Add sanitisation
This commit is contained in:
parent
f81d6916e8
commit
97e3e4a788
10 changed files with 125 additions and 42 deletions
|
@ -36,10 +36,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
$response['data'][$table] = $count->get();
|
$response['data'][$table] = $count->get();
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
$table = Sanitiser::getTable($_GET['table']);
|
||||||
|
|
||||||
$count = $database
|
$count = $database
|
||||||
->query(
|
->query(
|
||||||
'SELECT COUNT(`id`) AS "count"
|
'SELECT COUNT(`id`) AS "count"
|
||||||
FROM `' . $_GET['table'] . '`;'
|
FROM `' . $table . '`;'
|
||||||
)
|
)
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
|
|
|
@ -59,11 +59,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$wish_title = trim($_POST['wish_title']);
|
$wish_title = Sanitiser::getTitle($_POST['wish_title']);
|
||||||
$wish_description = trim($_POST['wish_description']);
|
$wish_description = Sanitiser::getText($_POST['wish_description']);
|
||||||
$wish_image = trim($_POST['wish_image']);
|
$wish_image = Sanitiser::getURL($_POST['wish_image']);
|
||||||
$wish_url = trim($_POST['wish_url']);
|
$wish_url = Sanitiser::getURL($_POST['wish_url']);
|
||||||
$wish_priority = isset($_POST['wish_priority']) && $_POST['wish_priority'] ? $_POST['wish_priority'] : 'NULL';
|
$wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : 'NULL';
|
||||||
$wish_is_purchasable = isset($_POST['wish_is_purchasable']) ? 'true' : 'false';
|
$wish_is_purchasable = isset($_POST['wish_is_purchasable']) ? 'true' : 'false';
|
||||||
|
|
||||||
if (Wish::NO_IMAGE === $wish_image) {
|
if (Wish::NO_IMAGE === $wish_image) {
|
||||||
|
@ -127,7 +127,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
*/
|
*/
|
||||||
$wish_price = empty($_POST['wish_price']) || 'false' === $wish_is_purchasable
|
$wish_price = empty($_POST['wish_price']) || 'false' === $wish_is_purchasable
|
||||||
? 'NULL'
|
? 'NULL'
|
||||||
: $_POST['wish_price'];
|
: Sanitiser::getNumber($_POST['wish_price']);
|
||||||
|
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
|
@ -207,7 +207,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
* Product
|
* Product
|
||||||
*/
|
*/
|
||||||
$wish_id = $database->lastInsertId();
|
$wish_id = $database->lastInsertId();
|
||||||
$wish_price = floatval($_POST['wish_price']);
|
$wish_price = Sanitiser::getNumber($_POST['wish_price']);
|
||||||
|
|
||||||
if ($wish_price > 0) {
|
if ($wish_price > 0) {
|
||||||
$database
|
$database
|
||||||
|
@ -235,7 +235,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
/**
|
/**
|
||||||
* Update Wish Status
|
* Update Wish Status
|
||||||
*/
|
*/
|
||||||
$status = $_PUT['wish_status'];
|
$status = Sanitiser::getStatus($_PUT['wish_status']);
|
||||||
|
$wish_id = Sanitiser::getNumber($_PUT['wish_id']);
|
||||||
|
|
||||||
if (Wish::STATUS_TEMPORARY === $status) {
|
if (Wish::STATUS_TEMPORARY === $status) {
|
||||||
$status = time();
|
$status = time();
|
||||||
|
@ -243,8 +244,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
|
|
||||||
$database->query(
|
$database->query(
|
||||||
'UPDATE `wishes`
|
'UPDATE `wishes`
|
||||||
SET `status` = "' . $status . '"
|
SET `status` = "' . $status . '"
|
||||||
WHERE `id` = ' . $_PUT['wish_id'] . ';'
|
WHERE `id` = ' . $wish_id . ';'
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
@ -254,8 +255,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
*/
|
*/
|
||||||
$database->query(
|
$database->query(
|
||||||
'UPDATE `wishes`
|
'UPDATE `wishes`
|
||||||
SET `url` = "' . $_PUT['wish_url_proposed'] . '"
|
