From 4bdaba2a420156ca7d5afa25a7439388121c8976 Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 8 Oct 2010 11:26:33 +0000 Subject: using new email validation in installer git-svn-id: http://code.elgg.org/elgg/trunk@7037 36083f99-b078-4883-b0ff-0f9b5a30f544 --- install/ElggInstaller.php | 20 +++++++++++++++----- install/languages/en.php | 1 + 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 8b3a264d3..dc639d44a 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -673,6 +673,9 @@ class ElggInstaller { * Return an associative array of post variables * (could be selective based on expected variables) * + * Does not filter as person installing the site should not be attempting + * XSS attacks. If filtering is added, it should not be done for passwords. + * * @return array */ protected function getPostVariables() { @@ -1140,12 +1143,12 @@ class ElggInstaller { return FALSE; } - // @todo move is_email_address to a better library than users.php // check that email address is email address - //if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) { - // register_error("{$submissionVars['']} is not a valid email address."); - // return FALSE; - //} + if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) { + $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['siteemail']); + register_error($msg); + return FALSE; + } // @todo check that url is a url @@ -1251,6 +1254,13 @@ class ElggInstaller { return FALSE; } + // check that email address is email address + if ($submissionVars['email'] && !is_email_address($submissionVars['email'])) { + $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['email']); + register_error($msg); + return FALSE; + } + return TRUE; } diff --git a/install/languages/en.php b/install/languages/en.php index f4d9e5ce6..4163ea5d2 100644 --- a/install/languages/en.php +++ b/install/languages/en.php @@ -126,6 +126,7 @@ If you are ready to proceed, click the Next button.", 'install:error:requiredfield' => '%s is required', 'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.', 'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.', + 'install:error:emailaddress' => '%s is not a valid email address', 'install:error:createsite' => 'Unable to create the site.', ); -- cgit v1.2.3