summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/user/user.module4
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/user/user.module b/modules/user/user.module
index 4ee3ae7ae..1589e747d 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1223,6 +1223,8 @@ function user_register_submit($form_id, $form_values) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
return 'user/register';
}
+ //the unset below is needed to prevent these form values from being saved as user data
+ unset($form_values['form_token'], $form_values['submit'], $form_values['op'], $form_values['notify'], $form_values['form_id'], $form_values['affiliates'], $form_values['destination']);
$account = user_save('', array_merge($form_values, array('pass' => $pass, 'init' => $mail, 'roles' => $roles, 'status' => ($admin || variable_get('user_register', 1) == 1))));
watchdog('user', t('New user: %name %email.', array('%name' => $name, '%email' => '<'. $mail .'>')), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
@@ -1466,7 +1468,7 @@ function user_edit_validate($form_id, $form_values) {
function user_edit_submit($form_id, $form_values) {
$account = $form_values['_account'];
$category = $form_values['_category'];
- unset($form_values['_account'], $form_values['submit'], $form_values['delete'], $form_values['form_id'], $form_values['_category']);
+ unset($form_values['_account'], $form_values['op'], $form_values['submit'], $form_values['delete'], $form_values['form_token'], $form_values['form_id'], $form_values['_category']);
user_module_invoke('submit', $form_values, $account, $category);
user_save($account, $form_values, $category);
// Delete that user's menu cache.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-22 12:02:34 +0000