diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-01-02 14:39:35 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-01-02 14:39:35 +0000 |
| commit | 0c7dec9e546dcd8c9d5e54e3af53ad6131810729 (patch) | |
| tree | 2f90137555f16243f065ad2907d1cc532881bb5b /phpBB | |
| parent | dc13be9db101fac06fc8953552058c5ae5762575 (diff) | |
| download | forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar.gz forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar.bz2 forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.tar.xz forums-0c7dec9e546dcd8c9d5e54e3af53ad6131810729.zip | |
Fix bug #495335 by removing specialchars and strip_tags from password checks
git-svn-id: file:///svn/phpbb/trunk@1774 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/profile.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/profile.php b/phpBB/profile.php index b62b288ae7..bd0998fa14 100644 --- a/phpBB/profile.php +++ b/phpBB/profile.php @@ -467,9 +467,9 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) $username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags(str_replace(" ", " ", $HTTP_POST_VARS['username']))) : ""; $email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars(str_replace(" ", " ",$HTTP_POST_VARS['email'])))) : ""; - $password_current = (!empty($HTTP_POST_VARS['cur_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['cur_password']))) : ""; - $password = (!empty($HTTP_POST_VARS['new_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['new_password']))) : ""; - $password_confirm = (!empty($HTTP_POST_VARS['password_confirm'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : ""; + $password_current = (!empty($HTTP_POST_VARS['cur_password'])) ? trim($HTTP_POST_VARS['cur_password']) : ""; + $password = (!empty($HTTP_POST_VARS['new_password'])) ? trim($HTTP_POST_VARS['new_password']) : ""; + $password_confirm = (!empty($HTTP_POST_VARS['password_confirm'])) ? trim($HTTP_POST_VARS['password_confirm']) : ""; $icq = (!empty($HTTP_POST_VARS['icq'])) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : ""; $aim = (!empty($HTTP_POST_VARS['aim'])) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : ""; |