Permalink
Browse files

MDL-10498: Apostrophe / Quote in username or email breaks profile update

Author: Aaron Barnes <aaronb@catalyst.net.nz>
  • Loading branch information...
1 parent b8164f8 commit bae9a29ec21d218f3c2809718e3f79bc2ea790c7 peterbulmer committed Jan 12, 2009
Showing with 2 additions and 2 deletions.
  1. +1 −1 user/edit_form.php
  2. +1 −1 user/editadvanced_form.php
View
@@ -109,7 +109,7 @@ function validation ($usernew) {
// validate email
if (!validate_email($usernew->email)) {
$err['email'] = get_string('invalidemail');
- } else if (($usernew->email !== $user->email) and record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {
+ } else if ((stripslashes($usernew->email) !== $user->email) and record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {
$err['email'] = get_string('emailexists');
}
@@ -135,7 +135,7 @@ function validation($usernew) {
}
}
- if (!$user or $user->email !== $usernew->email) {
+ if (!$user or $user->email !== stripslashes($usernew->email)) {
if (!validate_email($usernew->email)) {
$err['email'] = get_string('invalidemail');
} else if (record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {

0 comments on commit bae9a29

Please sign in to comment.