-lg row">
128 131
         <div class="col-xs-10 col-xs-offset-1"><div class="checkbox form-control"><label><input type="checkbox" id="agb" name="agb" value="ok">Ich habe <a id="terms-link" href="https://mosterei-wurst.de/so-einfach-gehts/anlieferung-ohne-termin/spielregeln-fuer-die-anlieferung-in-unsere-gitterboxen/" target="_blank">die Spielregeln</a> gelesen und bin damit einverstanden.</label></div></div>
129 132
     </div>