MantisBT: master-1.2.x 9c0f46d6

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2009-12-01 01:39 master-1.2.x 868c1d6c
Affected Issues  0011234: user_ensure_realname_valid() is not checked on account_page.php
Changeset

Fix 0011234: Validate user name and email on account_page.php

manage_user_edit_page.php correctly validates the real name and email
address of user accounts that are updated by managers/admins. However,
the user account update page (account_page.php) doesn't perform these
validation checks, allowing users to set their real name and email
address to invalid and potentially unsafe strings.
mod - account_update.php Diff File