[geeklog-cvs] geeklog-1.3/public_html usersettings.php,1.86,1.87
dhaun at geeklog.net
dhaun at geeklog.net
Sat Jan 31 14:51:55 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv17240
Modified Files:
usersettings.php
Log Message:
Added parameter checking in function saveuser(). Also redirect to the user's profile after (successfully) changing it.
Index: usersettings.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/usersettings.php,v
retrieving revision 1.86
retrieving revision 1.87
diff -C2 -d -r1.86 -r1.87
*** usersettings.php 31 Jan 2004 09:22:48 -0000 1.86
--- usersettings.php 31 Jan 2004 19:51:53 -0000 1.87
***************
*** 644,648 ****
if ($_CONF['allow_username_change'] == 1) {
! $A['new_username'] = strip_tags (COM_stripslashes ($A['new_username']));
if (!empty ($A['new_username']) &&
($A['new_username'] != $_USER['username'])) {
--- 644,648 ----
if ($_CONF['allow_username_change'] == 1) {
! $A['new_username'] = COM_applyFilter ($A['new_username']);
if (!empty ($A['new_username']) &&
($A['new_username'] != $_USER['username'])) {
***************
*** 658,669 ****
}
! if (!empty($A['passwd'])) {
! $passwd = md5($A['passwd']);
! DB_change($_TABLES['users'],'passwd',"$passwd","uid",$_USER['uid']);
}
$A['fullname'] = strip_tags (COM_stripslashes ($A['fullname']));
- $A['email'] = strip_tags (COM_stripslashes ($A['email']));
- $A['homepage'] = COM_killJS(strip_tags (COM_stripslashes ($A['homepage'])));
$A['sig'] = strip_tags (COM_stripslashes ($A['sig']));
$A['about'] = strip_tags (COM_stripslashes ($A['about']));
--- 658,672 ----
}
! // no need to filter the password as it's md5 encoded anyway
! if (!empty ($A['passwd'])) {
! $passwd = md5 ($A['passwd']);
! DB_change($_TABLES['users'], 'passwd', "$passwd", "uid", $_USER['uid']);
}
+ $A['email'] = COM_applyFilter ($A['email']);
+ $A['homepage'] = COM_applyFilter ($A['homepage']);
+
+ // basic filtering only
$A['fullname'] = strip_tags (COM_stripslashes ($A['fullname']));
$A['sig'] = strip_tags (COM_stripslashes ($A['sig']));
$A['about'] = strip_tags (COM_stripslashes ($A['about']));
***************
*** 681,684 ****
--- 684,688 ----
}
+ $A['cooktime'] = COM_applyFilter ($A['cooktime']);
if ($A['cooktime'] <= 0) {
$A['cooktime'] = 'NULL';
***************
*** 708,717 ****
}
$upload->setAutomaticResize(true);
! if (isset ($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile ($_CONF['path'] . 'logs/error.log');
$upload->setDebug (true);
}
}
! $upload->setAllowedMimeTypes(array('image/gif'=>'.gif','image/jpeg'=>'.jpg,.jpeg','image/pjpeg'=>'.jpg,.jpeg','image/x-png'=>'.png','image/png'=>'.png'));
if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) {
print 'File Upload Errors:<BR>' . $upload->printErrors();
--- 712,727 ----
}
$upload->setAutomaticResize(true);
! if (isset ($_CONF['debug_image_upload']) &&
! $_CONF['debug_image_upload']) {
$upload->setLogFile ($_CONF['path'] . 'logs/error.log');
$upload->setDebug (true);
}
}
! $upload->setAllowedMimeTypes (array ('image/gif' => '.gif',
! 'image/jpeg' => '.jpg,.jpeg',
! 'image/pjpeg' => '.jpg,.jpeg',
! 'image/x-png' => '.png',
! 'image/png' => '.png'
! ) );
if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) {
print 'File Upload Errors:<BR>' . $upload->printErrors();
***************
*** 742,746 ****
$upload->uploadFiles();
if ($upload->areErrors()) {
! print "ERRORS<BR>";
$upload->printErrors();
exit;
--- 752,756 ----
$upload->uploadFiles();
if ($upload->areErrors()) {
! print "ERRORS<br>";
$upload->printErrors();
exit;
***************
*** 750,757 ****
}
} else {
! $curphoto = DB_getItem($_TABLES['users'],'photo',"uid = {$_USER['uid']}");
if (!empty($curphoto) AND isset ($A['delete_photo']) AND
$A['delete_photo'] == 'on') {
! $filetodelete = $_CONF['path_images'] . 'userphotos/' . $curphoto;
if (file_exists ($filetodelete)) {
if (!@unlink ($filetodelete)) {
--- 760,769 ----
}
} else {
! $curphoto = DB_getItem ($_TABLES['users'], 'photo',
! "uid = {$_USER['uid']}");
if (!empty($curphoto) AND isset ($A['delete_photo']) AND
$A['delete_photo'] == 'on') {
! $filetodelete = $_CONF['path_images'] . 'userphotos/'
! . $curphoto;
if (file_exists ($filetodelete)) {
if (!@unlink ($filetodelete)) {
***************
*** 789,794 ****
$A['pgpkey'] = addslashes ($A['pgpkey']);
! DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A["fullname"]}',email='{$A["email"]}',homepage='{$A["homepage"]}',sig='{$A["sig"]}',cookietimeout={$A["cooktime"]},photo='$filename' WHERE uid={$_USER['uid']}");
! DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='" . $A["pgpkey"] . "',about='{$A["about"]}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
--- 801,812 ----
$A['pgpkey'] = addslashes ($A['pgpkey']);
! if (!empty ($filename)) {
! if (!file_exists ($_CONF['path_images'] . 'userphotos/' . $filename)) {
! $filename = '';
! }
! }
!
! DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='$filename' WHERE uid={$_USER['uid']}");
! DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
***************
*** 802,806 ****
return COM_refresh ($_CONF['site_url']
! . '/usersettings.php?mode=edit&msg=5');
}
}
--- 820,825 ----
return COM_refresh ($_CONF['site_url']
! // . '/usersettings.php?mode=edit&msg=5');
! . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5');
}
}
More information about the geeklog-cvs
mailing list