summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomasz Kramkowski <tk@the-tk.com>2018-03-13 18:39:04 +0000
committerTomasz Kramkowski <tk@the-tk.com>2018-03-13 18:39:04 +0000
commitc7ad435f3f7757f129d26a6993e1bf8d21ad4382 (patch)
treec9f4ad448175e4075b5e6abed154d34687685f1f
parent6ea30fe5e0ba4e1029463933f6d8584fe71d9b1d (diff)
downloadwww-staging.tar.gz
www-staging.tar.bz2
www-staging.zip
Fix vulnerability in subscribe.phpstaging
-rw-r--r--theme/static/subscribe.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/theme/static/subscribe.php b/theme/static/subscribe.php
index 468abc1..b74dc93 100644
--- a/theme/static/subscribe.php
+++ b/theme/static/subscribe.php
@@ -1,5 +1,5 @@
<?php
-system("logger -t subscribe.php foobar ${_POST['neo900-mail']};");
+system("logger -t subscribe.php foobar");
die("This functionality has been temporarily disabled. We are sorry about any inconvenience.");
include("mysql_connect.inc.php");
@@ -22,4 +22,4 @@ echo('Your e-mail has been registered. Thank you!');
mail($_POST['neo900-mail'], 'Neo900 newsletter registration', "Hello!\r\n\r\nThis e-mail address has just been used for registration to the newsletter on the Neo900 website.\r\n\r\nIf that's what you just did, ignore this message. If you haven't requested anything like that, reply to this mail and say so - you'll be unregistered.\r\n\r\nThank you for your support!\r\n\r\nNeo900 team\r\nhttp://neo900.org/", "From: Neo900 <newsletter@neo900.org>\r\nContent-Type: text/plain;charset=utf-8\r\nList-Unsubscribe: <mailto:newsletter@neo900.org>\r\nAuto-Submitted: auto-generated\r\n");
-?> \ No newline at end of file
+?>