summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2005-06-01 19:27:12 +0000
committerDries Buytaert2005-06-01 19:27:12 +0000
commite3260447be3cf423e4d06eef3ae54cd54c0f44a3 (patch)
tree22e64b981f9aca1343c54258c29226e1cc14be75
parent99b3875935d8e50c11efd38d69689f60f85fd56f (diff)
- Fixed registration bug.4.5.3
-rw-r--r--CHANGELOG.txt6
-rw-r--r--modules/user.module6
2 files changed, 10 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index be04328..06d883b 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,10 @@
+Drupal 4.6.0, 2005-06-01
+------------------------
+- fixed bugs, including a critical input validation bug.
+
Drupal 4.5.2, 2005-01-15
------------------------
-- fixed bugs: a cross-site scripting (XSS) vulnerability has been fixed.
+- fixed bugs, including a cross-site scripting (XSS) vulnerability.
Drupal 4.5.1, 2004-12-01
------------------------
diff --git a/modules/user.module b/modules/user.module
index 4997c93..ae24c91 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -961,7 +961,11 @@ function user_register($edit = array()) {
// TODO: Is this necessary? Won't session_write() replicate this?
unset($edit['session']);
- $account = user_save('', array_merge(array('name' => $edit['name'], 'pass' => $pass, 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)), $edit));
+ if (array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
+ watchdog('warning', t('Detected malicious attempt to alter protected user fields.'));
+ drupal_goto('user/register');
+ }
+ $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0))));
watchdog('user', t('New user: %name %email.', array('%name' => '<em>'. $edit['name'] .'</em>', '%email' => '<em>&lt;'. $edit['mail'] .'&gt;</em>')), l(t('edit'), 'user/'. $account->uid .'/edit'));
$variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));