* Add ability to plugins to check uploaded media files for invalid

file extensions. Added more escaping to user- and groupnames for untrusted author environments, thanks to Hanno Boeck. (garvinhicking)
2008-02-01 14:10:14 +00:00
parent 2aff6710c8
commit d34bbd7181
13 changed files with 41 additions and 30 deletions
--- a/include/admin/installer.inc.php
+++ b/include/admin/installer.inc.php
@ -478,7 +478,7 @@ if ( (int)$serendipity['GET']['step'] == 0 ) {
        serendipity_installDatabase();
        echo ' <strong>' . DONE . '</strong><br />';

-        echo sprintf(CREATING_PRIMARY_AUTHOR, $_POST['user']) .'...';
+        echo sprintf(CREATING_PRIMARY_AUTHOR, htmlspecialchars($_POST['user'])) .'...';
        $authorid = serendipity_addAuthor($_POST['user'], $_POST['pass'], $_POST['realname'], $_POST['email'], USERLEVEL_ADMIN);
        $mail_comments =  (serendipity_db_bool($_POST['want_mail']) ? 1 : 0);
        serendipity_set_user_var('mail_comments', $mail_comments, $authorid);