Changeset 4304
- Timestamp:
- Nov 18, 2009, 9:07:20 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 19 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/comments.php
r3452 r4304 161 161 else 162 162 { 163 $author_name = $row['username'];163 $author_name = stripslashes($row['username']); 164 164 } 165 165 $template->append( -
trunk/admin/history.php
r4265 r4304 260 260 while ($row = mysql_fetch_assoc($result)) 261 261 { 262 $username_of[$row['id']] = $row['username'];262 $username_of[$row['id']] = stripslashes($row['username']); 263 263 } 264 264 } -
trunk/admin/include/c13y_internal.class.php
r4265 r4304 196 196 array( 197 197 'id' => $id, 198 'username' => $name,198 'username' => addslashes($name), 199 199 'password' => $password 200 200 ), -
trunk/admin/include/functions.php
r4265 r4304 2113 2113 } 2114 2114 2115 return $username;2115 return stripslashes($username); 2116 2116 } 2117 2117 -
trunk/admin/include/functions_notification_by_mail.inc.php
r4265 r4304 289 289 290 290 $env_nbm['sent_mail_count'] += 1; 291 array_push($page['infos'], sprintf($env_nbm['msg_info'], $nbm_user['username'], $nbm_user['mail_address']));291 array_push($page['infos'], sprintf($env_nbm['msg_info'], stripslashes($nbm_user['username']), $nbm_user['mail_address'])); 292 292 } 293 293 … … 302 302 303 303 $env_nbm['error_on_mail_count'] += 1; 304 array_push($page['errors'], sprintf($env_nbm['msg_error'], $nbm_user['username'], $nbm_user['mail_address']));304 array_push($page['errors'], sprintf($env_nbm['msg_error'], stripslashes($nbm_user['username']), $nbm_user['mail_address'])); 305 305 } 306 306 … … 339 339 array 340 340 ( 341 'USERNAME' => $nbm_user['username'],341 'USERNAME' => stripslashes($nbm_user['username']), 342 342 343 343 'SEND_AS_NAME' => $env_nbm['send_as_name'], … … 428 428 if (pwg_mail 429 429 ( 430 format_email( $nbm_user['username'], $nbm_user['mail_address']),430 format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']), 431 431 array 432 432 ( … … 466 466 ); 467 467 $updated_data_count += 1; 468 array_push($page['infos'], sprintf($msg_info, $nbm_user['username'], $nbm_user['mail_address']));468 array_push($page['infos'], sprintf($msg_info, stripslashes($nbm_user['username']), $nbm_user['mail_address'])); 469 469 } 470 470 else 471 471 { 472 472 $error_on_updated_data_count += 1; 473 array_push($page['errors'], sprintf($msg_error, $nbm_user['username'], $nbm_user['mail_address']));473 array_push($page['errors'], sprintf($msg_error, stripslashes($nbm_user['username']), $nbm_user['mail_address'])); 474 474 } 475 475 -
trunk/admin/notification_by_mail.php
r4265 r4304 176 176 sprintf( 177 177 l10n('nbm_user_x_added'), 178 $nbm_user['username'],178 stripslashes($nbm_user['username']), 179 179 get_email_address_as_display_text($nbm_user['mail_address']) 180 180 ) … … 389 389 if (pwg_mail 390 390 ( 391 format_email( $nbm_user['username'], $nbm_user['mail_address']),391 format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']), 392 392 array 393 393 ( … … 666 666 if (get_boolean($nbm_user['enabled'])) 667 667 { 668 $opt_true[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';668 $opt_true[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']'; 669 669 if ((isset($_POST['falsify']) and isset($_POST['cat_true']) and in_array($nbm_user['check_key'], $_POST['cat_true']))) 670 670 { … … 674 674 else 675 675 { 676 $opt_false[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';676 $opt_false[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']'; 677 677 if (isset($_POST['trueify']) and isset($_POST['cat_false']) and in_array($nbm_user['check_key'], $_POST['cat_false'])) 678 678 { … … 719 719 !in_array($nbm_user['check_key'], $_POST['send_selection']) // not selected 720 720 ) ? '' : 'checked="checked"', 721 'USERNAME'=> $nbm_user['username'],721 'USERNAME'=> stripslashes($nbm_user['username']), 722 722 'EMAIL' => get_email_address_as_display_text($nbm_user['mail_address']), 723 723 'LAST_SEND'=> $nbm_user['last_send'] -
