From 1235bab5276f8c56ed6ba9cff46563c143c3e240 Mon Sep 17 00:00:00 2001
From: Eric <eric@piwigo.org>
Date: Wed, 18 Nov 2009 20:07:20 +0000
Subject: Escape all login and username characters in database Display
 correctly usernames

(I hope not to have made mistakes)

git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/include/c13y_internal.class.php                |  2 +-
 admin/include/functions.php                          |  2 +-
 admin/include/functions_notification_by_mail.inc.php | 12 ++++++------
 3 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'admin/include')

diff --git a/admin/include/c13y_internal.class.php b/admin/include/c13y_internal.class.php
index c807ac24c..6402c6516 100644
--- a/admin/include/c13y_internal.class.php
+++ b/admin/include/c13y_internal.class.php
@@ -195,7 +195,7 @@ class c13y_internal
             $inserts = array(
               array(
                 'id'       => $id,
-                'username' => $name,
+                'username' => addslashes($name),
                 'password' => $password
                 ),
               );
diff --git a/admin/include/functions.php b/admin/include/functions.php
index f023a7a5d..d1e82f15f 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -2112,7 +2112,7 @@ SELECT '.$conf['user_fields']['username'].'
     return false;
   }
 
-  return $username;
+  return stripslashes($username);
 }
 
 function get_newsletter_subscribe_base_url($language) {
diff --git a/admin/include/functions_notification_by_mail.inc.php b/admin/include/functions_notification_by_mail.inc.php
index 11b9454f4..6a674c5e0 100644
--- a/admin/include/functions_notification_by_mail.inc.php
+++ b/admin/include/functions_notification_by_mail.inc.php
@@ -288,7 +288,7 @@ function inc_mail_sent_success($nbm_user)
   global $page, $env_nbm;
 
   $env_nbm['sent_mail_count'] += 1;
-  array_push($page['infos'], sprintf($env_nbm['msg_info'], $nbm_user['username'], $nbm_user['mail_address']));
+  array_push($page['infos'], sprintf($env_nbm['msg_info'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
 }
 
 /*
@@ -301,7 +301,7 @@ function inc_mail_sent_failed($nbm_user)
   global $page, $env_nbm;
 
   $env_nbm['error_on_mail_count'] += 1;
-  array_push($page['errors'], sprintf($env_nbm['msg_error'], $nbm_user['username'], $nbm_user['mail_address']));
+  array_push($page['errors'], sprintf($env_nbm['msg_error'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
 }
 
 /*
@@ -338,7 +338,7 @@ function assign_vars_nbm_mail_content($nbm_user)
   (
     array
     (
-      'USERNAME' => $nbm_user['username'],
+      'USERNAME' => stripslashes($nbm_user['username']),
 
       'SEND_AS_NAME' => $env_nbm['send_as_name'],
 
@@ -427,7 +427,7 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
 
         if (pwg_mail
             (
-              format_email($nbm_user['username'], $nbm_user['mail_address']),
+              format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']),
               array
               (
                 'from' => $env_nbm['send_as_mail_formated'],
@@ -465,12 +465,12 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
           )
         );
         $updated_data_count += 1;
-        array_push($page['infos'], sprintf($msg_info, $nbm_user['username'], $nbm_user['mail_address']));
+        array_push($page['infos'], sprintf($msg_info, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
       }
       else
       {
         $error_on_updated_data_count += 1;
-        array_push($page['errors'], sprintf($msg_error, $nbm_user['username'], $nbm_user['mail_address']));
+        array_push($page['errors'], sprintf($msg_error, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
       }
 
     }
-- 
cgit v1.2.3