From 9083c55cbdb3fd551baaec02efa12ca9d6659217 Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Wed, 18 Mar 2015 09:26:14 -0500
Subject: [PATCH] Validate message content and subject

---
 main/inc/ajax/message.ajax.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/main/inc/ajax/message.ajax.php b/main/inc/ajax/message.ajax.php
index e52e331028..53227f1fdc 100755
--- a/main/inc/ajax/message.ajax.php
+++ b/main/inc/ajax/message.ajax.php
@@ -12,8 +12,15 @@ $action = $_GET['a'];
 
 switch ($action) {
     case 'send_message':
-        $subject = isset($_REQUEST['subject']) ? $_REQUEST['subject'] : null;
-        $result = MessageManager::send_message($_REQUEST['user_id'], $subject, $_REQUEST['content']);
+        $subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : null;
+        $messageContent = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : null;
+
+        if (empty($subject) || empty($messageContent)) {
+            echo Display::display_error_message(get_lang('ErrorSendingMessage'));
+            exit;
+        }
+
+        $result = MessageManager::send_message($_REQUEST['user_id'], $subject, $messageContent);
         if ($result) {
             echo Display::display_confirmation_message(get_lang('MessageHasBeenSent'));
         } else {