Revision 656
Added by thorn almost 17 years ago
| signup2.php | ||
|---|---|---|
| 37 | 37 |
// Get details entered |
| 38 | 38 |
$group_id = FRONTEND_SIGNUP; |
| 39 | 39 |
$active = 1; |
| 40 |
$username = strtolower($wb->add_slashes(strip_tags($wb->get_post('username'))));
|
|
| 41 |
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
|
|
| 40 |
$username = strtolower(strip_tags($wb->get_post_escaped('username')));
|
|
| 41 |
$display_name = strip_tags($wb->get_post_escaped('display_name'));
|
|
| 42 | 42 |
$email = $wb->get_post('email');
|
| 43 | 43 |
|
| 44 | 44 |
// Create a javascript back link |
| ... | ... | |
| 94 | 94 |
} |
| 95 | 95 |
|
| 96 | 96 |
// Check if the email already exists |
| 97 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '$email'");
|
|
| 97 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '$wb->add_slashes($email'");
|
|
| 98 | 98 |
if($results->numRows() > 0) {
|
| 99 | 99 |
if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {
|
| 100 | 100 |
$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false); |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].