diff options
| author | Andrew Dolgov <[email protected]> | 2011-11-22 10:43:24 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2011-11-22 10:43:24 +0400 |
| commit | 92decf4f2ddb0c822e8d333ae66f4014f0bee253 (patch) | |
| tree | 153bf30ddf3b57e9a2dfec0413ed640c8193016d | |
| parent | b9d55377248bde2bd0b11a4323215e3d69711fb7 (diff) | |
properly escape login and password in login_sequence() (refs #392)
| -rw-r--r-- | functions.php | 4 | ||||
| -rw-r--r-- | modules/pref-prefs.php | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/functions.php b/functions.php index 498750851..10f8e034e 100644 --- a/functions.php +++ b/functions.php @@ -2110,8 +2110,8 @@ # try to authenticate user if called from login form if ($login_action == "do_login") { - $login = $_POST["login"]; - $password = $_POST["password"]; + $login = db_escape_string($_POST["login"]); + $password = db_escape_string($_POST["password"]); $remember_me = $_POST["remember_me"]; if (authenticate_user($link, $login, $password)) { diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index 838c722c3..2ab79db01 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -21,9 +21,9 @@ if ($subop == "change-password") { - $old_pw = $_POST["old_password"]; - $new_pw = $_POST["new_password"]; - $con_pw = $_POST["confirm_password"]; + $old_pw = db_escape_string($_POST["old_password"]); + $new_pw = db_escape_string($_POST["new_password"]); + $con_pw = db_escape_string($_POST["confirm_password"]); if ($old_pw == "") { print "ERROR: ".__("Old password cannot be blank."); |