$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain);
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
$id = $oldid;
$oldid=0;
$oldid=0;
}
}
@ -1992,7 +1992,7 @@
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
showheader(_("My CAcert.org Account!"));
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), $domain);
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']);
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else {
} else {
$row = mysql_fetch_assoc($res);
$row = mysql_fetch_assoc($res);
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
@ -2374,7 +2374,7 @@
} else {
} else {
mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"));
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"));
printf(_("The password for %s has been updated successfully in the system."), $row['email']);
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));