Fixes #3704 displaying error messages when adding users through admin interface

diff --git a/actions/useradd.php b/actions/useradd.php
index 8e588d073e261c9b403c82601cdc786836ff04bb..be08b4be57d51a813f7824e763b7366d9e222bda 100644 (file)
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -20,11 +20,22 @@ if (is_array($admin)) {
        $admin = $admin[0];
 }
 
+// no blank fields
+if ($username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') {
+       register_error(elgg_echo('register:fields'));
+       forward(REFERER);
+}
+
+if (strcmp($password, $password2) != 0) {
+       register_error(elgg_echo('RegistrationException:PasswordMismatch'));
+       forward(REFERER);
+}
+
 // For now, just try and register the user
 try {
        $guid = register_user($username, $password, $name, $email, TRUE);
 
-       if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
+       if ($guid) {
                $new_user = get_entity($guid);
                if (($guid) && ($admin)) {
                        $new_user->makeAdmin();

diff --git a/engine/lib/users.php b/engine/lib/users.php
index 2d6b7cabd9a53c2ee7100a850e317fbcfc3a9490..ce1b409f610c5687cb57a24c42370f8fa2aaf85f 100644 (file)
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -813,6 +813,7 @@ function validate_username($username) {
        if (
                preg_match($blacklist, $username)
        ) {
+               // @todo error message needs work
                throw new RegistrationException(elgg_echo('registration:invalidchars'));
        }
 
@@ -823,6 +824,7 @@ function validate_username($username) {
        for ($n = 0; $n < strlen($blacklist2); $n++) {
                if (strpos($username, $blacklist2[$n]) !== false) {
                        $msg = elgg_echo('registration:invalidchars', array($blacklist2[$n], $blacklist2));
+                       $msg = htmlentities($msg, ENT_COMPAT, 'UTF-8');
                        throw new RegistrationException($msg);
                }
        }

diff --git a/languages/en.php b/languages/en.php
index c4eb212c4e2c6b21d6c6232df2df2499d8ddd52c..f1bc8e3b7dcbff3970c1a5e8c4a8c801ae1bac4d 100644 (file)
--- a/languages/en.php
+++ b/languages/en.php
@@ -473,13 +473,14 @@ $english = array(
        'registerok' => "You have successfully registered for %s.",
        'registerbad' => "Your registration was unsuccessful because of an unknown error.",
        'registerdisabled' => "Registration has been disabled by the system administrator",
+       'register:fields' => 'All fields are required',
 
        'registration:notemail' => 'The email address you provided does not appear to be a valid email address.',
        'registration:userexists' => 'That username already exists',
        'registration:usernametooshort' => 'Your username must be a minimum of %u characters long.',
        'registration:passwordtooshort' => 'The password must be a minimum of %u characters long.',
        'registration:dupeemail' => 'This email address has already been registered.',
-       'registration:invalidchars' => 'Sorry, your username contains the following invalid character: %s.  All of these characters are invalid: %s',
+       'registration:invalidchars' => 'Sorry, your username contains the character %s which is invalid. The following characters are invalid: %s',
        'registration:emailnotvalid' => 'Sorry, the email address you entered is invalid on this system',
        'registration:passwordnotvalid' => 'Sorry, the password you entered is invalid on this system',
        'registration:usernamenotvalid' => 'Sorry, the username you entered is invalid on this system',