diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2012-04-18 20:22:54 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2012-04-18 20:22:54 -0700 |
commit | 8aad9f081b9fd83f8cd8358547234fbdcdaf9611 (patch) | |
tree | 98ec37f919182a4c0c582752614443ea4d648ca1 /actions | |
parent | f2a80038cddec5ed86b3dd9edb31cf07e3376de8 (diff) | |
download | elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.gz elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.bz2 |
Fixes #1301. Not filtering passwords.
Diffstat (limited to 'actions')
-rw-r--r-- | actions/login.php | 8 | ||||
-rw-r--r-- | actions/register.php | 4 | ||||
-rw-r--r-- | actions/useradd.php | 4 |
3 files changed, 8 insertions, 8 deletions
diff --git a/actions/login.php b/actions/login.php index 256e78acb..ea7fb3508 100644 --- a/actions/login.php +++ b/actions/login.php @@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { } $username = get_input('username'); -$password = get_input("password"); -$persistent = get_input("persistent", FALSE); -$result = FALSE; +$password = get_input('password', null, false); +$persistent = get_input("persistent", false); +$result = false; if (empty($username) || empty($password)) { register_error(elgg_echo('login:empty')); @@ -28,7 +28,7 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } diff --git a/actions/register.php b/actions/register.php index 360b7cb4b..f23d5b381 100644 --- a/actions/register.php +++ b/actions/register.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('register'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); $friend_guid = (int) get_input('friend_guid', 0); diff --git a/actions/useradd.php b/actions/useradd.php index fdcd7e438..17459021b 100644 --- a/actions/useradd.php +++ b/actions/useradd.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); |