X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-register.php;h=59ffc72e760046b2cddf5d194575dcf238e4fba4;hb=c223dd6de45036321ef0bc195e25af0678f5d1f1;hp=03bd3a0e08a7a55b2ca5f0b3914cfc0d84c6eaa5;hpb=33cc131a3e5017842d2038f7e16df258b6845a08;p=mailer.git diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index 03bd3a0e08..59ffc72e76 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -306,26 +306,26 @@ array( 'hash' => $hash, 'uid' => $userid, 'salut' => $sex, - 'surname' => $_POST['surname'], - 'family' => $_POST['family_name'], - 'email' => $_POST['addy'], - 'street' => $_POST['street_nr'], - 'city' => $_POST['city'], + 'surname' => SQL_ESCAPE($_POST['surname']), + 'family' => SQL_ESCAPE($_POST['family_name']), + 'email' => SQL_ESCAPE($_POST['addy']), + 'street' => SQL_ESCAPE($_POST['street_nr']), + 'city' => SQL_ESCAPE($_POST['city']), 'zip' => bigintval($_POST['zip']), 'country' => $countryData, - 'refid' => $_POST['refid'], - 'pass' => $_POST['pass1'], + 'refid' => SQL_ESCAPE($_POST['refid']), + 'pass' => SQL_ESCAPE($_POST['pass1']), ); // Continue with birthday... switch (GET_LANGUAGE()) { case "de": - $DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year']; + $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']); break; default: - $DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year']; + $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']); break; } @@ -416,10 +416,10 @@ array( } // Adds a table for the guests with all visible categories - define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true)); + define('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true)); // Adds maximum receiveable mails list... :) - define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true)); + define('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true)); // Check if nickname extension is active and get state if nickname is selected or userid $nick = false; @@ -443,7 +443,7 @@ array( define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid'])); } else { // Load "hide" form template - define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid'])); + define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid'])); } // You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)