- $replyto = notags(trim($_POST['replyto']));
- $recipient = intval($_POST['messageto']);
- $subject = notags(trim($_POST['subject']));
- $body = escape_tags(trim($_POST['body']));
-
- if(! $recipient) {
- notice( t('No recipient selected.') . EOL );
- return;
- }
-
- $me = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
- intval($_SESSION['uid'])
- );
- $contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($recipient),
- intval($_SESSION['uid'])
- );
-
- if(! (count($me) && (count($contact)))) {
- notice( t('Unable to locate contact information.') . EOL );
- return;
- }
-
- $hash = random_string();
- $uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . $_SESSION['uid'] . ':' . $hash ;
-
- if(! strlen($replyto))
- $replyto = $uri;
-
- $r = q("INSERT INTO `mail` ( `uid`, `from-name`, `from-photo`, `from-url`,
- `contact-id`, `title`, `body`, `delivered`, `seen`, `replied`, `uri`, `parent-uri`, `created`)
- VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s' )",
- intval($_SESSION['uid']),
- dbesc($me[0]['name']),
- dbesc($me[0]['thumb']),
- dbesc($me[0]['url']),
- intval($recipient),
- dbesc($subject),
- dbesc($body),
- 0,
- 1,
- 0,
- dbesc($uri),
- dbesc($replyto),
- datetime_convert()
- );
- $r = q("SELECT * FROM `mail` WHERE `uri` = '%s' and `uid` = %d LIMIT 1",
- dbesc($uri),
- intval($_SESSION['uid'])
- );
- if(count($r))
- $post_id = $r[0]['id'];
+ $replyto = ((x($_POST,'replyto')) ? notags(trim($_POST['replyto'])) : '');
+ $subject = ((x($_POST,'subject')) ? notags(trim($_POST['subject'])) : '');
+ $body = ((x($_POST,'body')) ? escape_tags(trim($_POST['body'])) : '');
+ $recipient = ((x($_POST,'messageto')) ? intval($_POST['messageto']) : 0 );