From e36f6ee15c645e1101433d52f45817f24aa227d9 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 27 Sep 2021 10:12:08 +0200
Subject: [PATCH] trim email, commen, language, theme before saving in database

---
 SeedDMS_Core/Core/inc.ClassUser.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/SeedDMS_Core/Core/inc.ClassUser.php b/SeedDMS_Core/Core/inc.ClassUser.php
index 309be1abf..727ed960c 100644
--- a/SeedDMS_Core/Core/inc.ClassUser.php
+++ b/SeedDMS_Core/Core/inc.ClassUser.php
@@ -389,7 +389,7 @@ class SeedDMS_Core_User { /* {{{ */
 	function setEmail($newEmail) { /* {{{ */
 		$db = $this->_dms->getDB();
 
-		$queryStr = "UPDATE `tblUsers` SET `email` =".$db->qstr($newEmail)." WHERE `id` = " . $this->_id;
+		$queryStr = "UPDATE `tblUsers` SET `email` =".$db->qstr(trim($newEmail))." WHERE `id` = " . $this->_id;
 		$res = $db->getResult($queryStr);
 		if (!$res)
 			return false;
@@ -410,7 +410,7 @@ class SeedDMS_Core_User { /* {{{ */
 	function setLanguage($newLanguage) { /* {{{ */
 		$db = $this->_dms->getDB();
 
-		$queryStr = "UPDATE `tblUsers` SET `language` =".$db->qstr($newLanguage)." WHERE `id` = " . $this->_id;
+		$queryStr = "UPDATE `tblUsers` SET `language` =".$db->qstr(trim($newLanguage))." WHERE `id` = " . $this->_id;
 		$res = $db->getResult($queryStr);
 		if (!$res)
 			return false;
@@ -431,7 +431,7 @@ class SeedDMS_Core_User { /* {{{ */
 	function setTheme($newTheme) { /* {{{ */
 		$db = $this->_dms->getDB();
 
-		$queryStr = "UPDATE `tblUsers` SET `theme` =".$db->qstr($newTheme)." WHERE `id` = " . $this->_id;
+		$queryStr = "UPDATE `tblUsers` SET `theme` =".$db->qstr(trim($newTheme))." WHERE `id` = " . $this->_id;
 		$res = $db->getResult($queryStr);
 		if (!$res)
 			return false;
@@ -452,7 +452,7 @@ class SeedDMS_Core_User { /* {{{ */
 	function setComment($newComment) { /* {{{ */
 		$db = $this->_dms->getDB();
 
-		$queryStr = "UPDATE `tblUsers` SET `comment` =".$db->qstr($newComment)." WHERE `id` = " . $this->_id;
+		$queryStr = "UPDATE `tblUsers` SET `comment` =".$db->qstr(trim($newComment))." WHERE `id` = " . $this->_id;
 		$res = $db->getResult($queryStr);
 		if (!$res)
 			return false;