diff options
| -rw-r--r-- | application/controllers/user.php | 5 | ||||
| -rw-r--r-- | application/views/user/apikeys.php | 2 |
2 files changed, 3 insertions, 4 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php index f1dbe5c31..27e027ac7 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -92,9 +92,8 @@ class User extends CI_Controller { $comment = $this->input->post("comment"); - if (strlen($comment) > 255 || !preg_match("/^[a-zA-Z0-9 -@,]*$/", $comment)) { - // display better error for - show_error("Comment invalid. Only 255 chars of a-zA-Z0-9, @, -, space and comma allowed"); + if (strlen($comment) > 255) { + show_error("Comment may only be 255 chars long."); } $key = random_alphanum(32); diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php index 14d829ffa..aa268d678 100644 --- a/application/views/user/apikeys.php +++ b/application/views/user/apikeys.php @@ -15,7 +15,7 @@ <tr> <td><?php echo $i++; ?></td> <td><?php echo $item["key"]; ?></td> - <td><?php echo $item["comment"]; ?></td> + <td><?php echo htmlentities($item["comment"]); ?></td> <td><?php echo date("Y/m/d H:i", $item["created"]); ?></td> <td> <?php echo form_open("user/delete_apikey", array("style" => "margin-bottom: 0")); ?> |