diff options
| -rwxr-xr-x | createaccount.cgi | 3 | ||||
| -rwxr-xr-x | userprefs.cgi | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/createaccount.cgi b/createaccount.cgi index 5b9bfb9f6..3bf7f51b4 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -21,6 +21,7 @@ # Contributor(s): Terry Weissman <terry@mozilla.org> # David Gardiner <david.gardiner@unisa.edu.au> # Joe Robins <jmrobins@tgix.com> +# Christopher Aillon <christopher@aillon.com> use diagnostics; use strict; @@ -53,7 +54,7 @@ if(Param('useLDAP')) { } my $login = $::FORM{'login'}; -my $realname = $::FORM{'realname'}; +my $realname = trim($::FORM{'realname'}); if (defined $login) { CheckEmailSyntax($login); if (DBname_to_id($login) != 0) { diff --git a/userprefs.cgi b/userprefs.cgi index 0eeda0e71..4e73ec3a9 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -17,7 +17,7 @@ # Dan Mosedale <dmose@mozilla.org> # Alan Raetz <al_raetz@yahoo.com> # David Miller <justdave@syndicomm.com> -# +# Christopher Aillon <christopher@aillon.com> use diagnostics; use strict; @@ -171,7 +171,7 @@ sub SaveAccount { WHERE userid = $userid"); } SendSQL("UPDATE profiles SET " . - "realname = " . SqlQuote($::FORM{'realname'}) . + "realname = " . SqlQuote(trim($::FORM{'realname'})) . " WHERE userid = $userid"); } |