jostreff/nsedit
1
0
Fork 0
mirror of https://github.com/tuxis-ie/nsedit.git synced 2025-06-07 00:47:00 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add validation and 'htmlspecialchars' to keep Teun from breaking stuff

Browse source
This commit is contained in:
Mark Schouten 2014-05-26 12:04:24 +02:00
parent 858830915f
commit b457495426
3 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
users.php
View file

@ -14,11 +14,18 @@ if (isset($_GET['action'])) {
_jtable_respond(null, 'error', 'No action given');
}
function _valid_user($name) {
return ( bool ) ! preg_match( '/^[a-z0-9@_.-]+$/i' , $name );
}
if ($action == "list") {
$users = get_all_users();
_jtable_respond($users);
} elseif ($action == "create" or $action == "update") {
if (_valid_user($_POST['emailaddress']) === FALSE) {
_jtable_respond(null, 'error', "Please only use [a-z0-9@_/.-] for usernames");
}
$isadmin = $_POST['isadmin'] ? $_POST['isadmin'] : '0';
if (add_user($_POST['emailaddress'], $isadmin, $_POST['password']) === TRUE) {
unset($_POST['password']);