diff options
author | Andrew Dolgov <[email protected]> | 2009-05-12 00:33:40 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2009-05-12 00:33:40 +0400 |
commit | 2d969845f99be50bae8b39b48f77c180ca0a6e25 (patch) | |
tree | 0aee650a62f4534056e51979e460d410b3520a76 | |
parent | f574fec6a6cd32f8c1582399cb4796974327df96 (diff) |
authenticate_user: properly escape input
-rw-r--r-- | functions.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/functions.php b/functions.php index d9e1869a3..a1c8315f7 100644 --- a/functions.php +++ b/functions.php @@ -1741,6 +1741,7 @@ $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); + $login = db_escape_string($login); if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH && $_SERVER["REMOTE_USER"] && $login != "admin") { |