Sanitize user_login in register form

git-svn-id: http://svn.automattic.com/wordpress/trunk@3629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-03-07 05:59:28 +00:00
parent 46acb0973f
commit 7b406ed7e0
1 changed files with 8 additions and 5 deletions

View File

@ -25,10 +25,13 @@ case 'register':
$errors['user_email'] = __('<strong>ERROR</strong>: Please type your e-mail address.'); $errors['user_email'] = __('<strong>ERROR</strong>: Please type your e-mail address.');
} else if (!is_email($user_email)) { } else if (!is_email($user_email)) {
$errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'); $errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.');
$user_email = '';
} }
if ( ! validate_username($user_login) ) if ( ! validate_username($user_login) ) {
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.'); $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
$user_login = '';
}
if ( username_exists( $user_login ) ) if ( username_exists( $user_login ) )
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.'); $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
@ -65,9 +68,9 @@ case 'register':
<div id="login"> <div id="login">
<h2><?php _e('Registration Complete') ?></h2> <h2><?php _e('Registration Complete') ?></h2>
<p><?php printf(__('Username: %s'), "<strong>$user_login</strong>") ?><br /> <p><?php printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>") ?><br />
<?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br /> <?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br />
<?php printf(__('E-mail: %s'), "<strong>$user_email</strong>") ?></p> <?php printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>") ?></p>
<p class="submit"><a href="wp-login.php"><?php _e('Login &raquo;'); ?></a></p> <p class="submit"><a href="wp-login.php"><?php _e('Login &raquo;'); ?></a></p>
</div> </div>
</body> </body>
@ -108,8 +111,8 @@ default:
<?php endif; ?> <?php endif; ?>
<form method="post" action="wp-register.php" id="registerform"> <form method="post" action="wp-register.php" id="registerform">
<p><input type="hidden" name="action" value="register" /> <p><input type="hidden" name="action" value="register" />
<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo $user_login; ?>" /><br /></p> <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>
<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo $user_email; ?>" /></p> <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>
<p><?php _e('A password will be emailed to you.') ?></p> <p><?php _e('A password will be emailed to you.') ?></p>
<p class="submit"><input type="submit" value="<?php _e('Register &raquo;') ?>" id="submit" name="submit" /></p> <p class="submit"><input type="submit" value="<?php _e('Register &raquo;') ?>" id="submit" name="submit" /></p>
</form> </form>