diff --git a/includes/account.php b/includes/account.php index 94ccdb1..56457b9 100644 --- a/includes/account.php +++ b/includes/account.php @@ -48,7 +48,7 @@ exit; } $checkemail = checkEmail($_REQUEST['newemail']); - if($checkemail != true) + if($checkemail != "OK") { showheader(_("My CAcert.org Account!")); echo "
"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."
\n"; @@ -427,7 +427,7 @@ exit; } $checkemail = checkEmail($_REQUEST['newemail']); - if($checkemail != true) + if($checkemail != "OK") { showheader(_("My CAcert.org Account!")); echo ""._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."
\n"; diff --git a/includes/general.php b/includes/general.php index 6353c80..5a606dd 100644 --- a/includes/general.php +++ b/includes/general.php @@ -88,7 +88,7 @@ if($_SESSION['_config']['language'] == "") { - $bits = explode(",", strtolower(str_replace(" ", "", $_SERVER['HTTP_ACCEPT_LANGUAGE']))); + $bits = explode(",", strtolower(str_replace(" ", "", mysql_real_escape_string($_SERVER['HTTP_ACCEPT_LANGUAGE'])))); foreach($bits as $lang) { $b = explode(";", $lang); @@ -105,6 +105,7 @@ foreach($value as $key => $val) { + $val = substr(escapeshellarg($val), 1, -1); $short = substr($val, 0, 2); if($val == "en" || $short == "en") { @@ -624,7 +625,7 @@ break; } } - return true; + return "OK"; } return _("Failed to make a connection to the mail server"); } diff --git a/pages/account/43.php b/pages/account/43.php index 83d4dfb..2ee125e 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -168,7 +168,10 @@