...

web/mustard/invite.php

@@ -103,12 +103,13 @@ if (array_key_exists('id',$_GET) && preg_match('/^[0-9]+$/',$_GET['id'])===1) {
 } elseif (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1 && array_key_exists('insturi',$_POST) && trim($_POST['insturi'])!='' && array_key_exists('subject',$_POST) && trim($_POST['subject'])!='' && array_key_exists('to',$_POST) && trim($_POST['to'])!='' && array_key_exists('message',$_POST) && trim($_POST['message'])!='' && array_key_exists('password',$_POST) && trim($_POST['password'])!='' && array_key_exists('guestaddr',$_POST) && trim($_POST['guestaddr'])!='' && array_key_exists('createacc',$_POST) && preg_match('/^true|false$/',$_POST['createacc'])===1) {
 	$_POST['id']+=0;
 	$from=$iniarr['ref_name'].' <'.$iniarr['ref_email'].'>';
-	$to=$_POST['to'];
-	$dbchange=true;
 	//questo per far provette d'invio mail senza toccare il db
-	if ($iniarr['mail_test_address']==false || trim($iniarr['mail_test_address'])=='') {
+	if ($iniarr['mail_test_address']!=false && trim($iniarr['mail_test_address'])!='') {
 		$to=$iniarr['mail_test_address'];
 		$dbchange=false;
+	} else {
+		$to=$_POST['to'];
+		$dbchange=true;
 	}
 	$mail=mail($to,'=?utf-8?B?'.base64_encode($_POST['subject']).'?=',wordwrap($_POST['message'],76,"\r\n",false),array('From'=>$from,'Content-Type'=>'text/plain; charset=UTF-8','Content-Transfer-Encoding'=>'8bit'));
 	if (!$mail)	{