From 11d989c3956979fb1a4d0737c128976ca553d4bb Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Wed, 31 May 2006 21:11:14 +0200
Subject: [PATCH] XSS bugfix #820

darcs-hash:20060531191114-7ad00-ee7498f6a9e047fc9eda5f8754f85d9b8a3317d5.gz
---
 inc/auth.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/inc/auth.php b/inc/auth.php
index 264a1a5fa..a61e08ad5 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -458,8 +458,8 @@ function register(){
   $_POST['login'] = preg_replace('/.*:/','',$_POST['login']);
   $_POST['login'] = cleanID($_POST['login']);
   //clean fullname and email
-  $_POST['fullname'] = trim(str_replace(':','',$_POST['fullname']));
-  $_POST['email']    = trim(str_replace(':','',$_POST['email']));
+  $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['fullname']));
+  $_POST['email']    = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['email']));
 
   if( empty($_POST['login']) ||
       empty($_POST['fullname']) ||
@@ -533,8 +533,8 @@ function updateprofile() {
   }
 
   //clean fullname and email
-  $_POST['fullname'] = trim(str_replace(':','',$_POST['fullname']));
-  $_POST['email']    = trim(str_replace(':','',$_POST['email']));
+  $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['fullname']));
+  $_POST['email']    = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['email']));
 
   if (empty($_POST['fullname']) || empty($_POST['email'])) {
     msg($lang['profnoempty'],-1);
-- 
GitLab