Subscribe Newsletter Protection

Problem

There is no limit or filter over the Name and Email post variables which is very dangerous!

Solution

In /includes/classes/class.subscribe.php

Find

$first_name = $_POST['nl_first_name'];
$email = $_POST['nl_email'];

Replace

//================================
// MOD - String Limit
//================================
//$first_name = $_POST['nl_first_name'];
//$email = $_POST['nl_email'];
$first_name = substr($_POST['nl_first_name'],0,80);
$email = substr($_POST['nl_email'],0,80);
//================================

Leave a Reply

Your email address will not be published. Required fields are marked *