]> git.wh0rd.org Git - tt-rss.git/commitdiff
authenticate_user: properly escape input
authorAndrew Dolgov <fox@bah.org.ru>
Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)
committerAndrew Dolgov <fox@bah.org.ru>
Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)
functions.php

index d9e1869a39be0b1ea538738b655f2ed7f7b87bb5..a1c8315f7ee71ccdea17496e8b6ce41f792ea41d 100644 (file)
 
                        $pwd_hash1 = encrypt_password($password);
                        $pwd_hash2 = encrypt_password($password, $login);
+                       $login = db_escape_string($login);
 
                        if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
                                        && $_SERVER["REMOTE_USER"] && $login != "admin") {