aboutsummaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2012-04-18 20:22:54 -0700
committerBrett Profitt <brett.profitt@gmail.com>2012-04-18 20:22:54 -0700
commit8aad9f081b9fd83f8cd8358547234fbdcdaf9611 (patch)
tree98ec37f919182a4c0c582752614443ea4d648ca1 /actions
parentf2a80038cddec5ed86b3dd9edb31cf07e3376de8 (diff)
downloadelgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.gz
elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.bz2
Fixes #1301. Not filtering passwords.
Diffstat (limited to 'actions')
-rw-r--r--actions/login.php8
-rw-r--r--actions/register.php4
-rw-r--r--actions/useradd.php4
3 files changed, 8 insertions, 8 deletions
diff --git a/actions/login.php b/actions/login.php
index 256e78acb..ea7fb3508 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
}
$username = get_input('username');
-$password = get_input("password");
-$persistent = get_input("persistent", FALSE);
-$result = FALSE;
+$password = get_input('password', null, false);
+$persistent = get_input("persistent", false);
+$result = false;
if (empty($username) || empty($password)) {
register_error(elgg_echo('login:empty'));
@@ -28,7 +28,7 @@ if (empty($username) || empty($password)) {
}
// check if logging in with email address
-if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
$username = $users[0]->username;
}
diff --git a/actions/register.php b/actions/register.php
index 360b7cb4b..f23d5b381 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('register');
// Get variables
$username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
$email = get_input('email');
$name = get_input('name');
$friend_guid = (int) get_input('friend_guid', 0);
diff --git a/actions/useradd.php b/actions/useradd.php
index fdcd7e438..17459021b 100644
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd');
// Get variables
$username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
$email = get_input('email');
$name = get_input('name');