aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authorEric <eric@piwigo.org>2009-11-18 20:07:20 +0000
committerEric <eric@piwigo.org>2009-11-18 20:07:20 +0000
commit1235bab5276f8c56ed6ba9cff46563c143c3e240 (patch)
tree653723f35e14bcee66eeb6bad049c3b106444040 /admin/include
parent8a299654501db00316a56efda76448a6bb3975e1 (diff)
Escape all login and username characters in database
Display correctly usernames (I hope not to have made mistakes) git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/include')
-rw-r--r--admin/include/c13y_internal.class.php2
-rw-r--r--admin/include/functions.php2
-rw-r--r--admin/include/functions_notification_by_mail.inc.php12
3 files changed, 8 insertions, 8 deletions
diff --git a/admin/include/c13y_internal.class.php b/admin/include/c13y_internal.class.php
index c807ac24c..6402c6516 100644
--- a/admin/include/c13y_internal.class.php
+++ b/admin/include/c13y_internal.class.php
@@ -195,7 +195,7 @@ class c13y_internal
$inserts = array(
array(
'id' => $id,
- 'username' => $name,
+ 'username' => addslashes($name),
'password' => $password
),
);
diff --git a/admin/include/functions.php b/admin/include/functions.php
index f023a7a5d..d1e82f15f 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -2112,7 +2112,7 @@ SELECT '.$conf['user_fields']['username'].'
return false;
}
- return $username;
+ return stripslashes($username);
}
function get_newsletter_subscribe_base_url($language) {
diff --git a/admin/include/functions_notification_by_mail.inc.php b/admin/include/functions_notification_by_mail.inc.php
index 11b9454f4..6a674c5e0 100644
--- a/admin/include/functions_notification_by_mail.inc.php
+++ b/admin/include/functions_notification_by_mail.inc.php
@@ -288,7 +288,7 @@ function inc_mail_sent_success($nbm_user)
global $page, $env_nbm;
$env_nbm['sent_mail_count'] += 1;
- array_push($page['infos'], sprintf($env_nbm['msg_info'], $nbm_user['username'], $nbm_user['mail_address']));
+ array_push($page['infos'], sprintf($env_nbm['msg_info'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
}
/*
@@ -301,7 +301,7 @@ function inc_mail_sent_failed($nbm_user)
global $page, $env_nbm;
$env_nbm['error_on_mail_count'] += 1;
- array_push($page['errors'], sprintf($env_nbm['msg_error'], $nbm_user['username'], $nbm_user['mail_address']));
+ array_push($page['errors'], sprintf($env_nbm['msg_error'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
}
/*
@@ -338,7 +338,7 @@ function assign_vars_nbm_mail_content($nbm_user)
(
array
(
- 'USERNAME' => $nbm_user['username'],
+ 'USERNAME' => stripslashes($nbm_user['username']),
'SEND_AS_NAME' => $env_nbm['send_as_name'],
@@ -427,7 +427,7 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
if (pwg_mail
(
- format_email($nbm_user['username'], $nbm_user['mail_address']),
+ format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']),
array
(
'from' => $env_nbm['send_as_mail_formated'],
@@ -465,12 +465,12 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
)
);
$updated_data_count += 1;
- array_push($page['infos'], sprintf($msg_info, $nbm_user['username'], $nbm_user['mail_address']));
+ array_push($page['infos'], sprintf($msg_info, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
}
else
{
$error_on_updated_data_count += 1;
- array_push($page['errors'], sprintf($msg_error, $nbm_user['username'], $nbm_user['mail_address']));
+ array_push($page['errors'], sprintf($msg_error, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
}
}