authenticate_user: properly escape input

author Andrew Dolgov <fox@bah.org.ru>

Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)

committer Andrew Dolgov <fox@bah.org.ru>

Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)
author Andrew Dolgov <fox@bah.org.ru>
Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)
committer Andrew Dolgov <fox@bah.org.ru>
Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)
diff --git a/functions.php b/functions.php

index d9e1869a39be0b1ea538738b655f2ed7f7b87bb5..a1c8315f7ee71ccdea17496e8b6ce41f792ea41d 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -1741,6 +1741,7 @@
  
                         $pwd_hash1 = encrypt_password($password);
                         $pwd_hash2 = encrypt_password($password, $login);
+                       $login = db_escape_string($login);
  
                         if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
                                         && $_SERVER["REMOTE_USER"] && $login != "admin") {
author	Andrew Dolgov <fox@bah.org.ru>
	Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)
committer	Andrew Dolgov <fox@bah.org.ru>
	Mon, 11 May 2009 20:33:40 +0000 (00:33 +0400)