diff options
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 40eaaf2cfc..ec72d2c940 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -438,8 +438,12 @@ class userdata extends user { global $db, $user; + // Clean up username ... convert any entities into normal + // text, remove excess spaces, then escape it + $username = strtr(trim($username), array_flip(get_html_translation_table(HTML_ENTITIES))); + $username = preg_replace('#[\s]{2,}#', '', $username); $username = $db->sql_escape($username); - + $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; @@ -500,7 +504,7 @@ class userdata extends user if ($email != '') { - if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) + if (preg_match('#^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$#is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; |