Revision 656
Added by thorn over 17 years ago
| save.php | ||
|---|---|---|
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 | 42 |
// Gather details entered |
| 43 |
$groups_id = (isset($_POST['groups'])) ? $groups_id = implode(",", $_POST['groups']) : '';
|
|
| 44 |
$active = $_POST['active'][0];
|
|
| 45 |
$username_fieldname = $admin->get_post('username_fieldname');
|
|
| 46 |
$username = strtolower($admin->get_post($username_fieldname)); |
|
| 43 |
$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : '';
|
|
| 44 |
$active = $admin->add_slashes($_POST['active'][0]);
|
|
| 45 |
$username_fieldname = $admin->get_post_escaped('username_fieldname');
|
|
| 46 |
$username = strtolower($admin->get_post_escaped($username_fieldname));
|
|
| 47 | 47 |
$password = $admin->get_post('password');
|
| 48 | 48 |
$password2 = $admin->get_post('password2');
|
| 49 |
$display_name = $admin->get_post('display_name');
|
|
| 50 |
$email = $admin->get_post('email');
|
|
| 51 |
$home_folder = $admin->get_post('home_folder');
|
|
| 49 |
$display_name = $admin->get_post_escaped('display_name');
|
|
| 50 |
$email = $admin->get_post_escaped('email');
|
|
| 51 |
$home_folder = $admin->get_post_escaped('home_folder');
|
|
| 52 | 52 |
|
| 53 | 53 |
// Create a javascript back link |
| 54 | 54 |
$js_back = "javascript: history.go(-1);"; |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].