Commit affe0648 authored by Ben Cooksley's avatar Ben Cooksley
Browse files

Fix POST escaping issues

parent 51a968f0
...@@ -260,8 +260,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && $action == 'finishreset') { ...@@ -260,8 +260,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && $action == 'finishreset') {
$timelimit = validate($_POST['lock']); $timelimit = validate($_POST['lock']);
$ldapdata = array(); $ldapdata = array();
$message = array(); $message = array();
$password = validate($_POST['new_password']); $password = validate(get_post('new_password'));
$password_confirm = validate($_POST['repeated_password']); $password_confirm = validate(get_post('repeated_password'));
/* Do the password fields match? */ /* Do the password fields match? */
if ($password != $password_confirm) { if ($password != $password_confirm) {
......
...@@ -216,8 +216,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['create'])){ ...@@ -216,8 +216,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['create'])){
$givenName = validate($_POST['givenName']); $givenName = validate($_POST['givenName']);
$lastName = validate($_POST['sn']); $lastName = validate($_POST['sn']);
$email = validate($_POST['mail']); $email = validate($_POST['mail']);
$password = $_POST['new_password']; $password = get_post('new_password');
$password_confirm = $_POST['repeated_password']; $password_confirm = get_post('repeated_password');
/* Validate the data */ /* Validate the data */
if ($givenName == "") { if ($givenName == "") {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment