sanitize the inputs

use meta tag for UTF-8 Japanese

git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/nucleus-jp/branches/branch-3-3@334 1ca29b6e-896d-4ea0-84a5-967f57386b96

diff --git a/utf8/createaccount.php b/utf8/createaccount.php
index e1ca9ab..2b12d19 100644 (file)
--- a/utf8/createaccount.php
+++ b/utf8/createaccount.php
@@ -1,5 +1,5 @@
 <?php
-       include "./config.php";
+       require "./config.php";
        include $DIR_LIBS."ACTION.php";
        
        if (isset ($_POST['showform'])&&$_POST['showform']==1) {
@@ -10,8 +10,9 @@
        }
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja-JP" lang="ja-JP">
 <head>
+       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>Create Member Account</title>
        <style type="text/css">@import url(nucleus/styles/manual.css);</style>
 </head>
@@ -74,7 +75,7 @@
                // if createAccount fails it returns an error message 
                $message = $a->createAccount();
 
-               echo '<span style="font-weight:bold; color:red;">'.$message.'</span><br /><br />'; 
+               echo '<span style="font-weight:bold; color:red;">'.htmlspecialchars($message).'</span><br /><br />'; 
 ?>
        
                <form method="post" action="createaccount.php">
@@ -85,22 +86,22 @@
        
                Login Name (required): 
                <br />
-               <input name="name" size="20" <?php if(isset($_POST['name'])){echo 'value="'.$_POST['name'].'"';}?>/> <small>(only a-z, 0-9)</small>
+               <input name="name" size="20" <?php if(isset($_POST['name'])){echo 'value="'.htmlspecialchars($_POST['name']).'"';}?>/> <small>(only a-z, 0-9)</small>
                <br />
                <br />          
                Real Name (required): 
                <br />
-               <input name="realname" size="40" <?php if(isset($_POST['realname'])){echo 'value="'.$_POST['realname'].'"';}?>/>
+               <input name="realname" size="40" <?php if(isset($_POST['realname'])){echo 'value="'.htmlspecialchars($_POST['realname']).'"';}?>/>
                <br />
                <br />          
                Email (required):
                <br />
-               <input name="email" size="40" <?php if(isset($_POST['email'])){echo 'value="'.$_POST['email'].'"';}?>/> <small>(must be valid, because an activation link will be sent over there)</small>
+               <input name="email" size="40" <?php if(isset($_POST['email'])){echo 'value="'.htmlspecialchars($_POST['email']).'"';}?>/> <small>(must be valid, because an activation link will be sent over there)</small>
                <br />
                <br />          
                URL: 
                <br />
-               <input name="url" size="60" <?php if(isset($_POST['url'])){echo 'value="'.$_POST['url'].'"';}?>/>
+               <input name="url" size="60" <?php if(isset($_POST['url'])){echo 'value="'.htmlspecialchars($_POST['url']).'"';}?>/>
                <br />
                <?php
                // add a Captcha challenge or something else