From 59478e06c25303a790a0840ab2ac30662c4ef781 Mon Sep 17 00:00:00 2001
From: Hugues Hiegel <root@paranoid>
Date: Tue, 5 Aug 2014 16:46:22 +0200
Subject:  c'est la merde..

---
 program/lib/Roundcube/rcube_user.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'program/lib/Roundcube/rcube_user.php')

diff --git a/program/lib/Roundcube/rcube_user.php b/program/lib/Roundcube/rcube_user.php
index 5e9c9af80..505b190d1 100644
--- a/program/lib/Roundcube/rcube_user.php
+++ b/program/lib/Roundcube/rcube_user.php
@@ -495,9 +495,9 @@ class rcube_user
             "INSERT INTO ".$dbh->table_name('users').
             " (created, last_login, username, mail_host, language)".
             " VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?)",
-            $data['user'],
-            $data['host'],
-            $data['language']);
+            strip_newlines($data['user']),
+            strip_newlines($data['host']),
+            strip_newlines($data['language']));
 
         if ($user_id = $dbh->insert_id('users')) {
             // create rcube_user instance to make plugin hooks work
@@ -517,7 +517,7 @@ class rcube_user
                 if (empty($user_email)) {
                     $user_email = strpos($data['user'], '@') ? $user : sprintf('%s@%s', $data['user'], $mail_domain);
                 }
-                $email_list[] = $user_email;
+                $email_list[] = strip_newlines($user_email);
             }
             // identities_level check
             else if (count($email_list) > 1 && $rcube->config->get('identities_level', 0) > 1) {
@@ -547,6 +547,7 @@ class rcube_user
                     $record['name'] = $user_name != $record['email'] ? $user_name : '';
                 }
 
+                $record['name']     = strip_newlines($record['name']);
                 $record['user_id']  = $user_id;
                 $record['standard'] = $standard;
 
-- 
cgit v1.2.3