mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-04 05:37:32 +02:00
Code Issues Releases Wiki Activity

Add some extra checking

Browse Source
This commit is contained in:
e107steved
2008-12-04 21:32:40 +00:00
parent 057e5e9d1d
commit 62368a9551
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
signup.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/signup.php,v $ | $Source: /cvs_backup/e107_0.8/signup.php,v $
| $Revision: 1.23 $ | $Revision: 1.24 $
| $Date: 2008-11-11 22:38:43 $ | $Date: 2008-12-04 21:32:25 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -712,10 +712,13 @@ global $db_debug;
$ue_fields = ""; $ue_fields = "";
foreach($_POST['ue'] as $key => $val) foreach($_POST['ue'] as $key => $val)
{ {
$key = $tp->toDB($key); if (isset($extList[$key]))
$val = $tp->toDB($val); { // Only allow valid keys
$ue_fields .= ($ue_fields) ? ", " : ""; $key = $tp->toDB($key);
$ue_fields .= $key."='".$val."'"; $val = $tp->toDB($val);
$ue_fields .= ($ue_fields) ? ", " : "";
$ue_fields .= $key."='".$val."'";
}
} }
$u_key = md5(uniqid(rand(), 1)); // Key for signup completion $u_key = md5(uniqid(rand(), 1)); // Key for signup completion