SET `url` = "' . Sanitiser::getURL($_PUT['wish_url_proposed']) . '"
|
||||||
WHERE `url` = "' . $_PUT['wish_url_current'] . '";'
|
WHERE `url` = "' . Sanitiser::getURL($_PUT['wish_url_current']) . '";'
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
@ -268,7 +269,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
if (isset($_DELETE['wish_id'])) {
|
if (isset($_DELETE['wish_id'])) {
|
||||||
$database->query(
|
$database->query(
|
||||||
'DELETE FROM `wishes`
|
'DELETE FROM `wishes`
|
||||||
WHERE `id` = ' . $_DELETE['wish_id'] . ';'
|
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wish_id']) . ';'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
$wishlist = $database
|
$wishlist = $database
|
||||||
->query('SELECT *
|
->query('SELECT *
|
||||||
FROM `wishlists_saved`
|
FROM `wishlists_saved`
|
||||||
WHERE `wishlist` = ' . $_POST['wishlist'] . '
|
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . '
|
||||||
;')
|
;')
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
/** Delete */
|
/** Delete */
|
||||||
$database
|
$database
|
||||||
->query('DELETE FROM `wishlists_saved`
|
->query('DELETE FROM `wishlists_saved`
|
||||||
WHERE `wishlist` = ' . $_POST['wishlist'] . '
|
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . '
|
||||||
;');
|
;');
|
||||||
|
|
||||||
$response['action'] = 'deleted';
|
$response['action'] = 'deleted';
|
||||||
|
@ -46,7 +46,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
`wishlist`
|
`wishlist`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $user->id . ',
|
' . $user->id . ',
|
||||||
' . $_POST['wishlist'] . '
|
' . Sanitiser::getNumber($_POST['wishlist']) . '
|
||||||
)
|
)
|
||||||
;');
|
;');
|
||||||
|
|
||||||
|
|
|
@ -21,15 +21,18 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
/**
|
/**
|
||||||
* Create
|
* Create
|
||||||
*/
|
*/
|
||||||
|
$user_id = Sanitiser::getNumber($_SESSION['user']['id']);
|
||||||
|
$wish_name = Sanitiser::getTitle($_POST['wishlist-name']);
|
||||||
|
|
||||||
$database->query('INSERT INTO `wishlists`
|
$database->query('INSERT INTO `wishlists`
|
||||||
(
|
(
|
||||||
`user`,
|
`user`,
|
||||||
`name`,
|
`name`,
|
||||||
`hash`
|
`hash`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $_SESSION['user']['id'] . ',
|
' . $user_id . ',
|
||||||
"' . $_POST['wishlist-name'] . '",
|
"' . $wish_name . '",
|
||||||
"' . sha1(time() . $_SESSION['user']['id'] . $_POST['wishlist-name']) . '"
|
"' . sha1(time() . $user_id . $wish_name) . '"
|
||||||
)
|
)
|
||||||
;');
|
;');
|
||||||
|
|
||||||
|
@ -40,7 +43,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
/**
|
/**
|
||||||
* Request more wishes
|
* Request more wishes
|
||||||
*/
|
*/
|
||||||
$wishlistID = $_POST['wishlist-id'];
|
$wishlistID = Sanitiser::getNumber($_POST['wishlist-id']);
|
||||||
|
|
||||||
/** Get last notification time */
|
/** Get last notification time */
|
||||||
$wishlistQuery = $database
|
$wishlistQuery = $database
|
||||||
|
@ -148,8 +151,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
|
|
||||||
$database
|
$database
|
||||||
->query('UPDATE `wishlists`
|
->query('UPDATE `wishlists`
|
||||||
SET `name` = "' . $_PUT['wishlist_title'] . '"
|
SET `name` = "' . Sanitiser::getTitle($_PUT['wishlist_title']) . '"
|
||||||
WHERE `id` = ' . $_PUT['wishlist_id'] . '
|
WHERE `id` = ' . Sanitiser::getNumber($_PUT['wishlist_id']) . '
|
||||||
;');
|
;');
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
@ -159,7 +162,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
parse_str(file_get_contents("php://input"), $_DELETE);
|
parse_str(file_get_contents("php://input"), $_DELETE);
