From 04d6281dd2a37fdd919b57e4a526f67bd2625210 Mon Sep 17 00:00:00 2001
From: patdenice <patdenice@piwigo.org>
Date: Tue, 29 Mar 2011 19:59:09 +0000
Subject: merge r9923 from trunk to branch 2.1 bug:2234 HTML characters are
 allowed in username

git-svn-id: http://piwigo.org/svn/branches/2.1@9929 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_user.inc.php | 4 ++++
 language/en_UK/common.lang.php | 3 ++-
 language/fr_FR/common.lang.php | 3 ++-
 register.php                   | 2 +-
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 090c2e701..3c99c4785 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -112,6 +112,10 @@ function register_user($login, $password, $mail_address,
   {
     array_push($errors, l10n('this login is already used'));
   }
+  if ($login != strip_tags($login))
+  {
+    array_push($errors, l10n('html tags are not allowed in login'));
+  }
   $mail_error = validate_mail_address(null, $mail_address);
   if ('' != $mail_error)
   {
diff --git a/language/en_UK/common.lang.php b/language/en_UK/common.lang.php
index b89fb3e24..e9e8225a0 100644
--- a/language/en_UK/common.lang.php
+++ b/language/en_UK/common.lang.php
@@ -377,4 +377,5 @@ $lang['This author modified following comment:'] = 'This author modified followi
 $lang['This author removed the comment with id %d'] = 'This author removed the comment with id %d';
 $lang['delete this comment'] = "delete this comment";
 $lang['validate this comment'] = 'validate this comment';
-?>
+$lang['html tags are not allowed in login'] = 'html tags are not allowed in login';
+?>
\ No newline at end of file
diff --git a/language/fr_FR/common.lang.php b/language/fr_FR/common.lang.php
index 4abab2079..8e03fe512 100644
--- a/language/fr_FR/common.lang.php
+++ b/language/fr_FR/common.lang.php
@@ -379,4 +379,5 @@ $lang['This author modified following comment:'] = 'Cet auteur a modifié le com
 $lang['This author removed the comment with id %d'] = 'Cet auteur a supprimé le commentaire portant l\'identifiant %d';
 $lang['delete this comment'] = "supprimer ce commentaire";
 $lang['validate this comment'] = 'valider ce commentaire';
-?>
+$lang['html tags are not allowed in login'] = 'les balises html ne sont pas autorisées dans le login';
+?>
\ No newline at end of file
diff --git a/register.php b/register.php
index 98e76d916..7284b5c71 100644
--- a/register.php
+++ b/register.php
@@ -46,7 +46,7 @@ if (isset($_POST['submit']))
   }
 
   $errors =
-      register_user(htmlspecialchars($_POST['login'],ENT_COMPAT,'utf-8'),
+      register_user($_POST['login'],
                     $_POST['password'],
                     $_POST['mail_address'],
                     true,
-- 
cgit v1.2.3