From 2d969845f99be50bae8b39b48f77c180ca0a6e25 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 12 May 2009 00:33:40 +0400 Subject: [PATCH] authenticate_user: properly escape input --- functions.php | 1 + 1 file changed, 1 insertion(+) diff --git a/functions.php b/functions.php index d9e1869a..a1c8315f 100644 --- a/functions.php +++ b/functions.php @@ -1741,6 +1741,7 @@ $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); + $login = db_escape_string($login); if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH && $_SERVER["REMOTE_USER"] && $login != "admin") { -- 2.39.5