properly escape login and password in login_sequence() (refs #392)

diff --git a/functions.php b/functions.php
index 498750851cecf5bcb3d0767186d0d95729ab8717..10f8e034efb818667364ee946ac65cf9c8867ca5 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -2110,8 +2110,8 @@
 
                        # try to authenticate user if called from login form
                        if ($login_action == "do_login") {
-                               $login = $_POST["login"];
-                               $password = $_POST["password"];
+                               $login = db_escape_string($_POST["login"]);
+                               $password = db_escape_string($_POST["password"]);
                                $remember_me = $_POST["remember_me"];
 
                                if (authenticate_user($link, $login, $password)) {

diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php
index 838c722c39ac672e900eb7ae36209eef4264b29d..2ab79db0161d3459989d40719ea9aaae5294eb8b 100644 (file)
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -21,9 +21,9 @@
 
                if ($subop == "change-password") {
 
-                       $old_pw = $_POST["old_password"];
-                       $new_pw = $_POST["new_password"];
-                       $con_pw = $_POST["confirm_password"];
+                       $old_pw = db_escape_string($_POST["old_password"]);
+                       $new_pw = db_escape_string($_POST["new_password"]);
+                       $con_pw = db_escape_string($_POST["confirm_password"]);
 
                        if ($old_pw == "") {
                                print "ERROR: ".__("Old password cannot be blank.");