aboutsummaryrefslogtreecommitdiff
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rw-r--r--install/ElggInstaller.php20
-rw-r--r--install/languages/en.php1
2 files changed, 16 insertions, 5 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 8b3a264d3..dc639d44a 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -673,6 +673,9 @@ class ElggInstaller {
* Return an associative array of post variables
* (could be selective based on expected variables)
*
+ * Does not filter as person installing the site should not be attempting
+ * XSS attacks. If filtering is added, it should not be done for passwords.
+ *
* @return array
*/
protected function getPostVariables() {
@@ -1140,12 +1143,12 @@ class ElggInstaller {
return FALSE;
}
- // @todo move is_email_address to a better library than users.php
// check that email address is email address
- //if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) {
- // register_error("{$submissionVars['']} is not a valid email address.");
- // return FALSE;
- //}
+ if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) {
+ $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['siteemail']);
+ register_error($msg);
+ return FALSE;
+ }
// @todo check that url is a url
@@ -1251,6 +1254,13 @@ class ElggInstaller {
return FALSE;
}
+ // check that email address is email address
+ if ($submissionVars['email'] && !is_email_address($submissionVars['email'])) {
+ $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['email']);
+ register_error($msg);
+ return FALSE;
+ }
+
return TRUE;
}
diff --git a/install/languages/en.php b/install/languages/en.php
index f4d9e5ce6..4163ea5d2 100644
--- a/install/languages/en.php
+++ b/install/languages/en.php
@@ -126,6 +126,7 @@ If you are ready to proceed, click the Next button.",
'install:error:requiredfield' => '%s is required',
'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.',
'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.',
+ 'install:error:emailaddress' => '%s is not a valid email address',
'install:error:createsite' => 'Unable to create the site.',
);