6 files changed, 20 insertions, 20 deletions

diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index e7fbec7b7..aff7b9a35 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -99,7 +99,7 @@ function insert_user_comment( &$comm, $key, &$infos )
       $query = '
 SELECT COUNT(*) AS user_exists
   FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'";
+  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
       $row = mysql_fetch_assoc( pwg_query( $query ) );
       if ( $row['user_exists'] == 1 )
       {
diff --git a/include/functions_mail.inc.php b/include/functions_mail.inc.php
index 905ad3e70..50d342535 100644
--- a/include/functions_mail.inc.php
+++ b/include/functions_mail.inc.php
@@ -364,7 +364,7 @@ order by
   {
     $keyargs_content_admin_info = array
     (
-      get_l10n_args('Connected user: %s', $user['username']),
+      get_l10n_args('Connected user: %s', stripslashes($user['username'])),
       get_l10n_args('IP: %s', $_SERVER['REMOTE_ADDR']),
       get_l10n_args('Browser: %s', $_SERVER['HTTP_USER_AGENT'])
     );
@@ -483,7 +483,7 @@ WHERE
         {
           if (!empty($row['mail_address']))
           {
-            array_push($Bcc, format_email($row['username'], $row['mail_address']));
+            array_push($Bcc, format_email(stripslashes($row['username']), $row['mail_address']));
           }
         }
 
@@ -794,7 +794,7 @@ function pwg_send_mail($result, $to, $subject, $content, $headers)
     $dir = $conf['local_data_dir'].'/tmp';
     if ( mkgetdir( $dir,  MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) )
     {
-      $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
+      $filename = $dir.'/mail.'.stripslashes($user['username']).'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
       if ($args['content_format'] == 'text/plain')
       {
         $filename .= '.txt';
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index c1f7029d4..f8f02719f 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -170,7 +170,7 @@ SELECT id
 
       $keyargs_content = array
       (
-        get_l10n_args('User: %s', $login),
+        get_l10n_args('User: %s', stripslashes($login)),
         get_l10n_args('Email: %s', $_POST['mail_address']),
         get_l10n_args('', ''),
         get_l10n_args('Admin: %s', $admin_url)
@@ -178,7 +178,7 @@ SELECT id
 
       pwg_mail_notification_admins
       (
-        get_l10n_args('Registration of %s', $login),
+        get_l10n_args('Registration of %s', stripslashes($login)),
         $keyargs_content
       );
     }
@@ -933,8 +933,8 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id;
   if (mysql_num_rows($result) > 0)
   {
     $row = mysql_fetch_assoc($result);
-    $username = $row['username'];
-    $data = $time.$row['username'].$row['password'];
+    $username = stripslashes($row['username']);
+    $data = $time.stripslashes($row['username']).$row['password'];
     $key = base64_encode(
       pack('H*', sha1($data))
       .hash_hmac('md5', $data, $conf['secret_key'],true)
@@ -1018,7 +1018,7 @@ function auto_login() {
       if ($key!==false and $key===$cookie[2])
       {
         log_user($cookie[0], true);
-        trigger_action('login_success', $username);
+        trigger_action('login_success', stripslashes($username));
         return true;
       }
     }
@@ -1039,16 +1039,16 @@ function try_log_user($username, $password, $remember_me)
 SELECT '.$conf['user_fields']['id'].' AS id,
        '.$conf['user_fields']['password'].' AS password
   FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
+  WHERE '.$conf['user_fields']['username'].' = \''.mysql_real_escape_string($username).'\'
 ;';
   $row = mysql_fetch_assoc(pwg_query($query));
   if ($row['password'] == $conf['pass_convert']($password))
   {
     log_user($row['id'], $remember_me);
-    trigger_action('login_success', $username);
+    trigger_action('login_success', stripslashes($username));
     return true;
   }
-  trigger_action('login_failure', $username);
+  trigger_action('login_failure', stripslashes($username));
   return false;
 }
 
diff --git a/include/menubar.inc.php b/include/menubar.inc.php
index 8156dcf22..35fdb8750 100644
--- a/include/menubar.inc.php
+++ b/include/menubar.inc.php
@@ -281,7 +281,7 @@ function initialize_menu()
   }
   else
   {
-    $template->assign('USERNAME', $user['username']);
+    $template->assign('USERNAME', stripslashes($user['username']));
     if (is_autorize_status(ACCESS_CLASSIC))
     {
       $template->assign('U_PROFILE', get_root_url().'profile.php');
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index a0aed7a70..599f2229d 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
   }
 
   $comm = array(
-    'author' => trim(@$_POST['author']),
-    'content' => trim($_POST['content']),
+    'author' => trim( stripslashes(@$_POST['author']) ),
+    'content' => trim( stripslashes($_POST['content']) ),
     'image_id' => $page['image_id'],
    );
 
@@ -152,7 +152,7 @@ $validated_clause.'
       }
       else
       {
-	$author = $row['username'];
+	$author = stripslashes($row['username']);
       }
 
       $tpl_comment =
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 00394c791..bfb62b913 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -523,8 +523,8 @@ SELECT DISTINCT image_id
   }
 
   $comm = array(
-    'author' => trim($params['author']),
-    'content' => trim($params['content']),
+    'author' => trim( stripslashes($params['author']) ),
+    'content' => trim( stripslashes($params['content']) ),
     'image_id' => $params['image_id'],
    );
 
@@ -700,7 +700,7 @@ SELECT id, date, author, content
       )
       )
   {
-    $comment_post_data['author'] = $user['username'];
+    $comment_post_data['author'] = stripslashes($user['username']);
     $comment_post_data['key'] = get_comment_post_key($params['image_id']);
   }
 
@@ -1254,7 +1254,7 @@ function ws_session_getStatus($params, &$service)
 {
   global $user;
   $res = array();
-  $res['username'] = is_a_guest() ? 'guest' : $user['username'];
+  $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']);
   foreach ( array('status', 'template', 'theme', 'language') as $k )
   {
     $res[$k] = $user[$k];