trunk/admin/rating.php
r4265 r4304 97 97 while ($row = mysql_fetch_assoc($result)) 98 98 { 99 $users[$row['id']]= $row['username'];99 $users[$row['id']]=stripslashes($row['username']); 100 100 } 101 101 -
trunk/admin/upload.php
r4265 r4304 178 178 'PREVIEW_URL_IMG'=>$preview_url, 179 179 'UPLOAD_EMAIL'=>get_email_address_as_display_text($row['mail_address']), 180 'UPLOAD_USERNAME'=> $row['username']180 'UPLOAD_USERNAME'=>stripslashes($row['username']) 181 181 ); 182 182 -
trunk/admin/user_list.php
r4265 r4304 703 703 'U_PROFILE' => $profile_url.$local_user['id'], 704 704 'U_PERM' => $perm_url.$local_user['id'], 705 'USERNAME' => $local_user['username']705 'USERNAME' => stripslashes($local_user['username']) 706 706 .($local_user['id'] == $conf['guest_id'] 707 707 ? '<br>['.l10n('is_the_guest').']' : '') -
trunk/feed.php
r3282 r4304 107 107 $rss->encoding=get_pwg_charset(); 108 108 $rss->title = $conf['gallery_title']; 109 $rss->title.= ' (as '. $user['username'].')';109 $rss->title.= ' (as '.stripslashes($user['username']).')'; 110 110 111 111 $rss->link = $conf['gallery_url']; -
trunk/include/functions_comment.inc.php
r3600 r4304 100 100 SELECT COUNT(*) AS user_exists 101 101 FROM '.USERS_TABLE.' 102 WHERE '.$conf['user_fields']['username']." = '". $comm['author']."'";102 WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'"; 103 103 $row = mysql_fetch_assoc( pwg_query( $query ) ); 104 104 if ( $row['user_exists'] == 1 ) -
trunk/include/functions_mail.inc.php
r4265 r4304 365 365 $keyargs_content_admin_info = array 366 366 ( 367 get_l10n_args('Connected user: %s', $user['username']),367 get_l10n_args('Connected user: %s', stripslashes($user['username'])), 368 368 get_l10n_args('IP: %s', $_SERVER['REMOTE_ADDR']), 369 369 get_l10n_args('Browser: %s', $_SERVER['HTTP_USER_AGENT']) … … 484 484 if (!empty($row['mail_address'])) 485 485 { 486 array_push($Bcc, format_email( $row['username'], $row['mail_address']));486 array_push($Bcc, format_email(stripslashes($row['username']), $row['mail_address'])); 487 487 } 488 488 } … … 795 795 if ( mkgetdir( $dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) ) 796 796 { 797 $filename = $dir.'/mail.'. $user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];797 $filename = $dir.'/mail.'.stripslashes($user['username']).'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme']; 798 798 if ($args['content_format'] == 'text/plain') 799 799 { -
trunk/include/functions_user.inc.php
r4265 r4304 171 171 $keyargs_content = array 172 172 ( 173 get_l10n_args('User: %s', $login),173 get_l10n_args('User: %s', stripslashes($login)), 174 174 get_l10n_args('Email: %s', $_POST['mail_address']), 175 175 get_l10n_args('', ''), … … 179 179 pwg_mail_notification_admins 180 180 ( 181 get_l10n_args('Registration of %s', $login),181 get_l10n_args('Registration of %s', stripslashes($login)), 182 182 $keyargs_content 183 183 ); … … 934 934 { 935 935 $row = mysql_fetch_assoc($result); 936 $username = $row['username'];937 $data = $time. $row['username'].