From 4ba3fe05acf58e3c225a5cd17a63c298c09bc6b5 Mon Sep 17 00:00:00 2001 From: ngleader Date: Fri, 23 Mar 2012 00:43:07 +0000 Subject: [PATCH] Issue 1736 fixed a rollback code about find account of anwser in member module git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10462 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- modules/member/member.controller.php | 5 ----- modules/member/member.model.php | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index 8d95ea34b..0919a606c 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -1710,11 +1710,6 @@ if (!$args->user_id) $args->user_id = 't'.$args->member_srl; if (!$args->user_name) $args->user_name = $args->member_srl; - if(trim($args->find_account_answer)) - { - $args->find_account_answer = md5($args->find_account_answer); - } - $output = executeQuery('member.insertMember', $args); if(!$output->toBool()) { $oDB->rollback(); diff --git a/modules/member/member.model.php b/modules/member/member.model.php index 3b4b6c17b..e55ac0aae 100644 --- a/modules/member/member.model.php +++ b/modules/member/member.model.php @@ -252,6 +252,11 @@ } } + if(strlen($info->find_account_answer) == 32 && preg_match('/[a-zA-Z0-9]+/', $info->find_account_answer)) + { + $info->find_account_answer = null; + } + // XSS defence $oSecurity = new Security($info); $oSecurity->encodeHTML('user_name', 'nick_name', 'find_account_answer', 'description', 'address.', 'group_list..');