|
||||||
|
|
||||||
$database->query('DELETE FROM `wishlists`
|
$database->query('DELETE FROM `wishlists`
|
||||||
WHERE `id` = ' . $_DELETE['wishlistID'] . '
|
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wishlistID']) . '
|
||||||
;');
|
;');
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
|
|
@ -28,12 +28,12 @@ class Options
|
||||||
try {
|
try {
|
||||||
$option = $this->database->query(
|
$option = $this->database->query(
|
||||||
'SELECT * FROM `options`
|
'SELECT * FROM `options`
|
||||||
WHERE `key` = "' . $key . '";'
|
WHERE `key` = "' . Sanitiser::getOption($key) . '";'
|
||||||
)->fetch();
|
)->fetch();
|
||||||
|
|
||||||
$value = $option['value'] ?? '';
|
$value = $option['value'] ?? '';
|
||||||
} catch (\Throwable $th) {
|
} catch (\Throwable $th) {
|
||||||
//throw $th;
|
throw $th;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $value;
|
return $value;
|
||||||
|
@ -41,6 +41,9 @@ class Options
|
||||||
|
|
||||||
public function setOption(string $key, string $value): void
|
public function setOption(string $key, string $value): void
|
||||||
{
|
{
|
||||||
|
$key = Sanitiser::getOption($key);
|
||||||
|
$value = Sanitiser::getText($value);
|
||||||
|
|
||||||
$optionExists = 0 !== $this->database
|
$optionExists = 0 !== $this->database
|
||||||
->query('SELECT *
|
->query('SELECT *
|
||||||
FROM `options`
|
FROM `options`
|
||||||
|
|
70
src/classes/sanitiser.php
Normal file
70
src/classes/sanitiser.php
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace wishthis;
|
||||||
|
|
||||||
|
class Sanitiser
|
||||||
|
{
|
||||||
|
public static function getNumber(mixed $valueToSanitise): float
|
||||||
|
{
|
||||||
|
return preg_replace('/[^0-9\.]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getPage(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
$valueToSanitise = strtolower($valueToSanitise);
|
||||||
|
|
||||||
|
return preg_replace('/[^a-z\-_]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getTable(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
$valueToSanitise = strtolower($valueToSanitise);
|
||||||
|
|
||||||
|
return preg_replace('/[^a-z_]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getTitle(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
$valueToSanitise = trim($valueToSanitise);
|
||||||
|
|
||||||
|
return htmlentities($valueToSanitise, ENT_QUOTES | ENT_SUBSTITUTE | ENT_DISALLOWED | ENT_HTML5);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getText(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
$valueToSanitise = trim($valueToSanitise);
|
||||||
|
|
||||||
|
return htmlentities($valueToSanitise, ENT_QUOTES | ENT_SUBSTITUTE | ENT_DISALLOWED | ENT_HTML5);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getURL(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
return preg_replace('/[\s]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getStatus(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
$valueToSanitise = strtolower($valueToSanitise);
|
||||||
|
|
||||||
|
return preg_replace('/[^a-z\-_]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getOption(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
return preg_replace('/[^a-zA-Z\_]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getEmail(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
$valueToSanitise = strtolower($valueToSanitise);
|
||||||
|
|
||||||
|
return preg_replace('/[^a-z\-_0-9\.+@]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getSHA1(mixed $valueToSanitise): string
|
||||||
|
{
|
||||||
|
$valueToSanitise = strtolower($valueToSanitise);
|
