bug 893: Always trim() arbitration number
authorMichael Tänzer <neo@nhng.de>
Wed, 31 Jul 2013 19:40:01 +0000 (21:40 +0200)
committerMichael Tänzer <neo@nhng.de>
Wed, 31 Jul 2013 19:40:01 +0000 (21:40 +0200)
Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/account.php

index e3dbc9e..954dba5 100644 (file)
                }
                if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
                        showheader(_("My CAcert.org Account!"));
-                       echo _("You did not enter an arbitration number entry.");
+                       printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
                        showfooter();
                        exit;
                }
-               if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')) {
+               if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
                        showfooter();
                        showfooter();
                        exit;
                }
-               account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
+               account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
        }
 
        if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)