diff options
| author | Eric <eric@piwigo.org> | 2009-11-18 20:07:20 +0000 |
|---|---|---|
| committer | Eric <eric@piwigo.org> | 2009-11-18 20:07:20 +0000 |
| commit | 1235bab5276f8c56ed6ba9cff46563c143c3e240 (patch) | |
| tree | 653723f35e14bcee66eeb6bad049c3b106444040 /include/functions_mail.inc.php | |
| parent | 8a299654501db00316a56efda76448a6bb3975e1 (diff) | |
Escape all login and username characters in database
Display correctly usernames
(I hope not to have made mistakes)
git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_mail.inc.php')
| -rw-r--r-- | include/functions_mail.inc.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/functions_mail.inc.php b/include/functions_mail.inc.php index 905ad3e70..50d342535 100644 --- a/include/functions_mail.inc.php +++ b/include/functions_mail.inc.php @@ -364,7 +364,7 @@ order by { $keyargs_content_admin_info = array ( - get_l10n_args('Connected user: %s', $user['username']), + get_l10n_args('Connected user: %s', stripslashes($user['username'])), get_l10n_args('IP: %s', $_SERVER['REMOTE_ADDR']), get_l10n_args('Browser: %s', $_SERVER['HTTP_USER_AGENT']) ); @@ -483,7 +483,7 @@ WHERE { if (!empty($row['mail_address'])) { - array_push($Bcc, format_email($row['username'], $row['mail_address'])); + array_push($Bcc, format_email(stripslashes($row['username']), $row['mail_address'])); } } @@ -794,7 +794,7 @@ function pwg_send_mail($result, $to, $subject, $content, $headers) $dir = $conf['local_data_dir'].'/tmp'; if ( mkgetdir( $dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) ) { - $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme']; + $filename = $dir.'/mail.'.stripslashes($user['username']).'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme']; if ($args['content_format'] == 'text/plain') { $filename .= '.txt'; |