From 4bdaba2a420156ca7d5afa25a7439388121c8976 Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 8 Oct 2010 11:26:33 +0000 Subject: using new email validation in installer git-svn-id: http://code.elgg.org/elgg/trunk@7037 36083f99-b078-4883-b0ff-0f9b5a30f544 --- install/ElggInstaller.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'install/ElggInstaller.php') diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 8b3a264d3..dc639d44a 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -673,6 +673,9 @@ class ElggInstaller { * Return an associative array of post variables * (could be selective based on expected variables) * + * Does not filter as person installing the site should not be attempting + * XSS attacks. If filtering is added, it should not be done for passwords. + * * @return array */ protected function getPostVariables() { @@ -1140,12 +1143,12 @@ class ElggInstaller { return FALSE; } - // @todo move is_email_address to a better library than users.php // check that email address is email address - //if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) { - // register_error("{$submissionVars['']} is not a valid email address."); - // return FALSE; - //} + if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) { + $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['siteemail']); + register_error($msg); + return FALSE; + } // @todo check that url is a url @@ -1251,6 +1254,13 @@ class ElggInstaller { return FALSE; } + // check that email address is email address + if ($submissionVars['email'] && !is_email_address($submissionVars['email'])) { + $msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['email']); + register_error($msg); + return FALSE; + } + return TRUE; } -- cgit v1.2.3