Project

General

Profile

« Previous | Next » 

Revision 1777

Added by Dietmar about 12 years ago

+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates

View differences:

save_confirm.php
17 17

  
18 18
/* -------------------------------------------------------- */
19 19
// Must include code to stop this file being accessed directly
20
if(defined('WB_PATH') == false)
21
{
22
	die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
20
if(!defined('WB_PATH')) {
21
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23 23
}
24 24
/* -------------------------------------------------------- */
25 25

  
26 26
require_once(dirname(__FILE__).'/AccountSignup.php');
27 27
AccountSignup::deleteOutdatedConfirmations();
28
$sPassword = isset($_POST['new_password_1'])     ? mysql_escape_string($_POST['new_password_1']) : '';
29
$sLoginName = isset($_POST['new_loginname'])     ? mysql_escape_string($_POST['new_loginname']) : '';
30
$sConfirmationId = isset($_POST['confirm_code']) ? mysql_escape_string($_POST['confirm_code'])   : '';
31 28

  
29
$sPassword = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_password_1')));
30
$sLoginName = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_loginname')));
31
$sConfirmationId = mysql_escape_string($wb->StripCodeFromText($wb->get_post('confirm_code')));
32

  
32 33
$bSendRegistrationMailtoUser = false;
33 34
$bSendRegistrationMailtoAdmin = false;
34 35
$aUser = array();

Also available in: Unified diff