From 1cb5bfe8755da0a653c6846e407e0374c19ba1f9 Mon Sep 17 00:00:00 2001
From: phot0n <ritwikpuri5678@gmail.com>
Date: Mon, 3 Apr 2023 01:28:56 +0530
Subject: [PATCH] fix: remove methods arg from tate_limit decorator

* feat(minor): send a copy of message to the sender/contactee
* feat: validate sender email address for contact us page
---
 frappe/www/contact.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/frappe/www/contact.py b/frappe/www/contact.py
index 15d639be97..b27685dfcb 100644
--- a/frappe/www/contact.py
+++ b/frappe/www/contact.py
@@ -4,6 +4,7 @@
 import frappe
 from frappe import _
 from frappe.rate_limiter import rate_limit
+from frappe.utils import validate_email_address
 
 sitemap = 1
 
@@ -23,14 +24,15 @@ def get_context(context):
 
 
 @frappe.whitelist(allow_guest=True)
-@rate_limit(limit=1000, seconds=60 * 60, methods=["POST"])
+@rate_limit(limit=1000, seconds=60 * 60)
 def send_message(sender, message, subject="Website Query"):
+	sender = validate_email_address(sender, throw=True)
 	if forward_to_email := frappe.db.get_single_value("Contact Us Settings", "forward_to_email"):
 		frappe.sendmail(recipients=forward_to_email, reply_to=sender, content=message, subject=subject)
 
 	frappe.sendmail(
 		recipients=sender,
-		content="Thank you for reaching out to us. We will get back to you at the earliest.",
+		content=f"<div style='white-space: pre-wrap'>Thank you for reaching out to us. We will get back to you at the earliest.\n\n\nYour query:\n\n{message}</div>",
 		subject="We've received your query!",
 	)