diff -urN drupal-4.6-orig/modules/contact.module drupal-4.6/modules/contact.module --- drupal-4.6-orig/modules/contact.module Mon Apr 11 13:06:13 2005 +++ drupal-4.6/modules/contact.module Sun May 1 20:57:39 2005 @@ -45,6 +45,9 @@ if ($type == 'form' && $category == 'account') { return array(array('title' => t('Contact settings'), 'data' => form_checkbox(t('Personal contact form'), 'contact', 1, $edit['contact'], t('Allow other users to contact you by e-mail via your personal contact form. Note that your e-mail address is not made public and that privileged users such as site administrators are able to contact you even if you choose not to enable this feature.', array('%url' => "user/$user->uid/contact"))), 'weight' => 2)); } + if ($type == 'saveform' && $category == 'account') { + return array('contact'); + } if ($type == 'validate') { return array('contact' => $edit['contact']); } diff -urN drupal-4.6-orig/modules/profile.module drupal-4.6/modules/profile.module --- drupal-4.6-orig/modules/profile.module Tue Apr 12 00:50:41 2005 +++ drupal-4.6/modules/profile.module Sun May 1 22:05:24 2005 @@ -389,13 +389,11 @@ switch ($type) { case 'load': return profile_load_profile($user); - case 'register': - return profile_form_profile($edit, $user, $category); - case 'update': - case 'insert': + case 'saveform': return profile_save_profile($edit, $user, $category); case 'view': return profile_view_profile($user); + case 'register': case 'form': return profile_form_profile($edit, $user, $category); case 'validate': diff -urN drupal-4.6-orig/modules/user.module drupal-4.6/modules/user.module --- drupal-4.6-orig/modules/user.module Sun May 1 11:34:44 2005 +++ drupal-4.6/modules/user.module Sat May 7 01:56:00 2005 @@ -453,6 +453,10 @@ return user_edit_form(arg(1), $edit); } + if ($type == 'saveform' && $category == 'account') { + return array('roles')+user_fields(); + } + if ($type == 'validate' && $category == 'account') { return user_edit_validate(arg(1), $edit); } @@ -974,6 +978,25 @@ // TODO: Is this necessary? Won't session_write() replicate this? unset($edit['session']); + //check the data before saving + $names = array(); + foreach (module_list() as $module) { + $function = $module .'_user'; + if (function_exists($function) && $data = $function('saveform',$edit, $account, 'account')) { + $names = array_merge($data, $names); + } + } + if($diff = array_diff(array_keys($edit),$names)) { + $security = false; + foreach($diff as $key) { + if(($edit[$key]!==null)) { + drupal_set_message($key); + unset($edit[$key]); + $security = true; + } + } + ($security)?watchdog('security', t('Detected malicious attempt to save data.'), WATCHDOG_WARNING):null; + } $account = user_save('', array_merge(array('name' => $edit['name'], 'pass' => $pass, 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)), $edit)); watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit')); @@ -1142,7 +1165,25 @@ watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); } else { - user_save($account, $edit, $category); + //check the data before saving + $names = array(); + foreach (module_list() as $module) { + $function = $module .'_user'; + if (function_exists($function) && $data = $function('saveform',$edit, $account, $category)) { + $names = array_merge($data, $names); + } + } + if($diff = array_diff(array_keys($edit),$names)) { + $security = false; + foreach($diff as $key) { + if(($edit[$key]!==null)) { + unset($edit[$key]); + $security = true; + } + } + ($security)?watchdog('security', t('Detected malicious attempt to save data.'), WATCHDOG_WARNING):null; + } + user_save($account, $edit, $category); // Delete that user's menu cache. cache_clear_all('menu:'. $account->uid, TRUE); drupal_set_message(t('The changes have been saved.'));