]> git.wh0rd.org Git - tt-rss.git/commitdiff
fix possible sql injection in public/forgotpass
authorAndrew Dolgov <noreply@fakecake.org>
Mon, 20 Nov 2017 05:48:18 +0000 (08:48 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Mon, 20 Nov 2017 05:48:18 +0000 (08:48 +0300)
classes/handler/public.php

index d3c854ae47a143402e285229dff198e700319032..ec41ddb87b8d8e6c06cfdd0187f46fc19c3dce70 100644 (file)
@@ -688,7 +688,7 @@ class Handler_Public extends Handler {
                @$method = $_POST['method'];
 
                if ($hash) {
-                       $login = $_REQUEST["login"];
+                       $login = $this->dbh->escape_string($_REQUEST["login"]);
 
                        if ($login) {
                                $result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users
@@ -1018,4 +1018,4 @@ class Handler_Public extends Handler {
                }
        }
 }
-?>
\ No newline at end of file
+?>