From 9da2ff6f9f8a422b17b45e4ec2eb4cd26c5669e9 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Fri, 27 Dec 2013 19:45:50 +0100 Subject: #137 fixed xss on login --- includes/model/User_model.php | 8 ++++++++ includes/pages/guest_login.php | 8 ++++---- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'includes') diff --git a/includes/model/User_model.php b/includes/model/User_model.php index 523685df..a69c288c 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -1,5 +1,13 @@ 1) { - $nick = strip_request_item('nick'); + if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { + $nick = User_validate_Nick($_REQUEST['nick']); if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { $ok = false; $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); @@ -178,8 +178,8 @@ function guest_login() { if (isset($_REQUEST['submit'])) { $ok = true; - if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) { - $nick = strip_request_item('nick'); + if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) { + $nick = User_validate_Nick($_REQUEST['nick']); $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'"); if (count($login_user) > 0) { $login_user = $login_user[0]; -- cgit v1.2.3-54-g00ecf