fix strip_tags for passwords
This commit is contained in:
root
parent
81ef702a6c
commit
1cc679b01b
3 changed files with 7 additions and 7 deletions
|
|
@ -968,9 +968,9 @@
|
||||||
|
|
||||||
if($oldid == 14 && $_REQUEST['process'] != "")
|
if($oldid == 14 && $_REQUEST['process'] != "")
|
||||||
{
|
{
|
||||||
$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes(strip_tags($oldpassword))));
|
$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
|
||||||
$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword1))));
|
$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
|
||||||
$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword2))));
|
$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
|
||||||
|
|
||||||
$id = 14;
|
$id = 14;
|
||||||
showheader(_("My CAcert.org Account!"));
|
showheader(_("My CAcert.org Account!"));
|
||||||
|
|
|
||||||
|
|
@ -175,7 +175,7 @@
|
||||||
$_SESSION['_config']['errmsg'] = "";
|
$_SESSION['_config']['errmsg'] = "";
|
||||||
|
|
||||||
$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
|
$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
|
||||||
$pword = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['pword']))));
|
$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
|
||||||
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
|
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
|
||||||
`password`=password('$pword')) and `verified`=1 and `deleted`=0";
|
`password`=password('$pword')) and `verified`=1 and `deleted`=0";
|
||||||
$res = mysql_query($query);
|
$res = mysql_query($query);
|
||||||
|
|
@ -239,8 +239,8 @@
|
||||||
$_SESSION['signup']['day'] = intval($day);
|
$_SESSION['signup']['day'] = intval($day);
|
||||||
$_SESSION['signup']['month'] = intval($month);
|
$_SESSION['signup']['month'] = intval($month);
|
||||||
$_SESSION['signup']['year'] = intval($year);
|
$_SESSION['signup']['year'] = intval($year);
|
||||||
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes(strip_tags($pword1))));
|
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
|
||||||
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes(strip_tags($pword2))));
|
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
|
||||||
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($Q1))));
|
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($Q1))));
|
||||||
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($Q2))));
|
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($Q2))));
|
||||||
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($Q3))));
|
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($Q3))));
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<?
|
<?
|
||||||
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
|
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
|
||||||
{
|
{
|
||||||
$output_file = $fname = "cacert-20060421.tar.bz2";
|
$output_file = $fname = "cacert-20060430.tar.bz2";
|
||||||
|
|
||||||
header('Pragma: public');
|
header('Pragma: public');
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue