From 67aa86b15b85c56e4834fe5dc89f7fb9ca6e6ca6 Mon Sep 17 00:00:00 2001
From: Torsten Schulz <tsschulz@gmx.net>
Date: Thu, 28 Dec 2023 17:07:46 +0100
Subject: [PATCH] fixed from error

---
 include/membership.php | 2 +-
 include/renderer.php   | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/membership.php b/include/membership.php
index a50637c..a310eeb 100644
--- a/include/membership.php
+++ b/include/membership.php
@@ -114,7 +114,7 @@ class Membership extends Renderer {
                 'Elektronischer Verarbeitung zugestimmg' => $formData['agreedElectronicalHandling']
             ];
             $mail = $this->initSmtpMailer();
-            $mail->setFrom($formData['email'], $formData['firstname'] . ' ' . $formData['lastname']);
+            $mail->setFrom('foerderverein-ajs@gmx.de');
             $mail->addReplyTo($formData['email'], $formData['firstname'] . ' ' . $formData['lastname']);
             $mail->addAddress('foerderverein-ajs@gmx.de', 'Vorstand Förderverein AJS');
             $message = '';
diff --git a/include/renderer.php b/include/renderer.php
index a327582..b73470c 100644
--- a/include/renderer.php
+++ b/include/renderer.php
@@ -107,7 +107,7 @@ class Renderer {
     }
     
     public function render(): void {
-        if (trim(filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING)) !== '') {
+        if (trim(filter_input(INPUT_POST, 'action', FILTER_SANITIZE_FULL_SPECIAL_CHARS)) !== '') {
             $this->formAction();
         }
         $this->website = file_get_contents('templates/page.html');
@@ -177,7 +177,7 @@ class Renderer {
     }
     
     protected function showInputField(array $errors, string $inputType, string $fieldName, int $fieldLength): void {
-        echo '<input type="' . $inputType . '" name="' . $fieldName . '" size="' . $fieldLength . '" value="' . filter_input(INPUT_POST, $fieldName, FILTER_SANITIZE_STRING) . '" />';
+        echo '<input type="' . $inputType . '" name="' . $fieldName . '" size="' . $fieldLength . '" value="' . filter_input(INPUT_POST, $fieldName, FILTER_SANITIZE_FULL_SPECIAL_CHARS) . '" />';
         if (isset($errors[$fieldName])) {
             echo '<span class="error">' . $errors[$fieldName] . '</span>';
         }
@@ -300,7 +300,7 @@ class Renderer {
         } elseif ($this->cleanFields) {
             return '';
         }
-        $value = filter_input(INPUT_POST, $this->formFields[$index]['name'], FILTER_SANITIZE_STRING) ?: '';
+        $value = filter_input(INPUT_POST, $this->formFields[$index]['name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?: '';
         if (trim($value) === '' && isset($this->predefines[$this->formFields[$index]['name']])) {
             $value = $this->predefines[$this->formFields[$index]['name']];
         }
@@ -314,7 +314,7 @@ class Renderer {
 
     protected function formCheckFields(): bool {
         foreach ($this->formFields as $field) {
-            $value = filter_input(INPUT_POST, $field['name'], isset($field['filter']) ? $field['filter'] : FILTER_SANITIZE_STRING);
+            $value = filter_input(INPUT_POST, $field['name'], isset($field['filter']) ? $field['filter'] : FILTER_SANITIZE_FULL_SPECIAL_CHARS);
             if (isset($field['optional']) && ($field['optional'] == false) && trim($value) === '' && $field['type'] !== 'file') {
                 $this->errors[$field['name']] = 'Das Feld darf nicht leer sein';
                 continue;