Security fix for user->create

2005-01-08 18:38:29 +00:00
parent 840043ed16
commit 6897af23e0
1 changed files with 13 additions and 4 deletions
--- a/include/user.php
+++ b/include/user.php
@@ -120,11 +120,20 @@ class User {
     */
    function create($username, $password, $realname, $email, $CVSrelease)
    {
-        $result = mysql_query("INSERT INTO user_list VALUES ( NOW(), 0, ".
-                              "'$username', password('$password'), ".
-                              "'$realname', '$email', NOW(), 0, 0, '$CVSrelease')");
-        if(!$result)
+        $aInsert = compile_insert_string(array( 'username' => $username,
+                                                'realname' => $realname,
+                                                'email' => $email,
+                                                'status' => 0,
+                                                'perm' => 0,
+                                                'CVSrelease' => $CVSrelease ));
+
+        $sFields = "({$aInsert['FIELDS']}, `password`, `stamp`, `created`)";
+        $sValues = "({$aInsert['VALUES']}, password('".$password."'), NOW(), NOW() )";
+
+        if (!query_userdb("INSERT INTO user_list $sFields VALUES $sValues"))
+        {
            return mysql_error();
+        }
        return $this->restore($username, $password);
    }