diff options
| author | Michael Tänzer <neo@nhng.de> | 2013-07-31 21:40:01 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2013-07-31 21:40:01 +0200 |
| commit | 5e7476106c99cad7ba9e954dbba39bbafeee19ae (patch) | |
| tree | dd9027629424e5fb8496e7cd3d5a294a0417779d | |
| parent | 2116db1d1656ddc28c3002acc8bee0f905e5a0a7 (diff) | |
| download | cacert-devel-5e7476106c99cad7ba9e954dbba39bbafeee19ae.tar.gz cacert-devel-5e7476106c99cad7ba9e954dbba39bbafeee19ae.tar.xz cacert-devel-5e7476106c99cad7ba9e954dbba39bbafeee19ae.zip | |
bug 893: Always trim() arbitration number
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | includes/account.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/includes/account.php b/includes/account.php index e3dbc9e..954dba5 100644 --- a/includes/account.php +++ b/includes/account.php @@ -2969,11 +2969,11 @@ } if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) { showheader(_("My CAcert.org Account!")); - echo _("You did not enter an arbitration number entry."); + printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno']))); showfooter(); exit; } - if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')) { + if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org')); showfooter(); @@ -2993,7 +2993,7 @@ showfooter(); exit; } - account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']); + account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) |