[ros-diffs] [gvg] 21766: Add some checking

gvg at svn.reactos.org gvg at svn.reactos.org
Tue May 2 09:13:18 CEST 2006


Author: gvg
Date: Tue May  2 11:13:18 2006
New Revision: 21766

URL: http://svn.reactos.ru/svn/reactos?rev=21766&view=rev
Log:
Add some checking

Modified:
    trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php

Modified: trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php
URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php?rev=21766&r1=21765&r2=21766&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php (original)
+++ trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php Tue May  2 11:13:18 2006
@@ -90,11 +90,10 @@
 			if (!$save_account_noses) {
 				$save_account_noses = "false";
 			}
-			
+
 			$content_posta="UPDATE `users` SET ". $new_pwd ."
 								`user_timestamp_touch2` = NOW( ) ,
 								`user_fullname` = '". mysql_real_escape_string($save_account_fullname) ."',
-								`user_email` = '". mysql_real_escape_string($save_account_email) ."',
 								`user_website` = '". mysql_real_escape_string($save_account_hp) ."',
 								`user_language` = '". mysql_real_escape_string($save_account_txt_langa) ."',
 								`user_country` = '". mysql_real_escape_string($save_account_country) ."',
@@ -104,8 +103,17 @@
 								`user_setting_multisession` = '". mysql_real_escape_string($save_account_multi) ."',
 								`user_setting_browseragent` = '". mysql_real_escape_string($save_account_brows) ."',
 								`user_setting_ipaddress` = '". mysql_real_escape_string($save_account_ipadd) ."',
-								`user_setting_timeout` = '". mysql_real_escape_string($save_account_noses) ."'
-							 WHERE `user_id` ='". mysql_real_escape_string($roscms_intern_account_id) ."' LIMIT 1 ;";
+								`user_setting_timeout` = '". mysql_real_escape_string($save_account_noses) . "'";
+			
+		        if (! preg_match('/^[\\w\\.\\+\\-=]+@[\\w\\.-]+\\.[\\w\\-]+$/',
+		                         $save_account_email)) {
+                		echo '<p><font color="#FF0000">The email address ' . 
+				     htmlspecialchars($save_account_email) .
+				     " is not valid.</font></p><br>\n";
+			} else {
+				$content_posta .= ", `user_email` = '". mysql_real_escape_string($save_account_email) . "'";
+			}
+			$content_posta .= " WHERE `user_id` ='". mysql_real_escape_string($roscms_intern_account_id) . "'";
 			$content_post_lista=mysql_query($content_posta);
 			subsys_update_user($roscms_intern_account_id);
 		}




More information about the Ros-diffs mailing list