mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 22:28:51 +00:00
pooh bum crap ... how did I miss these, they were even listed in the private forum ... doh ... all afternoon I spent correcting patch errors ...
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3308 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
44d3b549ea
commit
74c5b16a3d
2 changed files with 10 additions and 14 deletions
|
|
@ -93,22 +93,19 @@ if (
|
|||
if ( $mode == 'editprofile' )
|
||||
{
|
||||
$user_id = intval($HTTP_POST_VARS['user_id']);
|
||||
$current_email = trim(strip_tags($HTTP_POST_VARS['current_email']));
|
||||
$current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
|
||||
}
|
||||
|
||||
$strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');
|
||||
|
||||
// Strip all tags from data ... may p**s some people off, could use
|
||||
// htmlspecialchars but given the fields are limited in length we'd end
|
||||
// up with (possibly) losing some data. Of course we could store the data
|
||||
// "as is" and specialchar it as it's output but then we run into potential
|
||||
// performance issues ... whichever way we go we'll end up being moaned at
|
||||
// "hum ho, ho hum" (TM)
|
||||
// Strip all tags from data ... may p**s some people off, bah, strip_tags is
|
||||
// doing the job but can still break HTML output ... have no choice, have
|
||||
// to use htmlspecialchars ... be prepared to be moaned at.
|
||||
while( list($var, $param) = @each($strip_var_list) )
|
||||
{
|
||||
if ( !empty($HTTP_POST_VARS[$param]) )
|
||||
{
|
||||
$$var = trim(strip_tags($HTTP_POST_VARS[$param]));
|
||||
$$var = trim(htmlspecialchars($HTTP_POST_VARS[$param]));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -157,7 +154,7 @@ if (
|
|||
{
|
||||
if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
|
||||
{
|
||||
$user_lang = strip_tags($HTTP_POST_VARS['language']);
|
||||
$user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -171,11 +168,11 @@ if (
|
|||
}
|
||||
|
||||
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
|
||||
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(strip_tags($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
|
||||
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
|
||||
|
||||
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? strip_tags($HTTP_POST_VARS['avatarlocal']) : '' );
|
||||
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
|
||||
|
||||
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(strip_tags($HTTP_POST_VARS['avatarremoteurl'])) : '';
|
||||
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
|
||||
$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
|
||||
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
|
||||
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
|
||||
|
|
@ -223,7 +220,6 @@ if ( $userdata['session_logged_in'] && $mode =="register" && $username == $userd
|
|||
message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Did the user submit? In this case build a query to update the users profile in the DB
|
||||
//
|
||||
|
|
|
|||
|
|
@ -237,7 +237,7 @@
|
|||
</tr>
|
||||
<tr>
|
||||
<td class="row1">{L_SMTP_PASSWORD}<br /><span class="gensmall">{L_SMTP_PASSWORD_EXPLAIN}</span></td>
|
||||
<td class="row2"><input class="post" type="password name="smtp_password" value="{SMTP_PASSWORD}" size="25" maxlength="255" /></td>
|
||||
<td class="row2"><input class="post" type="password" name="smtp_password" value="{SMTP_PASSWORD}" size="25" maxlength="255" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="catBottom" colspan="2" align="center">{S_HIDDEN_FIELDS}<input type="submit" name="submit" value="{L_SUBMIT}" class="mainoption" /> <input type="reset" value="{L_RESET}" class="liteoption" />
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue