2009-06-03
andy.webber
looks like the fix that went into the code is incomplete as disabled fields are still checked. Diff on 2008-05-05 code here:
--- auth.php 2008-11-13 08:45:04.000000000 -0800
+++ auth.php.distrib 2008-11-13 08:34:20.000000000 -0800
@@ -644,13 +644,12 @@
$_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['fullname']));
$_POST['email'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['email']));
- if ((empty($_POST['fullname']) && $auth->canDo('modName')) ||
- (empty($_POST['email']) && $auth->canDo('modMail'))) {
+ if (empty($_POST['fullname']) || empty($_POST['email'])) {
msg($lang['profnoempty'],-1);
return false;
}
- if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')){
+ if (!mail_isvalid($_POST['email'])){
msg($lang['regbadmail'],-1);
return false;
}