makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

pooh bum crap ... how did I miss these, they were even listed in the private forum ... doh ... all afternoon I spent correcting patch errors ...

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3308 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-01-10 21:28:10 +00:00
parent 44d3b549ea
commit 74c5b16a3d
2 changed files with 10 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
phpBB/includes/usercp_register.php
View file

@ -93,22 +93,19 @@ if (
if ( $mode == 'editprofile' ) if ( $mode == 'editprofile' )
{ {
$user_id = intval($HTTP_POST_VARS['user_id']); $user_id = intval($HTTP_POST_VARS['user_id']);
$current_email = trim(strip_tags($HTTP_POST_VARS['current_email'])); $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
} }
$strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');
// Strip all tags from data ... may p**s some people off, could use // Strip all tags from data ... may p**s some people off, bah, strip_tags is
// htmlspecialchars but given the fields are limited in length we'd end // doing the job but can still break HTML output ... have no choice, have
// up with (possibly) losing some data. Of course we could store the data // to use htmlspecialchars ... be prepared to be moaned at.
// "as is" and specialchar it as it's output but then we run into potential
// performance issues ... whichever way we go we'll end up being moaned at
// "hum ho, ho hum" (TM)
while( list($var, $param) = @each($strip_var_list) ) while( list($var, $param) = @each($strip_var_list) )
{ {
if ( !empty($HTTP_POST_VARS[$param]) ) if ( !empty($HTTP_POST_VARS[$param]) )
{ {
$$var = trim(strip_tags($HTTP_POST_VARS[$param])); $$var = trim(htmlspecialchars($HTTP_POST_VARS[$param]));
} }
} }
@ -157,7 +154,7 @@ if (
{ {
if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) ) if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
{ {
$user_lang = strip_tags($HTTP_POST_VARS['language']); $user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
} }
else else
{ {
@ -171,11 +168,11 @@ if (
} }
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone']; $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(strip_tags($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat']; $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? strip_tags($HTTP_POST_VARS['avatarlocal']) : '' ); $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(strip_tags($HTTP_POST_VARS['avatarremoteurl'])) : ''; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' ); $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : ''; $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
@ -223,7 +220,6 @@ if ( $userdata['session_logged_in'] && $mode =="register" && $username == $userd
message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__); message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
} }
// //
// Did the user submit? In this case build a query to update the users profile in the DB // Did the user submit? In this case build a query to update the users profile in the DB
// //

2
phpBB/templates/subSilver/admin/board_config_body.tpl
View file

@ -237,7 +237,7 @@
</tr> </tr>
<tr> <tr>
<td class="row1">{L_SMTP_PASSWORD}<br /><span class="gensmall">{L_SMTP_PASSWORD_EXPLAIN}</span></td> <td class="row1">{L_SMTP_PASSWORD}<br /><span class="gensmall">{L_SMTP_PASSWORD_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="password name="smtp_password" value="{SMTP_PASSWORD}" size="25" maxlength="255" /></td> <td class="row2"><input class="post" type="password" name="smtp_password" value="{SMTP_PASSWORD}" size="25" maxlength="255" /></td>
</tr> </tr>
<tr> <tr>
<td class="catBottom" colspan="2" align="center">{S_HIDDEN_FIELDS}<input type="submit" name="submit" value="{L_SUBMIT}" class="mainoption" />&nbsp;&nbsp;<input type="reset" value="{L_RESET}" class="liteoption" /> <td class="catBottom" colspan="2" align="center">{S_HIDDEN_FIELDS}<input type="submit" name="submit" value="{L_SUBMIT}" class="mainoption" />&nbsp;&nbsp;<input type="reset" value="{L_RESET}" class="liteoption" />