MDL-10498 fixed handling of username and emails with single quotes

moodle · Sep 27, 2009 · 6ab0935 · 6ab0935
1 parent 582d4d9
commit 6ab0935
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/user/edit_form.php b/user/edit_form.php
@@ -118,18 +118,18 @@ function validation($usernew, $files) {
         // validate email
         if (!isset($usernew->email)) {
             // mail not confirmed yet
-        } else if (!validate_email($usernew->email)) {
+        } else if (!validate_email(stripslashes($usernew->email))) {
             $errors['email'] = get_string('invalidemail');
         } else if ((stripslashes($usernew->email) !== $user->email) and record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {
             $errors['email'] = get_string('emailexists');
         }
 
-        if (isset($usernew->email) and $usernew->email === $user->email and over_bounce_threshold($user)) {
+        if (isset($usernew->email) and stripslashes($usernew->email) === $user->email and over_bounce_threshold($user)) {
             $errors['email'] = get_string('toomanybounces');
         }
 
         if (isset($usernew->email) and !empty($CFG->verifychangedemail) and !isset($errors['email']) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) {
-            $errorstr = email_is_not_allowed($usernew->email);
+            $errorstr = email_is_not_allowed(stripslashes($usernew->email));
             if ($errorstr !== false) {
                 $errors['email'] = $errorstr;
             }

diff --git a/user/editadvanced_form.php b/user/editadvanced_form.php
@@ -132,13 +132,14 @@ function validation($usernew, $files) {
         if (empty($usernew->username)) {
             //might be only whitespace
             $err['username'] = get_string('required');
-        } else if (!$user or $user->username !== $usernew->username) {
+        } else if (!$user or $user->username !== stripslashes($usernew->username)) {
             //check new username does not exist
             if (record_exists('user', 'username', $usernew->username, 'mnethostid', $CFG->mnet_localhost_id)) {
                 $err['username'] = get_string('usernameexists');
             }
             //check allowed characters
             if ($usernew->username !== moodle_strtolower($usernew->username)) {
+                echo 'grrrr';
                 $err['username'] = get_string('usernamelowercase');
             } else {
                 if (empty($CFG->extendedusernamechars)) {
@@ -151,7 +152,7 @@ function validation($usernew, $files) {
         }
 
         if (!$user or $user->email !== stripslashes($usernew->email)) {
-            if (!validate_email($usernew->email)) {
+            if (!validate_email(stripslashes($usernew->email))) {
                 $err['email'] = get_string('invalidemail');
             } else if (record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {
                 $err['email'] = get_string('emailexists');