diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 439c7e5b3a119eb2ebf1754e3dd1799149cb11f9..4f636f988e2431405d7aa270a479c9764f14df22 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,8 @@
+Drupal 4.4.3, 2005-06-01
+------------------------
+
+- fixed bugs, including a critical input validation bug.
+
 Drupal 4.4.2, 2004-07-04
 ------------------------
 
diff --git a/modules/user.module b/modules/user.module
index 2fe7846aa83b884e543e572222095d5f95ad53df..9bbf0a75085e63b960d5c0f47a4a8380e82eb53c 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -807,7 +807,11 @@ function user_register($edit = array()) {
 
     // TODO: is this necessary? Won't session_write replicate this?
     unset($edit["session"]);
-    $account = user_save("", array_merge(array('name' => $edit['name'], 'pass' => $pass, "init" => $edit['mail'], "mail" => $edit['mail'], "rid" => _user_authenticated_id(), "status" => (variable_get("user_register", 1) == 1 ? 1 : 0)), $data));
+    if (array_intersect(array_keys($edit), array("rid", "init", "session", "status"))) {
+      watchdog("warning", "detected malicious attempt to alter a protected database field");
+      drupal_goto('user/register');
+    }
+    $account = user_save("", array_merge($edit, array('pass' => $pass, "init" => $edit['mail'], "mail" => $edit['mail'], "rid" => _user_authenticated_id(), "status" => (variable_get("user_register", 1) == 1 ? 1 : 0))));
     watchdog('user', "new user: '". $edit['name'] ."' <". $edit['mail'] .">", l(t("edit user"), "admin/user/edit/$account->uid"));
 
     $variables = array("%username" => $edit['name'], "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => $base_url, "%uri_brief" => substr($base_url, strlen("http://")), "%mailto" => $edit['mail'], "%date" => format_date(time()), "%login_uri" => url('user/login', NULL, NULL, TRUE), "%edit_uri" => url("user/edit", NULL, NULL, TRUE));