From 0c7dec9e546dcd8c9d5e54e3af53ad6131810729 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Wed, 2 Jan 2002 14:39:35 +0000 Subject: Fix bug #495335 by removing specialchars and strip_tags from password checks git-svn-id: file:///svn/phpbb/trunk@1774 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/profile.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB') diff --git a/phpBB/profile.php b/phpBB/profile.php index b62b288ae7..bd0998fa14 100644 --- a/phpBB/profile.php +++ b/phpBB/profile.php @@ -467,9 +467,9 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) $username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags(str_replace(" ", " ", $HTTP_POST_VARS['username']))) : ""; $email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars(str_replace(" ", " ",$HTTP_POST_VARS['email'])))) : ""; - $password_current = (!empty($HTTP_POST_VARS['cur_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['cur_password']))) : ""; - $password = (!empty($HTTP_POST_VARS['new_password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['new_password']))) : ""; - $password_confirm = (!empty($HTTP_POST_VARS['password_confirm'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : ""; + $password_current = (!empty($HTTP_POST_VARS['cur_password'])) ? trim($HTTP_POST_VARS['cur_password']) : ""; + $password = (!empty($HTTP_POST_VARS['new_password'])) ? trim($HTTP_POST_VARS['new_password']) : ""; + $password_confirm = (!empty($HTTP_POST_VARS['password_confirm'])) ? trim($HTTP_POST_VARS['password_confirm']) : ""; $icq = (!empty($HTTP_POST_VARS['icq'])) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : ""; $aim = (!empty($HTTP_POST_VARS['aim'])) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : ""; -- cgit v1.2.1