Changeset 1888

Timestamp:

12/30/2008 11:14:28 PM (17 years ago)

Author:

sambauers

Message:

Always be strict when sanitizing user logins.

Location:

branches/0.9

Files:

• bb-admin/class-install.php (modified) (1 diff)
• bb-includes/functions.php (modified) (3 diffs)
• bb-includes/pluggable.php (modified) (1 diff)
• bb-includes/registration-functions.php (modified) (2 diffs)
• bb-login.php (modified) (1 diff)
• bb-reset-password.php (modified) (1 diff)

branches/0.9/bb-admin/class-install.php

@@ -1317 +1317 @@
         }
         
-        $this->strings[3]['form_errors']['keymaster_user_login'][] = empty($data['keymaster_user_login']['value']) ? 'empty' : false;
-        if ($data['keymaster_user_login']['value'] != sanitize_user($data['keymaster_user_login']['value'])) {
+        $this->strings[3]['form_errors']['keymaster_user_login'][] = empty( $data['keymaster_user_login']['value'] ) ? 'empty' : false;
+        if ($data['keymaster_user_login']['value'] != sanitize_user( $data['keymaster_user_login']['value'], true ) ) {
             $this->strings[3]['form_errors']['keymaster_user_login'][] = 'userlogin';
         }
-        $data['keymaster_user_login']['value'] = sanitize_user($data['keymaster_user_login']['value']);
+        $data['keymaster_user_login']['value'] = sanitize_user( $data['keymaster_user_login']['value'], true );
         
         // bb_verify_email() needs this

branches/0.9/bb-includes/functions.php

@@ -1175 +1175 @@
 function bb_get_user_by_name( $name ) {
     global $bbdb;
-    $name = sanitize_user( $name );
+    $name = sanitize_user( $name, true );
     if ( $user_id = $bbdb->get_var( $bbdb->prepare( "SELECT ID FROM $bbdb->users WHERE user_login = %s", $name ) ) )
         return bb_get_user( $user_id );
@@ -1184 +1184 @@
 function bb_get_user_by_nicename( $nicename ) {
     global $bbdb;
-    $nicename = sanitize_user( $nicename );
+    $nicename = sanitize_user( $nicename, true );
     if ( $user_id = $bbdb->get_var( $bbdb->prepare( "SELECT ID FROM $bbdb->users WHERE user_nicename = %s", $nicename ) ) )
         return bb_get_user( $user_id );
@@ -1193 +1193 @@
 function bb_user_exists( $user ) {
     global $bbdb;
-    $user = sanitize_user( $user );
+    $user = sanitize_user( $user, true );
     return $bbdb->get_row( $bbdb->prepare( "SELECT * FROM $bbdb->users WHERE user_login = %s", $user ));
 }

branches/0.9/bb-includes/pluggable.php

@@ -16 +16 @@
 function bb_check_login($user, $pass, $already_md5 = false) {
     global $bbdb;
-    $user = sanitize_user( $user );
+    $user = sanitize_user( $user, true );
     if ($user == '') {
         return false;

branches/0.9/bb-includes/registration-functions.php

@@ -37 +37 @@
     global $bbdb;
 
-    $user_login = sanitize_user( $user_login );
+    $user_login = sanitize_user( $user_login, true );
 
     if ( !$user = $bbdb->get_row( $bbdb->prepare( "SELECT * FROM $bbdb->users WHERE user_login = %s", $user_login ) ) )
@@ -52 +52 @@
 function bb_reset_password( $key ) {
     global $bbdb;
-    $key = sanitize_user( $key );
+    $key = sanitize_user( $key, true );
     if ( empty( $key ) )
         bb_die(__('Key not found.'));

branches/0.9/bb-login.php

@@ -24 +24 @@
 if ( !bb_is_user_logged_in() && !$user = bb_login( @$_POST['user_login'], @$_POST['password'], @$_POST['remember'] ) ) {
     $user_exists = bb_user_exists( @$_POST['user_login'] );
-    $user_login  = attribute_escape( sanitize_user( @$_POST['user_login'] ) );
+    $user_login  = attribute_escape( sanitize_user( @$_POST['user_login'], true ) );
     $remember_checked = @$_POST['remember'] ? ' checked="checked"' : '';
     $re = $redirect_to = attribute_escape( $re );

branches/0.9/bb-reset-password.php

@@ -7 +7 @@
 
 if ( $_POST ) :
-    $user_login = sanitize_user  ( $_POST['user_login'] );
+    $user_login = sanitize_user  ( $_POST['user_login'], true );
     if ( empty( $user_login ) )
         exit;