diff options
| author | root | 2014-04-20 18:55:24 +0200 |
|---|---|---|
| committer | root | 2014-04-20 18:55:24 +0200 |
| commit | 3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff (patch) | |
| tree | 9f589754331dbbab8f90f467f36a10f9a5ed99a7 /www/functions/func_register.php | |
| parent | 2441480079f68bd4bc15a12d7b9b47c18ce0bd52 (diff) | |
| download | jungegemeinde-3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff.tar.gz | |
Fixed XSS vulnerability.
Diffstat (limited to 'www/functions/func_register.php')
| -rwxr-xr-x | www/functions/func_register.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/www/functions/func_register.php b/www/functions/func_register.php index 3cb79ad..da804d4 100755 --- a/www/functions/func_register.php +++ b/www/functions/func_register.php @@ -20,8 +20,8 @@ function register($db){ $email = ""; } - $safe_name = SQLite3::escapeString("$name"); - $safe_email = SQLite3::escapeString("$email"); + $safe_name = SQLite3::escapeString(htmlentities($name)); + $safe_email = SQLite3::escapeString(htmlentities($email)); /*Checks the validation of the registration attempt*/ @@ -49,7 +49,7 @@ function register($db){ $userid = user_id($db, $safe_name); $_SESSION["login"] = true; - $_SESSION["username"] = $name; + $_SESSION["username"] = $safe_name; $_SESSION["userid"] = $userid; return REGISTER_SUCCESSFULL; |