From 148b72cfe9449f4f40d586d553a6a8021bc8d376 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sat, 7 May 2005 06:41:27 +0000 Subject: [PATCH] *** empty log message *** svn path=/trunk/boinc/; revision=6066 --- checkin_notes | 7 +++++++ html/user/edit_user_info_action.php | 11 +++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/checkin_notes b/checkin_notes index 9b55aa2200..0fda0df676 100755 --- a/checkin_notes +++ b/checkin_notes @@ -6279,3 +6279,10 @@ David 6 May 2005 client_types.C,h cs_scheduler.C scheduler_op.C + +David 6 May 2005 + - prevent users from changing their name to empty string + (from Rob Ogilvie) + + html/user/ + edit_user_info_action.php diff --git a/html/user/edit_user_info_action.php b/html/user/edit_user_info_action.php index 673d5c2e49..0f8a46175f 100644 --- a/html/user/edit_user_info_action.php +++ b/html/user/edit_user_info_action.php @@ -9,7 +9,12 @@ db_init(); $user = get_logged_in_user(); $name = process_user_text(post_str("user_name")); -$name = strip_tags($name); +if ($name != strip_tags($name)) { + error_page("HTML tags not allowed in name"); +} +if (strlen($name) == 0) { + error_page("You must supply a name for your account."); +} $url = process_user_text(post_str("url")); $url = strip_tags($url); $country = post_str("country"); @@ -23,9 +28,7 @@ $result = mysql_query("update user set name='$name', url='$url', country='$count if ($result) { Header("Location: home.php"); } else { - page_head("User info update"); - echo "Couldn't update user info."; - page_tail(); + error_page("Couldn't update user info."); } ?>