/branches/2.8.x/wb/account/save_confirm.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1777

Added by Dietmar about 12 years ago

+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates

     /* -------------------------------------------------------- */
     // Must include code to stop this file being accessed directly
     if(defined('WB_PATH') == false)
+    {
     	die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
     if(!defined('WB_PATH')) {
     	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
     	throw new IllegalFileException();
+    }
     /* -------------------------------------------------------- */
     require_once(dirname(__FILE__).'/AccountSignup.php');
     AccountSignup::deleteOutdatedConfirmations();
     $sPassword = isset($_POST['new_password_1'])     ? mysql_escape_string($_POST['new_password_1']) : '';
     $sLoginName = isset($_POST['new_loginname'])     ? mysql_escape_string($_POST['new_loginname']) : '';
     $sConfirmationId = isset($_POST['confirm_code']) ? mysql_escape_string($_POST['confirm_code'])   : '';
     $sPassword = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_password_1')));
     $sLoginName = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_loginname')));
     $sConfirmationId = mysql_escape_string($wb->StripCodeFromText($wb->get_post('confirm_code')));
     $bSendRegistrationMailtoUser = false;
     $bSendRegistrationMailtoAdmin = false;
     $aUser = array();

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1777

Added by Dietmar about 12 years ago