aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
authorPaul S. Owen <psotfx@users.sourceforge.net>2002-01-02 14:39:35 +0000
committerPaul S. Owen <psotfx@users.sourceforge.net>2002-01-02 14:39:35 +0000
commit0c7dec9e546dcd8c9d5e54e3af53ad6131810729 (patch)
tree2f90137555f16243f065ad2907d1cc532881bb5b /phpBB
parentdc13be9db101fac06fc8953552058c5ae5762575 (diff)
downloadforums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar
forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar.gz
forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar.bz2
forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar.xz
forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.zip
Fix bug #495335 by removing specialchars and strip_tags from password checks
git-svn-id: file:///svn/phpbb/trunk@1774 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/profile.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/profile.php b/phpBB/profile.php
index b62b288ae7..bd0998fa14 100644
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -467,9 +467,9 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags(str_replace("&nbsp;", " ", $HTTP_POST_VARS['username']))) : "";
$email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars(str_replace("&nbsp;", " ",$HTTP_POST_VARS['email'])))) : "";
- $password_current = (!empty($HTTP_POST_VARS['cur_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['cur_password']))) : "";
- $password = (!empty($HTTP_POST_VARS['new_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['new_password']))) : "";
- $password_confirm = (!empty($HTTP_POST_VARS['password_confirm'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : "";
+ $password_current = (!empty($HTTP_POST_VARS['cur_password'])) ? trim($HTTP_POST_VARS['cur_password']) : "";
+ $password = (!empty($HTTP_POST_VARS['new_password'])) ? trim($HTTP_POST_VARS['new_password']) : "";
+ $password_confirm = (!empty($HTTP_POST_VARS['password_confirm'])) ? trim($HTTP_POST_VARS['password_confirm']) : "";
$icq = (!empty($HTTP_POST_VARS['icq'])) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : "";
$aim = (!empty($HTTP_POST_VARS['aim'])) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : "";