Escape all login and username characters in database
Display correctly usernames (I hope not to have made mistakes) git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
Eric
parent
8a29965450
commit
1235bab527
19 changed files with 43 additions and 43 deletions
|
|
@ -160,7 +160,7 @@ while ($row = mysql_fetch_assoc($result))
|
|||
}
|
||||
else
|
||||
{
|
||||
$author_name = $row['username'];
|
||||
$author_name = stripslashes($row['username']);
|
||||
}
|
||||
$template->append(
|
||||
'comments',
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ SELECT '.$conf['user_fields']['id'].' AS id
|
|||
$username_of = array();
|
||||
while ($row = mysql_fetch_assoc($result))
|
||||
{
|
||||
$username_of[$row['id']] = $row['username'];
|
||||
$username_of[$row['id']] = stripslashes($row['username']);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -195,7 +195,7 @@ class c13y_internal
|
|||
$inserts = array(
|
||||
array(
|
||||
'id' => $id,
|
||||
'username' => $name,
|
||||
'username' => addslashes($name),
|
||||
'password' => $password
|
||||
),
|
||||
);
|
||||
|
|
|
|||
|
|
@ -2112,7 +2112,7 @@ SELECT '.$conf['user_fields']['username'].'
|
|||
return false;
|
||||
}
|
||||
|
||||
return $username;
|
||||
return stripslashes($username);
|
||||
}
|
||||
|
||||
function get_newsletter_subscribe_base_url($language) {
|
||||
|
|
|
|||
|
|
@ -288,7 +288,7 @@ function inc_mail_sent_success($nbm_user)
|
|||
global $page, $env_nbm;
|
||||
|
||||
$env_nbm['sent_mail_count'] += 1;
|
||||
array_push($page['infos'], sprintf($env_nbm['msg_info'], $nbm_user['username'], $nbm_user['mail_address']));
|
||||
array_push($page['infos'], sprintf($env_nbm['msg_info'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -301,7 +301,7 @@ function inc_mail_sent_failed($nbm_user)
|
|||
global $page, $env_nbm;
|
||||
|
||||
$env_nbm['error_on_mail_count'] += 1;
|
||||
array_push($page['errors'], sprintf($env_nbm['msg_error'], $nbm_user['username'], $nbm_user['mail_address']));
|
||||
array_push($page['errors'], sprintf($env_nbm['msg_error'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -338,7 +338,7 @@ function assign_vars_nbm_mail_content($nbm_user)
|
|||
(
|
||||
array
|
||||
(
|
||||
'USERNAME' => $nbm_user['username'],
|
||||
'USERNAME' => stripslashes($nbm_user['username']),
|
||||
|
||||
'SEND_AS_NAME' => $env_nbm['send_as_name'],
|
||||
|
||||
|
|
@ -427,7 +427,7 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
|
|||
|
||||
if (pwg_mail
|
||||
(
|
||||
format_email($nbm_user['username'], $nbm_user['mail_address']),
|
||||
format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']),
|
||||
array
|
||||
(
|
||||
'from' => $env_nbm['send_as_mail_formated'],
|
||||
|
|
@ -465,12 +465,12 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
|
|||
)
|
||||
);
|
||||
$updated_data_count += 1;
|
||||
array_push($page['infos'], sprintf($msg_info, $nbm_user['username'], $nbm_user['mail_address']));
|
||||
array_push($page['infos'], sprintf($msg_info, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
|
||||
}
|
||||
else
|
||||
{
|
||||
$error_on_updated_data_count += 1;
|
||||
array_push($page['errors'], sprintf($msg_error, $nbm_user['username'], $nbm_user['mail_address']));
|
||||
array_push($page['errors'], sprintf($msg_error, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ order by
|
|||
$page['infos'],
|
||||
sprintf(
|
||||
l10n('nbm_user_x_added'),
|
||||
$nbm_user['username'],
|
||||
stripslashes($nbm_user['username']),
|
||||
get_email_address_as_display_text($nbm_user['mail_address'])
|
||||
)
|
||||
);
|
||||
|
|
@ -388,7 +388,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l
|
|||
|
||||
if (pwg_mail
|
||||
(
|
||||
format_email($nbm_user['username'], $nbm_user['mail_address']),
|
||||
format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']),
|
||||
array
|
||||
(
|
||||
'from' => $env_nbm['send_as_mail_formated'],
|
||||
|
|
@ -665,7 +665,7 @@ switch ($page['mode'])
|
|||
{
|
||||
if (get_boolean($nbm_user['enabled']))
|
||||
{
|
||||
$opt_true[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
|
||||
$opt_true[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
|
||||
if ((isset($_POST['falsify']) and isset($_POST['cat_true']) and in_array($nbm_user['check_key'], $_POST['cat_true'])))
|
||||
{
|
||||
$opt_true_selected[] = $nbm_user['check_key'];
|
||||
|
|
@ -673,7 +673,7 @@ switch ($page['mode'])
|
|||
}
|
||||
else
|
||||
{
|
||||
$opt_false[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
|
||||
$opt_false[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
|
||||
if (isset($_POST['trueify']) and isset($_POST['cat_false']) and in_array($nbm_user['check_key'], $_POST['cat_false']))
|
||||
{
|
||||
$opt_false_selected[] = $nbm_user['check_key'];
|
||||
|
|
@ -718,7 +718,7 @@ switch ($page['mode'])
|
|||
isset($_POST['send_selection']) and // not init
|
||||
!in_array($nbm_user['check_key'], $_POST['send_selection']) // not selected
|
||||
) ? '' : 'checked="checked"',
|
||||
'USERNAME'=> $nbm_user['username'],
|
||||
'USERNAME'=> stripslashes($nbm_user['username']),
|
||||
'EMAIL' => get_email_address_as_display_text($nbm_user['mail_address']),
|
||||
'LAST_SEND'=> $nbm_user['last_send']
|
||||
);
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ SELECT '.$conf['user_fields']['username'].' as username, '.$conf['user_fields'][
|
|||
$result = pwg_query($query);
|
||||
while ($row = mysql_fetch_assoc($result))
|
||||
{
|
||||
$users[$row['id']]=$row['username'];
|
||||
$users[$row['id']]=stripslashes($row['username']);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -177,7 +177,7 @@ while ( $row = mysql_fetch_assoc( $result ) )
|
|||
(substr($row['file'], 0, 10)).'...' : $row['file'],
|
||||
'PREVIEW_URL_IMG'=>$preview_url,
|
||||
'UPLOAD_EMAIL'=>get_email_address_as_display_text($row['mail_address']),
|
||||
'UPLOAD_USERNAME'=>$row['username']
|
||||
'UPLOAD_USERNAME'=>stripslashes($row['username'])
|
||||
);
|
||||
|
||||
// is there an existing associated thumnail ?
|
||||
|
|
|
|||
|
|
@ -702,7 +702,7 @@ foreach ($visible_user_list as $local_user)
|
|||
'CHECKED' => $checked,
|
||||
'U_PROFILE' => $profile_url.$local_user['id'],
|
||||
'U_PERM' => $perm_url.$local_user['id'],
|
||||
'USERNAME' => $local_user['username']
|
||||
'USERNAME' => stripslashes($local_user['username'])
|
||||
.($local_user['id'] == $conf['guest_id']
|
||||
? '<br>['.l10n('is_the_guest').']' : '')
|
||||
.($local_user['id'] == $conf['default_user_id']
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue