Changeset 3630

Show
Ignore:
Timestamp:
03/07/06 07:06:43 (3 years ago)
Author:
ryan
Message:

Sanitize user_login in register form

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/2.0/wp-register.php

    r3481 r3630  
    2626    } else if (!is_email($user_email)) { 
    2727        $errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'); 
     28        $user_email = ''; 
    2829    } 
    2930 
    30     if ( ! validate_username($user_login) ) 
     31    if ( ! validate_username($user_login) ) { 
    3132        $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.'); 
     33        $user_login = ''; 
     34    } 
    3235 
    3336    if ( username_exists( $user_login ) ) 
     
    6871<div id="login">  
    6972    <h2><?php _e('Registration Complete') ?></h2> 
    70     <p><?php printf(__('Username: %s'), "<strong>$user_login</strong>") ?><br /> 
     73    <p><?php printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>") ?><br /> 
    7174    <?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br /> 
    72     <?php printf(__('E-mail: %s'), "<strong>$user_email</strong>") ?></p> 
     75    <?php printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>") ?></p> 
    7376    <p class="submit"><a href="wp-login.php"><?php _e('Login'); ?> &raquo;</a></p> 
    7477</div> 
     
    111114<form method="post" action="wp-register.php" id="registerform"> 
    112115    <p><input type="hidden" name="action" value="register" /> 
    113     <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo $user_login; ?>" /><br /></p> 
    114     <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo $user_email; ?>" /></p> 
     116    <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p> 
     117    <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p> 
    115118    <p><?php _e('A password will be emailed to you.') ?></p> 
    116119    <p class="submit"><input type="submit" value="<?php _e('Register') ?> &raquo;" id="submit" name="submit" /></p>