Commit b4ecbd94 authored by Dries's avatar Dries

- Fixed registration bug.

parent 70a4357a
Drupal 4.4.3, 2005-06-01
------------------------
- fixed bugs, including a critical input validation bug.
Drupal 4.4.2, 2004-07-04
------------------------
......
......@@ -807,7 +807,11 @@ function user_register($edit = array()) {
// TODO: is this necessary? Won't session_write replicate this?
unset($edit["session"]);
$account = user_save("", array_merge(array('name' => $edit['name'], 'pass' => $pass, "init" => $edit['mail'], "mail" => $edit['mail'], "rid" => _user_authenticated_id(), "status" => (variable_get("user_register", 1) == 1 ? 1 : 0)), $data));
if (array_intersect(array_keys($edit), array("rid", "init", "session", "status"))) {
watchdog("warning", "detected malicious attempt to alter a protected database field");
drupal_goto('user/register');
}
$account = user_save("", array_merge($edit, array('pass' => $pass, "init" => $edit['mail'], "mail" => $edit['mail'], "rid" => _user_authenticated_id(), "status" => (variable_get("user_register", 1) == 1 ? 1 : 0))));
watchdog('user', "new user: '". $edit['name'] ."' <". $edit['mail'] .">", l(t("edit user"), "admin/user/edit/$account->uid"));
$variables = array("%username" => $edit['name'], "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => $base_url, "%uri_brief" => substr($base_url, strlen("http://")), "%mailto" => $edit['mail'], "%date" => format_date(time()), "%login_uri" => url('user/login', NULL, NULL, TRUE), "%edit_uri" => url("user/edit", NULL, NULL, TRUE));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment