summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2005-06-01 19:21:02 +0000
committerDries Buytaert2005-06-01 19:21:02 +0000
commitb4ecbd9401e5201d925724667e6ad97e30b3ad10 (patch)
tree949898a9be094f5a1b7f059561e0dff80076e609
parent70a4357aa4c47108502ac367a4ee9b43970a6e56 (diff)
- Fixed registration bug.4.4.3
-rw-r--r--CHANGELOG.txt5
-rw-r--r--modules/user.module6
2 files changed, 10 insertions, 1 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 439c7e5..4f636f9 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,8 @@
+Drupal 4.4.3, 2005-06-01
+------------------------
+
+- fixed bugs, including a critical input validation bug.
+
Drupal 4.4.2, 2004-07-04
------------------------
diff --git a/modules/user.module b/modules/user.module
index 2fe7846..9bbf0a7 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -807,7 +807,11 @@ function user_register($edit = array()) {
// TODO: is this necessary? Won't session_write replicate this?
unset($edit["session"]);
- $account = user_save("", array_merge(array('name' => $edit['name'], 'pass' => $pass, "init" => $edit['mail'], "mail" => $edit['mail'], "rid" => _user_authenticated_id(), "status" => (variable_get("user_register", 1) == 1 ? 1 : 0)), $data));
+ if (array_intersect(array_keys($edit), array("rid", "init", "session", "status"))) {
+ watchdog("warning", "detected malicious attempt to alter a protected database field");
+ drupal_goto('user/register');
+ }
+ $account = user_save("", array_merge($edit, array('pass' => $pass, "init" => $edit['mail'], "mail" => $edit['mail'], "rid" => _user_authenticated_id(), "status" => (variable_get("user_register", 1) == 1 ? 1 : 0))));
watchdog('user', "new user: '". $edit['name'] ."' <". $edit['mail'] .">", l(t("edit user"), "admin/user/edit/$account->uid"));
$variables = array("%username" => $edit['name'], "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => $base_url, "%uri_brief" => substr($base_url, strlen("http://")), "%mailto" => $edit['mail'], "%date" => format_date(time()), "%login_uri" => url('user/login', NULL, NULL, TRUE), "%edit_uri" => url("user/edit", NULL, NULL, TRUE));