Revision: 1147
http://mrbs.svn.sourceforge.net/mrbs/?rev=1147&view=rev
Author: cimorrison
Date: 2009-07-08 10:56:26 +0000 (Wed, 08 Jul 2009)
Log Message:
-----------
Added checking of name lengths for username and email address in order to avoid
SQL errors in PostgreSQL.
Modified Paths:
--------------
mrbs/trunk/web/config.inc.php
mrbs/trunk/web/edit_users.php
Modified: mrbs/trunk/web/config.inc.php
===================================================================
--- mrbs/trunk/web/config.inc.php 2009-07-08 09:40:57 UTC (rev 1146)
+++ mrbs/trunk/web/config.inc.php 2009-07-08 10:56:26 UTC (rev 1147)
@@ -46,6 +46,9 @@
$maxlength['entry.name'] = 80; // characters (name field in entry
table)
$maxlength['area.area_name'] = 30; // characters (area_name field in area
table)
$maxlength['room.room_name'] = 25; // characters (room_name field in room
table)
+$maxlength['users.name'] = 30; // characters (name field in users
table)
+$maxlength['users.email'] = 75; // characters (email field in users
table)
+// other values for the users table need to follow the
$maxlength['users.fieldname'] pattern
/*********************************
Modified: mrbs/trunk/web/edit_users.php
===================================================================
--- mrbs/trunk/web/edit_users.php 2009-07-08 09:40:57 UTC (rev 1146)
+++ mrbs/trunk/web/edit_users.php 2009-07-08 10:56:26 UTC (rev 1147)
@@ -251,6 +251,7 @@
echo ("<div>\n");
echo ("<label for=\"$html_fieldname\">" .
get_loc_field_name($fieldname) . ":</label>\n");
echo ("<input id=\"$html_fieldname\" name=\"$html_fieldname\"
type=\"text\" " .
+ "maxlength=\"" . $maxlength['users.name'] . "\" " .
(($level < $min_user_editing_level) ?
"disabled=\"disabled\" " : "") .
"value=\"" . htmlspecialchars($data[$fieldname]) .
"\">\n");
// if the field was disabled then we still need to pass
through the value as a hidden input
@@ -264,7 +265,9 @@
$html_fieldname = htmlspecialchars("Field_$fieldname");
echo ("<div>\n");
echo ("<label for=\"$html_fieldname\">" .
get_loc_field_name($fieldname) . ":</label>\n");
- echo ("<input id=\"$html_fieldname\" name=\"$html_fieldname\"
type=\"text\" value=\"" . htmlspecialchars($data[$fieldname]) . "\">\n");
+ echo ("<input id=\"$html_fieldname\" name=\"$html_fieldname\"
type=\"text\" " .
+ (isset($maxlength["users.$fieldname"]) ? "maxlength=\"" .
$maxlength["users.$fieldname"] . "\" " : "") .
+ "value=\"" . htmlspecialchars($data[$fieldname]) .
"\">\n");
echo ("</div>\n");
break;
} // end switch
@@ -374,6 +377,8 @@
// Verify email adresses
$email_var = get_form_var('Field_email', 'string');
+ // Truncate the email field to the maximum length as a precaution.
+ $email_var = substr($email_var, 0, $maxlength['users.email']);
if (!isset($email_var))
{
$email_var = '';
@@ -398,6 +403,9 @@
exit;
}
+ // Truncate the name field to the maximum length as a precaution.
+ $new_name = substr($new_name, 0, $maxlength['users.name']);
+
// Check that the name is unique.
// If it's a new user, then to check to see if there are any rows with
that name.
// If it's an update, then check to see if there are any rows with that
name, except
@@ -465,6 +473,11 @@
// pre-process the field value for SQL
if ($field_props[$fieldname]['istext'])
{
+ // Truncate the field to the maximum length as a precaution.
+ if (isset($maxlength["users.$fieldname"]))
+ {
+ $value = substr($value, 0, $maxlength["users.$fieldname"]);
+ }
$value = "'" . addslashes($value) . "'";
}
else if ($field_props[$fieldname]['isbool'])
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
