Index: branches/5.2.x/core/units/users/users_event_handler.php =================================================================== diff -u -N -r15027 -r15049 --- branches/5.2.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 15027) +++ branches/5.2.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 15049) @@ -1,6 +1,6 @@ getObject( Array ('form_name' => 'login') ); /* @var $object kDBItem */ - $object->SetFieldsFromHash( $this->getSubmittedFields($event) ); + $field_values = $this->getSubmittedFields($event); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); $username = $object->GetDBField('UserLogin'); $password = $object->GetDBField('UserPassword'); $remember_login = $object->GetDBField('UserRememberLogin') == 1; @@ -410,7 +427,7 @@ $this->Application->SetVar($event->getPrefixSpecial(true), Array ($object->GetID() => $field_values)); } - $object->SetFieldsFromHash($field_values); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); $status = $object->isLoaded() ? $object->Update() : $object->Create(); @@ -620,7 +637,8 @@ $object =& $event->getObject( Array ('form_name' => 'recommend') ); /* @var $object kDBItem */ - $object->SetFieldsFromHash( $this->getSubmittedFields($event) ); + $field_values = $this->getSubmittedFields($event); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); if ( !$object->ValidateField('RecommendEmail') ) { $event->status = kEvent::erFAIL; @@ -666,7 +684,7 @@ $object->Load($id); } - $object->SetFieldsFromHash($field_values); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); $object->setID($id); $object->Validate(); } @@ -689,7 +707,8 @@ $object =& $event->getObject( Array ('form_name' => 'subscription') ); /* @var $object UsersItem */ - $object->SetFieldsFromHash( $this->getSubmittedFields($event) ); + $field_values = $this->getSubmittedFields($event); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); if ( !$object->ValidateField('SubscriberEmail') ) { $event->status = kEvent::erFAIL; @@ -822,7 +841,8 @@ $object =& $event->getObject( Array ('form_name' => 'forgot_password') ); /* @var $object kDBItem */ - $object->SetFieldsFromHash( $this->getSubmittedFields($event) ); + $field_values = $this->getSubmittedFields($event); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); $user_object =& $this->Application->recallObject('u.tmp', null, Array('skip_autoload' => true)); /* @var $user_object UsersItem */ @@ -1064,14 +1084,14 @@ { $event->redirect = false; $item_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); - list($id, $fields) = each($item_info); + list($id, $field_values) = each($item_info); $object =& $event->getObject( Array ('skip_autoload' => true) ); /* @var $object kDBItem */ $object->setID($id); $object->IgnoreValidation = true; - $object->SetFieldsFromHash($fields); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); } /** @@ -1200,7 +1220,7 @@ $this->RemoveRequiredFields($object); $object->SetDBField('RootPassword', $this->Application->ConfigValue('RootPass')); - $object->SetFieldsFromHash($field_values); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); $object->setID(-1); if ( $object->Validate() ) { @@ -1218,7 +1238,7 @@ } else { $object =& $event->getObject(); - $object->SetFieldsFromHash($field_values); + $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values)); if ( !$object->Update() ) { $event->status = kEvent::erFAIL;