diff options
-rw-r--r-- | install/ElggInstaller.php | 20 | ||||
-rw-r--r-- | install/languages/en.php | 1 |
2 files changed, 16 insertions, 5 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 8b3a264d3..dc639d44a 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -673,6 +673,9 @@ class ElggInstaller { * Return an associative array of post variables * (could be selective based on expected variables) * + * Does not filter as person installing the site should not be attempting + * XSS attacks. If filtering is added, it should not be done for passwords. + * * @return array */ protected function getPostVariables() { @@ -1140,12 +1143,12 @@ class ElggInstaller { return FALSE; } - // @todo move is_email_address to a better library than users.php // check that email address is email address - //if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) { - // register_error("{$submissionVars['']} is not a valid email address."); - // return FALSE; - //} + if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) { + $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['siteemail']); + register_error($msg); + return FALSE; + } // @todo check that url is a url @@ -1251,6 +1254,13 @@ class ElggInstaller { return FALSE; } + // check that email address is email address + if ($submissionVars['email'] && !is_email_address($submissionVars['email'])) { + $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['email']); + register_error($msg); + return FALSE; + } + return TRUE; } diff --git a/install/languages/en.php b/install/languages/en.php index f4d9e5ce6..4163ea5d2 100644 --- a/install/languages/en.php +++ b/install/languages/en.php @@ -126,6 +126,7 @@ If you are ready to proceed, click the Next button.", 'install:error:requiredfield' => '%s is required', 'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.', 'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.', + 'install:error:emailaddress' => '%s is not a valid email address', 'install:error:createsite' => 'Unable to create the site.', ); |