fmsystem-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fmsystem-commits] [15199] // remove entities to stop mangling

From: sigurdne
Subject: [Fmsystem-commits] [15199] // remove entities to stop mangling
Date: Wed, 25 May 2016 09:01:26 +0000 (UTC) 
Revision: 15199
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=15199
Author:   sigurdne
Date:     2016-05-25 09:01:25 +0000 (Wed, 25 May 2016)
Log Message:
-----------
// remove entities to stop mangling

Modified Paths:
--------------
    trunk/admin/inc/class.uiaccounts.inc.php
    trunk/preferences/changepassword.php
    trunk/registration/inc/class.boreg.inc.php

Modified: trunk/admin/inc/class.uiaccounts.inc.php
===================================================================
--- trunk/admin/inc/class.uiaccounts.inc.php    2016-05-25 00:57:25 UTC (rev 
15198)
+++ trunk/admin/inc/class.uiaccounts.inc.php    2016-05-25 09:01:25 UTC (rev 
15199)
@@ -859,6 +859,12 @@
                public function _user_save()
                {
                        $values                                                 
                = phpgw::get_var('values', 'string', 'POST');
+                       if(isset($values['passwd']))
+                       {
+                               // remove entities to stop mangling
+                               $values['passwd'] = 
html_entity_decode($values['passwd']);
+                               $values['passwd_2'] = 
html_entity_decode($values['passwd_2']);
+                       }
                        $values['account_groups']                               
= (array) phpgw::get_var('account_groups', 'int', 'POST');
                        $account_permissions                                    
= phpgw::get_var('account_permissions', 'int', 'POST');
                        $account_permissions_admin                              
= phpgw::get_var('account_permissions_admin', 'int', 'POST');

Modified: trunk/preferences/changepassword.php
===================================================================
--- trunk/preferences/changepassword.php        2016-05-25 00:57:25 UTC (rev 
15198)
+++ trunk/preferences/changepassword.php        2016-05-25 09:01:25 UTC (rev 
15199)
@@ -20,8 +20,8 @@
         */
        include('../header.inc.php');
 
-       $n_passwd   = isset($_POST['n_passwd']) && $_POST['n_passwd'] ? 
$_POST['n_passwd'] : '';
-       $n_passwd_2 = isset($_POST['n_passwd_2']) && $_POST['n_passwd_2'] ? 
$_POST['n_passwd_2'] : '';
+       $n_passwd   = isset($_POST['n_passwd']) && $_POST['n_passwd'] ? 
html_entity_decode(phpgw::get_var('n_passwd', 'string', 'POST')) : '';
+       $n_passwd_2 = isset($_POST['n_passwd_2']) && $_POST['n_passwd_2'] ? 
html_entity_decode(phpgw::get_var('n_passwd_2', 'string', 'POST')) : '';
 
        if (! $GLOBALS['phpgw']->acl->check('changepassword', 1, 'preferences') 
|| (isset($_POST['cancel']) && $_POST['cancel']))
        {

Modified: trunk/registration/inc/class.boreg.inc.php
===================================================================
--- trunk/registration/inc/class.boreg.inc.php  2016-05-25 00:57:25 UTC (rev 
15198)
+++ trunk/registration/inc/class.boreg.inc.php  2016-05-25 09:01:25 UTC (rev 
15199)
@@ -132,7 +132,8 @@
 
                        if ($this->config['password_is'] == 'http')
                        {
-                               $r_reg['passwd'] = $r_reg['passwd_confirm'] = 
$_SERVER['PHP_AUTH_PW'];
+                               // remove entities to stop mangling
+                               $r_reg['passwd'] = $r_reg['passwd_confirm'] = 
html_entity_decode(phpgw::clean_value($_SERVER['PHP_AUTH_PW']));
                        }
 
                        if (($this->config['display_tos']) && 
!$r_reg['tos_agree'])
reply via email to
[Prev in Thread] Current Thread [Next in Thread]