minus (or hyphen) sign in email

ziansw · **Joined:** Thu Jan 31, 2008 4:41 pm **Posts:** 5

One of my users was trying to signup with minus sign in email address ([email protected]). A2billing (or PHP?) stripped off the minus sign. That is, [email protected] became [email protected] and a2billing sent email to [email protected]. Please help me, how can I preserve special characters in email address.

stavros · **Posted:** Thu Apr 24, 2008 4:27 pm

I can confirm this is a problem, but I've not had any luck yet finding where the hypens are being stripped out. Clues gratefully accepted. :wall:

xrg · **Posted:** Thu Apr 24, 2008 9:09 pm

It is the getpost_ifset() calling sanitize()...

That was one of the major changes from v1.3 to v200.

stavros · **Posted:** Thu Apr 24, 2008 10:08 pm

D'uh! Thanks for that xrg. I couldn't see the wood for the trees. Of course, it's removing SQL comments for safety.

ziansw, this isn't easily fixed. A workaround would be to use your SQL client to manually correct that user's email address in the cc_card table, and hope that you don't get many other users with two consecutive hyphens.

And look forward to the release of v200 at some point. Are you excited? I am. :laugh:

ziansw · **Joined:** Thu Jan 31, 2008 4:41 pm **Posts:** 5

xrg wrote:

It is the getpost_ifset() calling sanitize()...

That was one of the major changes from v1.3 to v200.

Yes, it was in sanitize() function (in lib/Misc.php). Thanks for your help.

stavros · **Posted:** Mon Apr 28, 2008 5:08 pm

Please be aware that if you've changed sanitize() to accept '--' as a valid string, you've opened yourself to SQL injection attacks; it's possible you may wake up one day to find someone dropped all your tables, or worse.

stavros · **Posted:** Tue Apr 29, 2008 10:56 pm

It's not often you see SQL injection related comedy, so I couldn't resist sharing this here.

provided by Star2Billing S.L.

minus (or hyphen) sign in email

Who is online