From 206c1c6b75b67179a9c9afb9c56c1953b477eb28 Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Tue, 14 May 2013 22:11:22 -0700
Subject: [PATCH] web: fix bug that allowed HTML tags in user names

---
 html/user/account_finish_action.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/user/account_finish_action.php b/html/user/account_finish_action.php
index 7380ee9179..f212e332b9 100644
--- a/html/user/account_finish_action.php
+++ b/html/user/account_finish_action.php
@@ -26,7 +26,7 @@ $name = post_str("name");
 if (strlen($name)==0) {
     error_page(tra("You must supply a name for your account"));
 }
-if ($new_name != sanitize_tags($new_name)) {
+if ($name != sanitize_tags($name)) {
     error_page(tra("HTML tags not allowed in name"));
 }