Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Form thing security fixes

  • Loading branch information...
commit e4832a021f0ba32b8a8b09f844d6da9de6c9eb0a 1 parent dc4d5b9
@pudge pudge authored
Showing with 6 additions and 6 deletions.
  1. +3 −3 public_html/users.pl
  2. +3 −3 themes/slashcode/htdocs/users.pl
View
6 public_html/users.pl
@@ -1008,15 +1008,15 @@ sub displayForm {
EOT2
my $newnick = fixNickname($I{F}{newuser});
- my $email = stripByMode($I{F}{email}, 'attribute');
+ my $newmail = stripByMode($I{F}{email}, 'attribute');
print <<EOT;
(Note: only the characters <TT>0-9a-zA-Z_.+!*'(),-\$</TT>, plus space,
are allowed in nicknames, and all others will be stripped out.)
- <INPUT TYPE="TEXT" NAME="newuser" SIZE="20" MAXLENGTH="20" VALUE="$I{F}{newuser}">
+ <INPUT TYPE="TEXT" NAME="newuser" SIZE="20" MAXLENGTH="20" VALUE="$newnick">
<BR> and a <B>valid email address</B> address to send your registration
information. This address will <B>not</B> be displayed on $I{sitename}.
- <INPUT TYPE="TEXT" NAME="email" SIZE="20" VALUE="$I{F}{email}"><BR>
+ <INPUT TYPE="TEXT" NAME="email" SIZE="20" VALUE="$newmail"><BR>
<INPUT TYPE="SUBMIT" NAME="op" VALUE="newuser"> Click the button to
be mailed a password.<BR>
View
6 themes/slashcode/htdocs/users.pl
@@ -1008,15 +1008,15 @@ sub displayForm {
EOT2
my $newnick = fixNickname($I{F}{newuser});
- my $email = stripByMode($I{F}{email}, 'attribute');
+ my $newmail = stripByMode($I{F}{email}, 'attribute');
print <<EOT;
(Note: only the characters <TT>0-9a-zA-Z_.+!*'(),-\$</TT>, plus space,
are allowed in nicknames, and all others will be stripped out.)
- <INPUT TYPE="TEXT" NAME="newuser" SIZE="20" MAXLENGTH="20" VALUE="$I{F}{newuser}">
+ <INPUT TYPE="TEXT" NAME="newuser" SIZE="20" MAXLENGTH="20" VALUE="$newnick">
<BR> and a <B>valid email address</B> address to send your registration
information. This address will <B>not</B> be displayed on $I{sitename}.
- <INPUT TYPE="TEXT" NAME="email" SIZE="20" VALUE="$I{F}{email}"><BR>
+ <INPUT TYPE="TEXT" NAME="email" SIZE="20" VALUE="$newmail"><BR>
<INPUT TYPE="SUBMIT" NAME="op" VALUE="newuser"> Click the button to
be mailed a password.<BR>
Please sign in to comment.
Something went wrong with that request. Please try again.