Changeset 4304 for trunk/include
- Timestamp:
- Nov 18, 2009, 9:07:20 PM (14 years ago)
- Location:
- trunk/include
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/functions_comment.inc.php
r3600 r4304 100 100 SELECT COUNT(*) AS user_exists 101 101 FROM '.USERS_TABLE.' 102 WHERE '.$conf['user_fields']['username']." = '". $comm['author']."'";102 WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'"; 103 103 $row = mysql_fetch_assoc( pwg_query( $query ) ); 104 104 if ( $row['user_exists'] == 1 ) -
trunk/include/functions_mail.inc.php
r4265 r4304 365 365 $keyargs_content_admin_info = array 366 366 ( 367 get_l10n_args('Connected user: %s', $user['username']),367 get_l10n_args('Connected user: %s', stripslashes($user['username'])), 368 368 get_l10n_args('IP: %s', $_SERVER['REMOTE_ADDR']), 369 369 get_l10n_args('Browser: %s', $_SERVER['HTTP_USER_AGENT']) … … 484 484 if (!empty($row['mail_address'])) 485 485 { 486 array_push($Bcc, format_email( $row['username'], $row['mail_address']));486 array_push($Bcc, format_email(stripslashes($row['username']), $row['mail_address'])); 487 487 } 488 488 } … … 795 795 if ( mkgetdir( $dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) ) 796 796 { 797 $filename = $dir.'/mail.'. $user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];797 $filename = $dir.'/mail.'.stripslashes($user['username']).'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme']; 798 798 if ($args['content_format'] == 'text/plain') 799 799 { -
trunk/include/functions_user.inc.php
r4265 r4304 171 171 $keyargs_content = array 172 172 ( 173 get_l10n_args('User: %s', $login),173 get_l10n_args('User: %s', stripslashes($login)), 174 174 get_l10n_args('Email: %s', $_POST['mail_address']), 175 175 get_l10n_args('', ''), … … 179 179 pwg_mail_notification_admins 180 180 ( 181 get_l10n_args('Registration of %s', $login),181 get_l10n_args('Registration of %s', stripslashes($login)), 182 182 $keyargs_content 183 183 ); … … 934 934 { 935 935 $row = mysql_fetch_assoc($result); 936 $username = $row['username'];937 $data = $time. $row['username'].$row['password'];936 $username = stripslashes($row['username']); 937 $data = $time.stripslashes($row['username']).$row['password']; 938 938 $key = base64_encode( 939 939 pack('H*', sha1($data)) … … 1019 1019 { 1020 1020 log_user($cookie[0], true); 1021 trigger_action('login_success', $username);1021 trigger_action('login_success', stripslashes($username)); 1022 1022 return true; 1023 1023 } … … 1040 1040 '.$conf['user_fields']['password'].' AS password 1041 1041 FROM '.USERS_TABLE.' 1042 WHERE '.$conf['user_fields']['username'].' = \''. $username.'\'1042 WHERE '.$conf['user_fields']['username'].' = \''.mysql_real_escape_string($username).'\' 1043 1043 ;'; 1044 1044 $row = mysql_fetch_assoc(pwg_query($query)); … … 1046 1046 { 1047 1047 log_user($row['id'], $remember_me); 1048 trigger_action('login_success', $username);1048 trigger_action('login_success', stripslashes($username)); 1049 1049 return true; 1050 1050 } 1051 trigger_action('login_failure', $username);1051 trigger_action('login_failure', stripslashes($username)); 1052 1052 return false; 1053 1053 } -
trunk/include/menubar.inc.php
r3282 r4304 282 282 else 283 283 { 284 $template->assign('USERNAME', $user['username']);284 $template->assign('USERNAME', stripslashes($user['username'])); 285 285 if (is_autorize_status(ACCESS_CLASSIC)) 286 286 { -
trunk/include/picture_comment.inc.php
r4265 r4304 47 47 48 48 $comm = array( 49 'author' => trim( @$_POST['author']),50 'content' => trim( $_POST['content']),49 'author' => trim( stripslashes(@$_POST['author']) ), 50 'content' => trim( stripslashes($_POST['content']) ), 51 51 'image_id' => $page['image_id'], 52 52 ); … … 153 153 else 154 154 { 155 $author = $row['username'];155 $author = stripslashes($row['username']); 156 156 } 157 157 -
trunk/include/ws_functions.inc.php
r3720 r4304 524 524 525 525 $comm = array( 526 'author' => trim( $params['author']),527 'content' => trim( $params['content']),526 'author' => trim( stripslashes($params['author']) ), 527 'content' => trim( stripslashes($params['content']) ), 528 528 'image_id' => $params['image_id'], 529 529 ); … … 701 701 ) 702 702 { 703 $comment_post_data['author'] = $user['username'];703 $comment_post_data['author'] = stripslashes($user['username']); 704 704 $comment_post_data['key'] = get_comment_post_key($params['image_id']); 705 705 } … … 1255 1255 global $user; 1256 1256 $res = array(); 1257 $res['username'] = is_a_guest() ? 'guest' : $user['username'];1257 $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']); 1258 1258 foreach ( array('status', 'template', 'theme', 'language') as $k ) 1259 1259 {
Note: See TracChangeset
for help on using the changeset viewer.