From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Mon, 16 Sep 2013 10:49:29 +0000 (+0200)
Subject: [0002340] Fixed problem with login after intallation, when special chars are used... 
X-Git-Tag: 2.3-final~198
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=8812a2432bf847dc654094702eeef4b82e89ccac;p=fa-stable.git

[0002340] Fixed problem with login after intallation, when special chars are used in password.
---

diff --git a/install/isession.inc b/install/isession.inc
index 25a5519c..3c861792 100644
--- a/install/isession.inc
+++ b/install/isession.inc
@@ -39,6 +39,19 @@ function strip_quotes($data)
 	return $data;
 }
 
+function html_cleanup(&$parms)
+{
+	foreach($parms as $name => $value) {
+//		$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+		if (is_array($value))
+			html_cleanup($parms[$name]);
+		else
+			$parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+	}
+	reset($parms); // needed for direct key() usage later throughout the sources
+}
+
+
 function check_page_security($page_security)
 {
 }
@@ -128,6 +141,11 @@ ob_start('output_html',0);
 if (!isset($_SESSION["wa_current_user"]))
 	$_SESSION["wa_current_user"] = new current_user();
 
+html_cleanup($_GET);
+html_cleanup($_POST);
+html_cleanup($_REQUEST);
+html_cleanup($_SERVER);
+
 $SysPrefs = &$_SESSION['SysPrefs'];
 
 // POST vars cleanup needed for direct reuse.