Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.682
diff -u -p -r1.682 user.module
--- modules/user/user.module	17 Sep 2006 19:14:16 -0000	1.682
+++ modules/user/user.module	24 Sep 2006 21:12:07 -0000
@@ -1207,7 +1207,8 @@ function user_register_submit($form_id, 
   if (isset($form_values['roles'])) {
     $roles = array_filter($form_values['roles']);     // Remove unset roles
   }
-
+  //the unset below is needed to prevent these form values from being saved as user data
+  unset($form_values['submit'], $form_values['notify'], $form_values['form_id'], $form_values['affiliates'], $form_values['destination'], $form_values['op']);  
   if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) {
     watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
     return 'user/register';