diff options
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 8 | 
1 files changed, 6 insertions, 2 deletions
| diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 40eaaf2cfc..ec72d2c940 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -438,8 +438,12 @@ class userdata extends user  	{  		global $db, $user; +		// Clean up username ... convert any entities into normal +		// text, remove excess spaces, then escape it +		$username = strtr(trim($username), array_flip(get_html_translation_table(HTML_ENTITIES))); +		$username = preg_replace('#[\s]{2,}#', '', $username);  		$username = $db->sql_escape($username); -	 +  		$sql = "SELECT username  			FROM " . USERS_TABLE . "  			WHERE LOWER(username) = '" . strtolower($username) . "'"; @@ -500,7 +504,7 @@ class userdata extends user  		if ($email != '')  		{ -			if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) +			if (preg_match('#^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$#is', $email))  			{  				$sql = "SELECT ban_email  					FROM " . BANLIST_TABLE; | 