||||||
|
|
||||||
|
return preg_replace('/[^a-f0-9]+/', '', $valueToSanitise);
|
||||||
|
}
|
||||||
|
}
|
|
@ -11,7 +11,7 @@ namespace wishthis;
|
||||||
$page = new Page(__FILE__, __('Login as'), 100);
|
$page = new Page(__FILE__, __('Login as'), 100);
|
||||||
|
|
||||||
if (isset($_POST['email'])) {
|
if (isset($_POST['email'])) {
|
||||||
$email = $_POST['email'];
|
$email = Sanitiser::getEmail($_POST['email']);
|
||||||
|
|
||||||
$user = $database
|
$user = $database
|
||||||
->query(
|
->query(
|
||||||
|
|
|
@ -14,7 +14,7 @@ $page = new Page(__FILE__, __('Login'));
|
||||||
* Login
|
* Login
|
||||||
*/
|
*/
|
||||||
if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
||||||
$email = $_POST['email'];
|
$email = Sanitiser::getEmail($_POST['email']);
|
||||||
$password = User::generatePassword($_POST['password']);
|
$password = User::generatePassword($_POST['password']);
|
||||||
|
|
||||||
$database->query('UPDATE `users`
|
$database->query('UPDATE `users`
|
||||||
|
@ -54,7 +54,7 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
||||||
$user = $database
|
$user = $database
|
||||||
->query('SELECT *
|
->query('SELECT *
|
||||||
FROM `users`
|
FROM `users`
|
||||||
WHERE `email` = "' . $_POST['email'] . '";')
|
WHERE `email` = "' . Sanitiser::getEmail($_POST['email']) . '";')
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
if ($user) {
|
if ($user) {
|
||||||
|
@ -68,7 +68,7 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
||||||
WHERE `id` = ' . $user['id'] . '
|
WHERE `id` = ' . $user['id'] . '
|
||||||
;');
|
;');
|
||||||
|
|
||||||
$emailReset = new Email($_POST['email'], __('Password reset link'), 'default', 'password-reset');
|
$emailReset = new Email($user['email'], __('Password reset link'), 'default', 'password-reset');
|
||||||
$emailReset->setPlaceholder('TEXT_HELLO', __('Hello,'));
|
$emailReset->setPlaceholder('TEXT_HELLO', __('Hello,'));
|
||||||
$emailReset->setPlaceholder(
|
$emailReset->setPlaceholder(
|
||||||
'TEXT_PASSWORD_RESET',
|
'TEXT_PASSWORD_RESET',
|
||||||
|
@ -84,7 +84,7 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
||||||
'password-reset-link',
|
'password-reset-link',
|
||||||
$_SERVER['REQUEST_SCHEME'] . '://' .
|
$_SERVER['REQUEST_SCHEME'] . '://' .
|
||||||
$_SERVER['HTTP_HOST'] .
|
$_SERVER['HTTP_HOST'] .
|
||||||
Page::PAGE_REGISTER . '&password-reset=' . $_POST['email'] . '&token=' . $token
|
Page::PAGE_REGISTER . '&password-reset=' . $user['email'] . '&token=' . $token
|
||||||
);
|
);
|
||||||
|
|
||||||
$emailReset->send();
|
$emailReset->send();
|
||||||
|
|
|
@ -108,7 +108,7 @@ if (isset($_POST['user-id'], $_POST['section'])) {
|
||||||
$database
|
$database
|
||||||
->query('UPDATE `users`
|
->query('UPDATE `users`
|
||||||
SET ' . implode(',', $set) . '
|
SET ' . implode(',', $set) . '
|
||||||
WHERE `id` = ' . $_POST['user-id']);
|
WHERE `id` = ' . Sanitiser::getNumber($_POST['user-id']));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($loginRequired) {
|
if ($loginRequired) {
|
||||||
|
|
|
@ -16,16 +16,17 @@ $buttonSubmit = $passwordReset ? __('Reset') : __('Register');
|
||||||
$page = new Page(__FILE__, $pageTitle);
|
$page = new Page(__FILE__, $pageTitle);
|
||||||
|
|
||||||
if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
$users = $database->query('SELECT * FROM `users`;')->fetchAll();
|
$users = $database->query('SELECT * FROM `users`;')->fetchAll();
|
||||||
$emails = array_map(
|
$emails = array_map(
|
||||||
function ($user) {
|
function ($user) {
|
||||||
return $user['email'];
|
return $user['email'];
|
||||||
},
|
},
|
||||||
$users
|
