Fix for registration

[mailer.git] / inc / modules / guest / what-register.php

diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php
index 7303c4895d832b45a1285ba1aa44cfd5763e9ab5..59ffc72e760046b2cddf5d194575dcf238e4fba4 100644 (file)
--- a/inc/modules/guest/what-register.php
+++ b/inc/modules/guest/what-register.php
@@ -167,7 +167,7 @@ if (isset($_POST['ok']))
        {
                // Not found so we set your refid!
                $_POST['refid'] = $_CONFIG['def_refid'];
-               @setcookie("refid", $_CONFIG['def_refid'], (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+               set_session("refid", $_CONFIG['def_refid']);
        }
 
        // Free memory
@@ -306,26 +306,26 @@ array(
                'hash'    => $hash,
                'uid'     => $userid,
                'salut'   => $sex,
-               'surname' => $_POST['surname'],
-               'family'  => $_POST['family_name'],
-               'email'   => $_POST['addy'],
-               'street'  => $_POST['street_nr'],
-               'city'    => $_POST['city'],
+               'surname' => SQL_ESCAPE($_POST['surname']),
+               'family'  => SQL_ESCAPE($_POST['family_name']),
+               'email'   => SQL_ESCAPE($_POST['addy']),
+               'street'  => SQL_ESCAPE($_POST['street_nr']),
+               'city'    => SQL_ESCAPE($_POST['city']),
                'zip'     => bigintval($_POST['zip']),
                'country' => $countryData,
-               'refid'   => $_POST['refid'],
-               'pass'    => $_POST['pass1'],
+               'refid'   => SQL_ESCAPE($_POST['refid']),
+               'pass'    => SQL_ESCAPE($_POST['pass1']),
        );
 
        // Continue with birthday...
        switch (GET_LANGUAGE())
        {
        case "de":
-               $DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year'];
+               $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']);
                break;
 
        default:
-               $DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year'];
+               $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']);
                break;
        }
 
@@ -416,10 +416,10 @@ array(
        }
 
        // Adds a table for the guests with all visible categories
-       define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));
+       define('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));
 
        // Adds maximum receiveable mails list... :)
-       define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));
+       define('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));
 
        // Check if nickname extension is active and get state if nickname is selected or userid
        $nick = false;
@@ -428,7 +428,7 @@ array(
        // Is the nickname valid?
        if (!$nick) {
                // Nope, disable it
-               if (GET_EXT_VERSION("sql_patches") != "") {
+               if (GET_EXT_VERSION("sql_patches") != '') {
                        // Use default refid
                        $GLOBALS['refid'] = $_CONFIG['def_refid'];
                } else {
@@ -443,7 +443,7 @@ array(
                define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));
        } else {
                // Load "hide" form template
-               define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
+               define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
        }
 
        // You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)