[svn r20488] first change, add to all insert remove_xss a data base, this authinscription see FS#4169

16 years ago · 5f1aef130b
parent 35915e77dd
commit 5f1aef130b
2 changed files with 8 additions and 4 deletions
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -1,5 +1,5 @@
 <?php
-// $Id: inscription.php 20443 2009-05-10 08:41:46Z ivantcholakov $
+// $Id: inscription.php 20488 2009-05-11 17:14:41Z cvargas1 $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -447,7 +447,7 @@ if ($form->validate()) {
 				}
 			} 
 	
-			$emailbody = get_lang('Dear')." ".stripslashes("$firstname $lastname").",\n\n".get_lang('YouAreReg')." ".get_setting('siteName')." ".get_lang('Settings')." ".$values['username']."\n".get_lang('Pass')." : ".stripslashes($values['pass1'])."\n\n".get_lang('Address')." ".get_setting('siteName')." ".get_lang('Is')." : ".$portal_url."\n\n".get_lang('Problem')."\n\n".get_lang('Formula').",\n\n".get_setting('administratorName')." ".get_setting('administratorSurname')."\n".get_lang('Manager')." ".get_setting('siteName')."\nT. ".get_setting('administratorTelephone')."\n".get_lang('Email')." : ".get_setting('emailAdministrator');
+			$emailbody = get_lang('Dear')." ".stripslashes(Security::remove_XSS($firstname)." ".Security::remove_XSS($lastname)).",\n\n".get_lang('YouAreReg')." ".get_setting('siteName')." ".get_lang('Settings')." ".$values['username']."\n".get_lang('Pass')." : ".stripslashes($values['pass1'])."\n\n".get_lang('Address')." ".get_setting('siteName')." ".get_lang('Is')." : ".$portal_url."\n\n".get_lang('Problem')."\n\n".get_lang('Formula').",\n\n".get_setting('administratorName')." ".get_setting('administratorSurname')."\n".get_lang('Manager')." ".get_setting('siteName')."\nT. ".get_setting('administratorTelephone')."\n".get_lang('Email')." : ".get_setting('emailAdministrator');
 			
 			// Here we are forming one large header line
 			// Every header must be followed by a \n except the last			
@ -457,7 +457,7 @@ if ($form->validate()) {
 		}
 	}

-	echo "<p>".get_lang('Dear')." ".stripslashes("$recipient_name").",<br /><br />".get_lang('PersonalSettings').".</p>\n";
+	echo "<p>".get_lang('Dear')." ".stripslashes(Security::remove_XSS($recipient_name)).",<br /><br />".get_lang('PersonalSettings').".</p>\n";

 	if (!empty ($values['email']))
 	{
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -1,4 +1,4 @@
-<?php // $Id: usermanager.lib.php 20346 2009-05-05 21:12:37Z cfasanando $
+<?php // $Id: usermanager.lib.php 20488 2009-05-11 17:14:41Z cvargas1 $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -73,6 +73,10 @@ class UserManager
 	{
 		global $_user, $userPasswordCrypted;
 		
+		$firstName=Security::remove_XSS($firstName);
+		$lastName=Security::remove_XSS($lastName);
+		$loginName=Security::remove_XSS($loginName);
+		$phone=Security::remove_XSS($phone);
 		// database table definition
 		$table_user = Database::get_main_table(TABLE_MAIN_USER);