Merge pull request #19 from Madriix/main - Fix

diff --git a/plugins/sql_auth/sql_auth.php b/plugins/sql_auth/sql_auth.php
index 20176b7e567b210b89dda60b56869fcbe8c8e22b..69f55ba7115c773c50b22fa5b91daccb39da14d0 100644 (file)
--- a/plugins/sql_auth/sql_auth.php
+++ b/plugins/sql_auth/sql_auth.php
@@ -312,7 +312,7 @@ class sql_auth
                foreach($info as $key => $val)
                {
                        $value = NULL;
-                       if (!$val)
+                       if (!$val || !strlen($val) || BadPtr($val))
                                continue;
                        if (!strcmp($key,"update_fname") && $val != $user->first_name)
                        {

diff --git a/settings/user-edit.php b/settings/user-edit.php
index 8c643970d16e2bcb03601a8abb58aa5bb71f897c..966a38ff1c2116c036db7b03ca1dbe31953f1a48 100644 (file)
--- a/settings/user-edit.php
+++ b/settings/user-edit.php
@@ -37,7 +37,13 @@ if ($postbutton && $can_edit_profile)
     $array['update_email'] = (isset($_POST['email']) && strlen($_POST['email'])) ? $_POST['email'] : false;
     $array['update_pass'] = (isset($_POST['password']) && strlen($_POST['password'])) ? $_POST['password'] : false;
     $array['update_pass_conf'] = (isset($_POST['passwordconfirm']) && strlen($_POST['passwordconfirm'])) ? $_POST['passwordconfirm'] : false;
-    if ($array['update_pass'] == $array['update_pass_conf'])
+
+    if (!$array['update_pass'])
+    {
+        unset($array['update_pass']);
+        unset($array['update_pass_conf']);
+    }
+    elseif ($array['update_pass'] == $array['update_pass_conf'])
     {
         $array['update_pass_conf'] = password_hash($array['update_pass_conf'], PASSWORD_ARGON2ID);
         unset($array['update_pass']);