onokazu
onoka****@users*****
2005年 7月 18日 (月) 15:49:06 JST
Index: xoops2jp/html/include/checklogin.php diff -u xoops2jp/html/include/checklogin.php:1.2.6.1.2.1 xoops2jp/html/include/checklogin.php:1.2.6.1.2.2 --- xoops2jp/html/include/checklogin.php:1.2.6.1.2.1 Thu Jun 30 01:40:23 2005 +++ xoops2jp/html/include/checklogin.php Mon Jul 18 15:49:06 2005 @@ -1,5 +1,5 @@ <?php -// $Id: checklogin.php,v 1.2.6.1.2.1 2005/06/29 16:40:23 onokazu Exp $ +// $Id: checklogin.php,v 1.2.6.1.2.2 2005/07/18 06:49:06 onokazu Exp $ // ------------------------------------------------------------------------ // // XOOPS - PHP Content Management System // // Copyright (c) 2000 XOOPS.org // @@ -33,15 +33,15 @@ exit(); } include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php'; -$myts =& MyTextsanitizer::getInstance(); -$uname = !isset($_POST['uname']) ? '' : $myts->stripSlashesGPC(trim($_POST['uname'])); -$pass = !isset($_POST['pass']) ? '' : $myts->stripSlashesGPC(trim($_POST['pass'])); +$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']); +$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']); if ($uname == '' || $pass == '') { redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN); exit(); } $member_handler =& xoops_gethandler('member'); -$user =& $member_handler->loginUser($uname, $pass); +$myts =& MyTextsanitizer::getInstance(); +$user =& $member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass))); if (false != $user) { if (0 == $user->getVar('level')) { redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);