diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index fa98e9cc49..0e2e7cec5f 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -1,6 +1,6 @@
assign_vars(array(
- 'REGISTRATION' => $lang['Registration'],
- 'AGREEMENT' => $lang['Reg_agreement'],
- "AGREE_OVER_13" => $lang['Agree_over_13'],
- "AGREE_UNDER_13" => $lang['Agree_under_13'],
- 'DO_NOT_AGREE' => $lang['Agree_not'],
+ 'REGISTRATION' => $lang['Registration'],
+ 'AGREEMENT' => $lang['Reg_agreement'],
+ "AGREE_OVER_13" => $lang['Agree_over_13'],
+ "AGREE_UNDER_13" => $lang['Agree_under_13'],
+ 'DO_NOT_AGREE' => $lang['Agree_not'],
"U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&agreed=true"),
"U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&agreed=true&coppa=true"))
@@ -73,11 +73,11 @@ $coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ?
//
// Check and initialize some variables if needed
//
-if (
- isset($HTTP_POST_VARS['submit']) ||
- isset($HTTP_POST_VARS['avatargallery']) ||
- isset($HTTP_POST_VARS['submitavatar']) ||
- isset($HTTP_POST_VARS['cancelavatar']) ||
+if (
+ isset($HTTP_POST_VARS['submit']) ||
+ isset($HTTP_POST_VARS['avatargallery']) ||
+ isset($HTTP_POST_VARS['submitavatar']) ||
+ isset($HTTP_POST_VARS['cancelavatar']) ||
$mode == 'register' )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
@@ -114,7 +114,7 @@ if (
$email = htmlspecialchars($email);
$signature = str_replace('
', "\n", $signature);
- // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
+ // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
// empty strings if they fail.
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
@@ -163,9 +163,9 @@ if (
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat'];
- $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
+ $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
- $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';
+ $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
@@ -196,7 +196,7 @@ if (
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
- if ( !isset($HTTP_POST_VARS['cancelavatar']))
+ if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
@@ -243,7 +243,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Fields_empty'];
}
-
+
}
$passwd_sql = '';
@@ -263,8 +263,8 @@ if ( isset($HTTP_POST_VARS['submit']) )
{
if ( $mode == 'editprofile' )
{
- $sql = "SELECT user_password
- FROM " . USERS_TABLE . "
+ $sql = "SELECT user_password
+ FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
@@ -279,7 +279,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Current_password_mismatch'];
}
}
-
+
if ( !$error )
{
$new_password = md5($new_password);
@@ -306,11 +306,11 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
}
-
+
if ( $mode == 'editprofile' )
{
- $sql = "SELECT user_password
- FROM " . USERS_TABLE . "
+ $sql = "SELECT user_password
+ FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
@@ -459,7 +459,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => $username,
- 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']),
+ 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
@@ -523,7 +523,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
{
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
}
-
+
$group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
@@ -567,7 +567,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
if( $coppa )
{
$emailer->assign_vars(array(
- 'SITENAME' => $board_config['sitename'],
+ 'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
@@ -589,7 +589,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
else
{
$emailer->assign_vars(array(
- 'SITENAME' => $board_config['sitename'],
+ 'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
@@ -632,7 +632,7 @@ if ( $error )
{
//
// If an error occured we need to stripslashes on returned data
- //
+ //
$username = stripslashes($username);
$email = stripslashes($email);
$new_password = '';
@@ -800,9 +800,9 @@ else
//
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
-
+
$template->assign_vars(array(
- 'USERNAME' => $username,
+ 'USERNAME' => $username,
'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm,
@@ -842,11 +842,11 @@ else
'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'),
'DATE_FORMAT' => $user_dateformat,
'HTML_STATUS' => $html_status,
- 'BBCODE_STATUS' => sprintf($bbcode_status, '', ''),
+ 'BBCODE_STATUS' => sprintf($bbcode_status, '', ''),
'SMILIES_STATUS' => $smilies_status,
- 'L_CURRENT_PASSWORD' => $lang['Current_password'],
- 'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
+ 'L_CURRENT_PASSWORD' => $lang['Current_password'],
+ 'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '',
'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '',
diff --git a/phpBB/login.php b/phpBB/login.php
index 8be7cf5d67..d20e32fd07 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -46,7 +46,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
{
//
// This appears to work for IIS5 CGI under Win2K. Uses getenv
- // since this doesn't exist for ISAPI mode and therefore the
+ // since this doesn't exist for ISAPI mode and therefore the
// normal Location redirector is used in preference
//
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
@@ -54,7 +54,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
- $sql = "SELECT user_id, username, user_password, user_active, user_level
+ $sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
@@ -99,7 +99,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
$redirect = str_replace("?", "&", $redirect);
-
+
$template->assign_vars(array(
'META' => '')
);
@@ -175,7 +175,7 @@ else
{
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];
- if( preg_match("/^redirect=(.*)$/si", $forward_to, $forward_matches) )
+ if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
{
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
$forward_match = explode('&', $forward_to);
@@ -216,11 +216,11 @@ else
$template->assign_vars(array(
'USERNAME' => $username,
- 'L_ENTER_PASSWORD' => $lang['Enter_password'],
+ 'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],
- 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
-
+ 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
+
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);