fix strip_tags for passwords

pull/1/head
root 18 years ago
parent 81ef702a6c
commit 1cc679b01b

@ -968,9 +968,9 @@
if($oldid == 14 && $_REQUEST['process'] != "")
{
$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes(strip_tags($oldpassword))));
$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword1))));
$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword2))));
$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
$id = 14;
showheader(_("My CAcert.org Account!"));

@ -175,7 +175,7 @@
$_SESSION['_config']['errmsg'] = "";
$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
$pword = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['pword']))));
$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0";
$res = mysql_query($query);
@ -239,8 +239,8 @@
$_SESSION['signup']['day'] = intval($day);
$_SESSION['signup']['month'] = intval($month);
$_SESSION['signup']['year'] = intval($year);
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes(strip_tags($pword1))));
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes(strip_tags($pword2))));
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($Q1))));
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($Q2))));
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($Q3))));

@ -1,7 +1,7 @@
<?
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
{
$output_file = $fname = "cacert-20060421.tar.bz2";
$output_file = $fname = "cacert-20060430.tar.bz2";
header('Pragma: public');

Loading…
Cancel
Save