db_escape_string: specify link parameter for consistency; sessions: do not force...

[tt-rss.git] / classes / auth / base.php

diff --git a/classes/auth/base.php b/classes/auth/base.php
index aa9d657a448de1f0b6bd5c3e1833205fff5d66ac..ad7ff36461b8d338c1eba7e4e37dcc772327fdd7 100644 (file)
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -21,7 +21,7 @@ class Auth_Base {
                        $user_id = $this->find_user_by_login($login);
 
                        if (!$user_id) {
-                               $login = db_escape_string($login);
+                               $login = db_escape_string($this->link, $login);
                                $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                                $pwd_hash = encrypt_password($password, $salt, true);
 
@@ -42,7 +42,7 @@ class Auth_Base {
        }
 
        function find_user_by_login($login) {
-               $login = db_escape_string($login);
+               $login = db_escape_string($this->link, $login);
 
                $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
                        login = '$login'");