Wernis extension more secured

[mailer.git] / inc / modules / guest / what-register.php

diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php
index 03bd3a0e08a7a55b2ca5f0b3914cfc0d84c6eaa5..eaad356ca9084a95b3ff98adae6550de714d7ffa 100644 (file)
--- a/inc/modules/guest/what-register.php
+++ b/inc/modules/guest/what-register.php
@@ -306,26 +306,26 @@ array(
                'hash'    => $hash,
                'uid'     => $userid,
                'salut'   => $sex,
-               'surname' => $_POST['surname'],
-               'family'  => $_POST['family_name'],
-               'email'   => $_POST['addy'],
-               'street'  => $_POST['street_nr'],
-               'city'    => $_POST['city'],
+               'surname' => SQL_ESCAPE($_POST['surname']),
+               'family'  => SQL_ESCAPE($_POST['family_name']),
+               'email'   => SQL_ESCAPE($_POST['addy']),
+               'street'  => SQL_ESCAPE($_POST['street_nr']),
+               'city'    => SQL_ESCAPE($_POST['city']),
                'zip'     => bigintval($_POST['zip']),
                'country' => $countryData,
-               'refid'   => $_POST['refid'],
-               'pass'    => $_POST['pass1'],
+               'refid'   => SQL_ESCAPE($_POST['refid']),
+               'pass'    => SQL_ESCAPE($_POST['pass1']),
        );
 
        // Continue with birthday...
        switch (GET_LANGUAGE())
        {
        case "de":
-               $DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year'];
+               $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']);
                break;
 
        default:
-               $DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year'];
+               $DATA['birthday'] = bigintval($_POST['month']."/".bigintval($_POST['day'])."/".bigintval($_POST['year']);
                break;
        }