From 5f01741bc48921906b7abad2e9de31a6883bb9b2 Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Mon, 26 Nov 2001 01:27:00 +0000
Subject: [PATCH] stripslash email messages + remove &nbsp;'s from usernames,
 email addresses

git-svn-id: file:///svn/phpbb/trunk@1444 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/profile.php | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/phpBB/profile.php b/phpBB/profile.php
index 7ed4ec653f..3cacb443a0 100644
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -470,10 +470,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 			if( $mode == "editprofile" )
 			{
 				$user_id = intval($HTTP_POST_VARS['user_id']);
-				$current_email = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['current_email'])));
+				$current_email = trim(strip_tags(htmlspecialchars(str_replace("&nbsp;", " ",$HTTP_POST_VARS['current_email']))));
 			}
-			$username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags($HTTP_POST_VARS['username'])) : "";
-			$email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : "";
+
+			$username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags(str_replace("&nbsp;", " ", $HTTP_POST_VARS['username']))) : "";
+			$email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars(str_replace("&nbsp;", " ",$HTTP_POST_VARS['email'])))) : "";
 
 			$password_current = (!empty($HTTP_POST_VARS['cur_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['cur_password']))) : "";
 			$password = (!empty($HTTP_POST_VARS['new_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['new_password']))) : "";
@@ -774,16 +775,19 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 								}
 								else
 								{
+									$l_avatar_size = sprintf($lang['Avatar_imagesize'], $board_config['avatar_max_width'], $board_config['avatar_max_height']);
+
 									$error = true;
-									$error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Avatar_imagesize'] : $lang['Avatar_imagesize'];
+									$error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
 								}
 							}
 						}
 						else
 						{
+							$l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
+
 							$error = true;
-							$error_filesize = $lang['Avatar_filesize'] . " " . round($board_config['avatar_filesize'] / 1024) . " " . $lang['kB'];
-							$error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $error_filesize : $error_filesize;
+							$error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
 						}
 					}
 					else
@@ -1112,13 +1116,13 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 
 								$emailer->use_template($email_template);
 								$emailer->email_address($email);
-								$emailer->set_subject($lang['Welcome_subject']);
+								$emailer->set_subject(sprintf($lang['Welcome_subject'], $board_config['sitename']));
 								$emailer->extra_headers($email_headers);
 
 								if( $coppa )
 								{
 									$emailer->assign_vars(array(
-										"WELCOME_MSG" => $lang['Welcome_subject'],
+										"WELCOME_MSG" => sprintf($lang['Welcome_subject'], $board_config['sitename']),
 										"USERNAME" => $username,
 										"PASSWORD" => $password_confirm,
 										"EMAIL_SIG" => str_replace("<br />", "\n", "-- \n" . $board_config['board_email_sig']),
@@ -1140,7 +1144,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 								else
 								{
 									$emailer->assign_vars(array(
-										"WELCOME_MSG" => $lang['Welcome_subject'],
+										"WELCOME_MSG" => sprintf($lang['Welcome_subject'], $board_config['sitename']),
 										"USERNAME" => $username,
 										"PASSWORD" => $password_confirm,
 										"EMAIL_SIG" => str_replace("<br />", "\n", "-- \n" . $board_config['board_email_sig']),
@@ -1160,7 +1164,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 									$emailer->extra_headers($email_headers);
 
 									$emailer->assign_vars(array(
-										"WELCOME_MSG" => $lang['Welcome_subject'],
+										"WELCOME_MSG" => sprintf($lang['Welcome_subject'], $board_config['sitename']),
 										"USERNAME" => $username,
 										"EMAIL_SIG" => str_replace("<br />", "\n", "-- \n" . $board_config['board_email_sig']),
 
@@ -1861,7 +1865,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 
 					if( !empty($HTTP_POST_VARS['subject']) )
 					{
-						$subject = trim(strip_tags($HTTP_POST_VARS['subject']));
+						$subject = trim(strip_tags(stripslashes($HTTP_POST_VARS['subject'])));
 					}
 					else
 					{
@@ -1871,7 +1875,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 
 					if( !empty($HTTP_POST_VARS['message']) )
 					{
-						$message = trim(strip_tags($HTTP_POST_VARS['message']));
+						$message = trim(strip_tags(stripslashes($HTTP_POST_VARS['message'])));
 					}
 					else
 					{