We were asking for postal code (optional) on registration.
The purpose was to let projects study
the geographical distribution of their volunteers.
But AFAIK no one ever did this,
and some volunteers have said (understandably, I think)
that asking for postal code seems like an invasion of privacy.
So I conditioned the postal-code code on a boolean constant POSTAL_CODE.
If you put
define('POSTAL_CODE', true);
in your html/project/project.inc, you'll get the old behavior.
Otherwise users won't see postal-code related stuff any more.
- add a PHP interface for lookup_account()
- PHP interfaces return error number as well as message
(messages change; numbers don't)
- using symbolic error codes instead of hardwired numbers in PHP code
http://setiathome.berkeley.edu/help.php?key=Viagra.uk
all over the web, Google will list "Viagra.uk" in your site outline (why??).
Preliminary checkin for dealing with this.
svn path=/trunk/boinc/; revision=23008
There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
David Anderson