mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

[ticket/8713] Do not trim login inputs

Browse Source 
Create a function to request variables which are not trimmed.

All requests for passwords (except forum passwords) now use the
untrimmed request function.

PHPBB3-8713
This commit is contained in:
Nathaniel Guse
2012-09-03 13:32:33 -05:00
parent 7bf598954c
commit b3cd5a649b
9 changed files with 104 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/acp/acp_language.php
View File

@@ -100,11 +100,11 @@ class acp_language
switch ($method)
{
case 'ftp':
$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
break;
case 'ftp_fsock':
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
break;
default:
@@ -404,7 +404,7 @@ class acp_language
trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
}
$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
if (($result = $transfer->open_session()) !== true)
{

6
phpBB/includes/acp/acp_users.php
View File

@@ -32,7 +32,7 @@ class acp_users
{
global $config, $db, $user, $auth, $template, $cache;
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
global $phpbb_dispatcher;
global $phpbb_dispatcher, $request;
$user->add_lang(array('posting', 'ucp', 'acp/users'));
$this->tpl_name = 'acp_users';
@@ -770,8 +770,8 @@ class acp_users
'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)),
'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
'email' => strtolower(request_var('user_email', $user_row['user_email'])),
'new_password' => request_var('new_password', '', true),
'password_confirm' => request_var('password_confirm', '', true),
'new_password' => $request->untrimed_variable('new_password', '', true),
'password_confirm' => $request->untrimed_variable('password_confirm', '', true),
);
// Validation data - we do not check the password complexity setting here