There is a security related bug fix with pop_profile.asp. The issue is serious enough to compromise the security of a board. It affects version 3.4.07 only, since previous versions don't use the code with the security problem,
Lines #1162-1195,
Else
'Comment out down to the next comment to let it take me@example.com and/or .ex as well
'strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & chkString(Request.Form("Email"),"sqlstring") & "'"
'set rsSpam = my_Conn.Execute (strsql)
'If Not rsSpam.EOF Then
' Err_Msg = Err_Msg & "<li>You cannot register with '" & chkString(Request.Form("Email"),"sqlstring") & "'.</li>"
'End If
'Dim strMailTLD : strMailTLD = LCase(Mid(Request.Form("Email"),InStrRev(Request.Form("Email"),".")))
'strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailTLD & "'"
'set rsSpam = my_Conn.Execute (strsql)
'If Not rsSpam.EOF Then
' Err_Msg = Err_Msg & "<li>You cannot register with a '" & strMailTLD & "' email address.</li>"
'End If
'Comment out up to the previous comment to let it take me@example.com and/or .ex as well
strMailDomain = LCase(Mid(Request.Form("Email"),InStrRev(Request.Form("Email"),"@")))
strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailDomain & "'"
set rsSpam = my_Conn.Execute (strsql)
If Not rsSpam.EOF Then
Err_Msg = Err_Msg & "<li>You cannot register with an '" & strMailDomain & "' email address.</li>"
End If
rsSpam.close
Set rsSpam = Nothing
end if
if EmailField(Request.Form("Email")) = 0 then
Err_Msg = Err_Msg & "<li>You Must enter a valid e-mail address</li>"
end if
should be replaced by
else
if EmailField(Request.Form("Email")) = 0 then
Err_Msg = Err_Msg & "<li>You Must enter a valid e-mail address</li>"
else
strMailDomain = LCase(Mid(Request.Form("Email"),InStrRev(Request.Form("Email"),"@")))
strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailDomain & "'"
set rsSpam = my_Conn.Execute (strsql)
If Not rsSpam.EOF Then
Err_Msg = Err_Msg & "<li>You cannot register with an '" & strMailDomain & "' email address.</li>"
End If
rsSpam.close
Set rsSpam = Nothing
end if
end if
Any questions, please post on the General Help forum.