summaryrefslogtreecommitdiff
path: root/includes/pages/guest_login.php
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2013-12-27 19:45:50 +0100
committerPhilip Häusler <msquare@notrademark.de>2013-12-27 19:45:50 +0100
commit9da2ff6f9f8a422b17b45e4ec2eb4cd26c5669e9 (patch)
treeadc61a0095addf05f480bc54f006c6a72dc6e684 /includes/pages/guest_login.php
parent9d709b2a7349fc5b2ad9d84ddc36c505cccafed1 (diff)
#137 fixed xss on login
Diffstat (limited to 'includes/pages/guest_login.php')
-rw-r--r--includes/pages/guest_login.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index cd77d9fc..1a8465dc 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -40,8 +40,8 @@ function guest_register() {
if (isset($_REQUEST['submit'])) {
$ok = true;
- if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
- $nick = strip_request_item('nick');
+ if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
+ $nick = User_validate_Nick($_REQUEST['nick']);
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
$ok = false;
$msg .= error(sprintf(_("Your nick &quot;%s&quot; already exists."), $nick), true);
@@ -178,8 +178,8 @@ function guest_login() {
if (isset($_REQUEST['submit'])) {
$ok = true;
- if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) {
- $nick = strip_request_item('nick');
+ if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) {
+ $nick = User_validate_Nick($_REQUEST['nick']);
$login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
if (count($login_user) > 0) {
$login_user = $login_user[0];
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-29 06:27:21 +0000