summaryrefslogtreecommitdiff
path: root/includes/account.php
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2013-07-31 21:40:01 +0200
committerMichael Tänzer <neo@nhng.de>2013-07-31 21:40:01 +0200
commit5e7476106c99cad7ba9e954dbba39bbafeee19ae (patch)
treedd9027629424e5fb8496e7cd3d5a294a0417779d /includes/account.php
parent2116db1d1656ddc28c3002acc8bee0f905e5a0a7 (diff)
downloadcacert-devel-5e7476106c99cad7ba9e954dbba39bbafeee19ae.tar.gz
cacert-devel-5e7476106c99cad7ba9e954dbba39bbafeee19ae.tar.xz
cacert-devel-5e7476106c99cad7ba9e954dbba39bbafeee19ae.zip
bug 893: Always trim() arbitration number
Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'includes/account.php')
-rw-r--r--includes/account.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/includes/account.php b/includes/account.php
index e3dbc9e..954dba5 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2969,11 +2969,11 @@
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
- echo _("You did not enter an arbitration number entry.");
+ printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
showfooter();
exit;
}
- if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')) {
+ if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
showfooter();
@@ -2993,7 +2993,7 @@
showfooter();
exit;
}
- account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
+ account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
}
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)