diff options
| -rw-r--r-- | inc/auth.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/inc/auth.php b/inc/auth.php index 264a1a5fa..a61e08ad5 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -458,8 +458,8 @@ function register(){ $_POST['login'] = preg_replace('/.*:/','',$_POST['login']); $_POST['login'] = cleanID($_POST['login']); //clean fullname and email - $_POST['fullname'] = trim(str_replace(':','',$_POST['fullname'])); - $_POST['email'] = trim(str_replace(':','',$_POST['email'])); + $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['fullname'])); + $_POST['email'] = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['email'])); if( empty($_POST['login']) || empty($_POST['fullname']) || @@ -533,8 +533,8 @@ function updateprofile() { } //clean fullname and email - $_POST['fullname'] = trim(str_replace(':','',$_POST['fullname'])); - $_POST['email'] = trim(str_replace(':','',$_POST['email'])); + $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['fullname'])); + $_POST['email'] = trim(preg_replace('/[\x00-\x1f:<>&%]+/','',$_POST['email'])); if (empty($_POST['fullname']) || empty($_POST['email'])) { msg($lang['profnoempty'],-1); |