summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-07-29 23:29:14 +0200
committerBenny Baumann <BenBE@geshi.org>2014-07-29 23:29:14 +0200
commitb2f8a5d29ed0d35b53e71efc11ff7db1ce4308ae (patch)
tree4eda8e492e7566d9f3618c87cd3dae35a07b9059
parentba17817e3429e84d5df6ed6849cc584ab42bfcb8 (diff)
downloadcacert-devel-b2f8a5d29ed0d35b53e71efc11ff7db1ce4308ae.tar.gz
cacert-devel-b2f8a5d29ed0d35b53e71efc11ff7db1ce4308ae.tar.xz
cacert-devel-b2f8a5d29ed0d35b53e71efc11ff7db1ce4308ae.zip
bug 1291: Update wothash calculation for modified behaviourbug-1291
-rw-r--r--www/wot.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/www/wot.php b/www/wot.php
index 89b0aac..e6d180c 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -324,7 +324,7 @@ function send_reminder()
$query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
- $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
+ $name = sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])." ".sanitizeHTML($row['suffix']);
if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
{
show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));