From 3dd0ee80ab55a1214c89a8d45be6a85bb042860f Mon Sep 17 00:00:00 2001 From: e107steved Date: Sat, 23 Jun 2007 21:10:55 +0000 Subject: [PATCH] Looks like I forgot a file for setting maximum login name length --- e107_admin/prefs.php | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/e107_admin/prefs.php b/e107_admin/prefs.php index 60f389120..a86c27480 100644 --- a/e107_admin/prefs.php +++ b/e107_admin/prefs.php @@ -11,9 +11,9 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_admin/prefs.php,v $ -| $Revision: 1.2 $ -| $Date: 2007-02-16 01:13:19 $ -| $Author: e107coders $ +| $Revision: 1.3 $ +| $Date: 2007-06-23 21:10:55 $ +| $Author: e107steved $ +----------------------------------------------------------------------------+ */ require_once("../class2.php"); @@ -60,6 +60,12 @@ if (isset($_POST['updateprefs'])) $pref[$key] = $tp->toDB($value); } + // Range check these - can cause big problems if admin enters stupid values! + if ($pref['loginname_maxlength'] < 10) $pref['loginname_maxlength'] = 10; + if ($pref['loginname_maxlength'] > 100) $pref['loginname_maxlength'] = 100; + if ($pref['displayname_maxlength'] < 5) $pref['displayname_maxlength'] = 5; + if ($pref['displayname_maxlength'] > 30) $pref['displayname_maxlength'] = 30; + $e107cache->clear(); save_prefs(); $sql -> db_Select_gen("TRUNCATE ".MPREFIX."online"); @@ -493,7 +499,14 @@ $text .= "