Skip to content

Commit

Permalink
sec(Users) sanitize email and name
Browse files Browse the repository at this point in the history
  • Loading branch information
@joebordes
joebordes committed Jun 2, 2023
1 parent e87f77c commit 659e328
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
5 changes: 5 additions & 0 deletions modules/Users/DetailViewAjax.php
View file
Expand Up @@ -58,6 +58,11 @@
$_REQUEST[$widget] = $visible;
}
$_REQUEST['tagcloudview'] = $homeStuffOrder['Tag Cloud'];
$userObj->column_fields['first_name'] = vtlib_purify($userObj->column_fields['first_name']);
$userObj->column_fields['last_name'] = vtlib_purify($userObj->column_fields['last_name']);
$userObj->column_fields['email1'] = filter_var($userObj->column_fields['email1'], FILTER_SANITIZE_EMAIL);
$userObj->column_fields['email2'] = filter_var($userObj->column_fields['email2'], FILTER_SANITIZE_EMAIL);
$userObj->column_fields['secondaryemail'] = filter_var($userObj->column_fields['secondaryemail'], FILTER_SANITIZE_EMAIL);
$userObj->save('Users');
if ($userObj->id != '') {
echo ':#:SUCCESS:#:';
Expand Down
2 changes: 2 additions & 0 deletions modules/Users/Save.php
View file
Expand Up @@ -124,6 +124,8 @@
coreBOS_Session::set('internal_mailer', $focus->column_fields['internal_mailer']);
}
setObjectValuesFromRequest($focus);
$focus->column_fields['first_name'] = vtlib_purify($focus->column_fields['first_name']);
$focus->column_fields['last_name'] = vtlib_purify($focus->column_fields['last_name']);
$focus->column_fields['email1'] = filter_var($focus->column_fields['email1'], FILTER_SANITIZE_EMAIL);
$focus->column_fields['email2'] = filter_var($focus->column_fields['email2'], FILTER_SANITIZE_EMAIL);
$focus->column_fields['secondaryemail'] = filter_var($focus->column_fields['secondaryemail'], FILTER_SANITIZE_EMAIL);
Expand Down

0 comments on commit 659e328

Please sign in to comment.