From: Andrew Dolgov <fox@bah.org.ru>
Date: Mon, 11 May 2009 20:33:40 +0000 (+0400)
Subject: authenticate_user: properly escape input
X-Git-Tag: 1.3.3~7
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=2d969845f99be50bae8b39b48f77c180ca0a6e25;p=tt-rss.git

authenticate_user: properly escape input
---

diff --git a/functions.php b/functions.php
index d9e1869a..a1c8315f 100644
--- a/functions.php
+++ b/functions.php
@@ -1741,6 +1741,7 @@
 
 			$pwd_hash1 = encrypt_password($password);
 			$pwd_hash2 = encrypt_password($password, $login);
+			$login = db_escape_string($login);
 
 			if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
 					&& $_SERVER["REMOTE_USER"] && $login != "admin") {