$row['password'];936 $username = stripslashes($row['username']); 937 $data = $time.stripslashes($row['username']).$row['password']; 938 938 $key = base64_encode( 939 939 pack('H*', sha1($data)) … … 1019 1019 { 1020 1020 log_user($cookie[0], true); 1021 trigger_action('login_success', $username);1021 trigger_action('login_success', stripslashes($username)); 1022 1022 return true; 1023 1023 } … … 1040 1040 '.$conf['user_fields']['password'].' AS password 1041 1041 FROM '.USERS_TABLE.' 1042 WHERE '.$conf['user_fields']['username'].' = \''. $username.'\'1042 WHERE '.$conf['user_fields']['username'].' = \''.mysql_real_escape_string($username).'\' 1043 1043 ;'; 1044 1044 $row = mysql_fetch_assoc(pwg_query($query)); … … 1046 1046 { 1047 1047 log_user($row['id'], $remember_me); 1048 trigger_action('login_success', $username);1048 trigger_action('login_success', stripslashes($username)); 1049 1049 return true; 1050 1050 } 1051 trigger_action('login_failure', $username);1051 trigger_action('login_failure', stripslashes($username)); 1052 1052 return false; 1053 1053 } -
trunk/include/menubar.inc.php
r3282 r4304 282 282 else 283 283 { 284 $template->assign('USERNAME', $user['username']);284 $template->assign('USERNAME', stripslashes($user['username'])); 285 285 if (is_autorize_status(ACCESS_CLASSIC)) 286 286 { -
trunk/include/picture_comment.inc.php
r4265 r4304 47 47 48 48 $comm = array( 49 'author' => trim( @$_POST['author']),50 'content' => trim( $_POST['content']),49 'author' => trim( stripslashes(@$_POST['author']) ), 50 'content' => trim( stripslashes($_POST['content']) ), 51 51 'image_id' => $page['image_id'], 52 52 ); … … 153 153 else 154 154 { 155 $author = $row['username'];155 $author = stripslashes($row['username']); 156 156 } 157 157 -
trunk/include/ws_functions.inc.php
r3720 r4304 524 524 525 525 $comm = array( 526 'author' => trim( $params['author']),527 'content' => trim( $params['content']),526 'author' => trim( stripslashes($params['author']) ), 527 'content' => trim( stripslashes($params['content']) ), 528 528 'image_id' => $params['image_id'], 529 529 ); … … 701 701 ) 702 702 { 703 $comment_post_data['author'] = $user['username'];703 $comment_post_data['author'] = stripslashes($user['username']); 704 704 $comment_post_data['key'] = get_comment_post_key($params['image_id']); 705 705 } … … 1255 1255 global $user; 1256 1256 $res = array(); 1257 $res['username'] = is_a_guest() ? 'guest' : $user['username'];1257 $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']); 1258 1258 foreach ( array('status', 'template', 'theme', 'language') as $k ) 1259 1259 { -
trunk/password.php
r4265 r4304 85 85 86 86 $infos = 87 l10n('Username').': '. $row['username']87 l10n('Username').': '.stripslashes($row['username']) 88 88 ."\n".l10n('Password').': '.$new_password 89 89 ; -
trunk/profile.php
r4014 r4304 244 244 $template->assign( 245 245 array( 246 'USERNAME'=> $userdata['username'],246 'USERNAME'=>stripslashes($userdata['username']), 247 247 'EMAIL'=>get_email_address_as_display_text(@$userdata['email']), 248 248 'NB_IMAGE_LINE'=>$userdata['nb_image_line'], -
trunk/upload.php
r4265 r4304 361 361 array( 362 362 'ADVISE_TITLE' => $advise_title, 363 'NAME' => $username,363 'NAME' => stripslashes($username), 364 364 'EMAIL' => $mail_address, 365 365 'NAME_IMG' => $name, 366 'AUTHOR_IMG' => $author,366 'AUTHOR_IMG' => stripslashes($author), 367 367 'DATE_IMG' => $date_creation, 368 368 'COMMENT_IMG' => $comment,
Note: See TracChangeset
for help on using the changeset viewer.