Revision 656
Added by thorn over 17 years ago
| add.php | ||
|---|---|---|
| 32 | 32 |
$database = new database(); |
| 33 | 33 |
|
| 34 | 34 |
// Get details entered |
| 35 |
$groups_id = implode(",", $_POST['groups']); //should check permissions
|
|
| 36 |
$active = $_POST['active'][0];
|
|
| 37 |
$username_fieldname = $admin->get_post('username_fieldname');
|
|
| 38 |
$username = strtolower($admin->get_post($username_fieldname)); |
|
| 35 |
$groups_id = implode(",", $admin->add_slashes($_POST['groups'])); //should check permissions
|
|
| 36 |
$active = $admin->add_slashes($_POST['active'][0]);
|
|
| 37 |
$username_fieldname = $admin->get_post_escaped('username_fieldname');
|
|
| 38 |
$username = strtolower($admin->get_post_escaped($username_fieldname));
|
|
| 39 | 39 |
$password = $admin->get_post('password');
|
| 40 | 40 |
$password2 = $admin->get_post('password2');
|
| 41 |
$display_name = $admin->get_post('display_name');
|
|
| 42 |
$email = $admin->get_post('email');
|
|
| 43 |
$home_folder = $admin->get_post('home_folder');
|
|
| 41 |
$display_name = $admin->get_post_escaped('display_name');
|
|
| 42 |
$email = $admin->get_post_escaped('email');
|
|
| 43 |
$home_folder = $admin->get_post_escaped('home_folder');
|
|
| 44 | 44 |
$default_language = DEFAULT_LANGUAGE; |
| 45 | 45 |
|
| 46 | 46 |
// Create a javascript back link |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].