Ignore:
Timestamp:
Nov 18, 2009, 9:07:20 PM (14 years ago)
Author:
Eric
Message:

Escape all login and username characters in database
Display correctly usernames

(I hope not to have made mistakes)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/notification_by_mail.php

    r4265 r4304  
    176176        sprintf(
    177177          l10n('nbm_user_x_added'),
    178           $nbm_user['username'],
     178          stripslashes($nbm_user['username']),
    179179          get_email_address_as_display_text($nbm_user['mail_address'])
    180180        )
     
    389389              if (pwg_mail
    390390                  (
    391                     format_email($nbm_user['username'], $nbm_user['mail_address']),
     391                    format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']),
    392392                    array
    393393                    (
     
    666666      if (get_boolean($nbm_user['enabled']))
    667667      {
    668         $opt_true[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
     668        $opt_true[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
    669669        if ((isset($_POST['falsify']) and isset($_POST['cat_true']) and in_array($nbm_user['check_key'], $_POST['cat_true'])))
    670670        {
     
    674674      else
    675675      {
    676         $opt_false[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
     676        $opt_false[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
    677677        if (isset($_POST['trueify']) and isset($_POST['cat_false']) and in_array($nbm_user['check_key'], $_POST['cat_false']))
    678678        {
     
    719719                              !in_array($nbm_user['check_key'], $_POST['send_selection']) // not selected
    720720                            )   ? '' : 'checked="checked"',
    721               'USERNAME'=> $nbm_user['username'],
     721              'USERNAME'=> stripslashes($nbm_user['username']),
    722722              'EMAIL' => get_email_address_as_display_text($nbm_user['mail_address']),
    723723              'LAST_SEND'=> $nbm_user['last_send']
Note: See TracChangeset for help on using the changeset viewer.