From 3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff Mon Sep 17 00:00:00 2001
From: root
Date: Sun, 20 Apr 2014 18:55:24 +0200
Subject: Fixed XSS vulnerability.

---
 www/functions/func_register.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'www/functions/func_register.php')

diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index 3cb79ad..da804d4 100755
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -20,8 +20,8 @@ function register($db){
 		$email = "";
 	}
 
-        $safe_name =  SQLite3::escapeString("$name");
-        $safe_email =  SQLite3::escapeString("$email");
+        $safe_name =  SQLite3::escapeString(htmlentities($name));
+        $safe_email =  SQLite3::escapeString(htmlentities($email));
 
         /*Checks the validation of the registration attempt*/
 
@@ -49,7 +49,7 @@ function register($db){
 		$userid = user_id($db, $safe_name);
 
         	$_SESSION["login"] = true;
-                $_SESSION["username"] = $name;
+                $_SESSION["username"] = $safe_name;
 		$_SESSION["userid"] = $userid;
 
 		return REGISTER_SUCCESSFULL;
-- 
cgit v1.2.3