Changeset 2087 in ExiteCMS for trunk/register.php

Timestamp:

12/01/08 12:12:32 (3 years ago)

Author:

WanWizard

Message:

fixed bug in registration when using single quotes in the user fullname when registering
fixed several bugs in user activation

File:

• trunk/register.php (modified) (3 diffs)

trunk/register.php

@@ -22 +22 @@
 
 // do we want extensive email checks?
-define('CHECK_EMAIL', true);
+define('CHECK_EMAIL', false);
 
 // temp storage for template variables
@@ -191 +191 @@
                         "user_hide_email" => isNum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"
                     ));
-                    $result = dbquery("INSERT INTO ".$db_prefix."new_users (user_code, user_email, user_datestamp, user_info) VALUES('$user_code', '".$email."', '".time()."', '$user_info')");
+                    $result = dbquery("INSERT INTO ".$db_prefix."new_users (user_code, user_email, user_datestamp, user_info) VALUES('$user_code', '".$email."', '".time()."', '".mysql_real_escape_string($user_info)."')");
                     $variables['message'] = $locale['454'];
                     $title = $locale['400'];
@@ -207 +207 @@
                     $variables['message'] = $locale['453'];
                     // send the webmaster a PM that an account needs to be activated
-                    $result = dbquery("INSERT INTO ".$db_prefix."pm (pm_subject, pm_message, pm_recipients, pm_size, pm_datestamp) VALUES ('".$locale['509']."', '".mysql_escape_string(sprintf($locale['510'], $username))."', '1', '100', '".time()."')");
+                    $result = dbquery("INSERT INTO ".$db_prefix."pm (pm_subject, pm_message, pm_recipients, pm_size, pm_datestamp) VALUES ('".$locale['509']."', '".mysql_real_escape_string(sprintf($locale['510'], $username))."', '1', '100', '".time()."')");
                     if ($result) {
                         $pm_id = mysql_insert_id();