$users
|
||||||
);
|
);
|
||||||
|
$user_email = Sanitiser::getEmail($_POST['email']);
|
||||||
|
|
||||||
$isHuman = false;
|
$isHuman = false;
|
||||||
$planet = strtolower($_POST['planet']);
|
$planet = Sanitiser::getTitle($_POST['planet']);
|
||||||
$planetName = strtoupper($planet[0]) . substr($planet, 1);
|
$planetName = strtoupper($planet[0]) . substr($planet, 1);
|
||||||
$planets = array(
|
$planets = array(
|
||||||
strtolower(__('Mercury')),
|
strtolower(__('Mercury')),
|
||||||
|
@ -57,14 +58,17 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
$userRegistered = false;
|
$userRegistered = false;
|
||||||
|
|
||||||
if (isset($_GET['password-reset'], $_GET['token'])) {
|
if (isset($_GET['password-reset'], $_GET['token'])) {
|
||||||
|
$user_email = Sanitiser::getEmail($_GET['password-reset']);
|
||||||
|
$user_token = Sanitiser::getSHA1($_GET['token']);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Password reset
|
* Password reset
|
||||||
*/
|
*/
|
||||||
$user = $database
|
$user = $database
|
||||||
->query(
|
->query(
|
||||||
'SELECT * FROM `users`
|
'SELECT * FROM `users`
|
||||||
WHERE `email` = "' . $_GET['password-reset'] . '"
|
WHERE `email` = "' . $user_email . '"
|
||||||
AND `password_reset_token` = "' . $_GET['token'] . '";'
|
AND `password_reset_token` = "' . $user_token . '";'
|
||||||
)
|
)
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
|
@ -80,7 +84,7 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
);
|
);
|
||||||
|
|
||||||
$page->messages[] = Page::success(
|
$page->messages[] = Page::success(
|
||||||
'Password has been successfully reset for <strong>' . $_GET['password-reset'] . '</strong>.',
|
'Password has been successfully reset for <strong>' . $user_email . '</strong>.',
|
||||||
'Success'
|
'Success'
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
|
@ -101,7 +105,7 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
`password`,
|
`password`,
|
||||||
`power`
|
`power`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
"' . $_POST['email'] . '",
|
"' . $user_email . '",
|
||||||
"' . User::generatePassword($_POST['password']) . '",
|
"' . User::generatePassword($_POST['password']) . '",
|
||||||
100
|
100
|
||||||
)
|
)
|
||||||
|
@ -109,7 +113,7 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
);
|
);
|
||||||
$userRegistered = true;
|
$userRegistered = true;
|
||||||
} else {
|
} else {
|
||||||
if (in_array($_POST['email'], $emails)) {
|
if (in_array($user_email, $emails)) {
|
||||||
$page->messages[] = Page::error(
|
$page->messages[] = Page::error(
|
||||||
__('An account with this email address already exists.'),
|
__('An account with this email address already exists.'),
|
||||||
__('Invalid email address')
|
__('Invalid email address')
|
||||||
|
@ -121,7 +125,7 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
`email`,
|
`email`,
|
||||||
`password`
|
`password`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
"' . $_POST['email'] . '",
|
"' . $user_email . '",
|
||||||
"' . User::generatePassword($_POST['password']) . '"
|
"' . User::generatePassword($_POST['password']) . '"
|
||||||
)
|
)
|
||||||
;'
|
;'
|
||||||
|
@ -138,7 +142,7 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
*/
|
*/
|
||||||
if ($userRegistered) {
|
if ($userRegistered) {
|
||||||
$userID = $database->lastInsertID();
|
$userID = $database->lastInsertID();
|
||||||
$wishlistName = __('My hopes and dreams');
|
$wishlistName = Sanitiser::getTitle(__('My hopes and dreams'));
|
||||||
|
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
|
|
Loading…
Reference in a new issue