diff options
author | Andrew Dolgov <[email protected]> | 2011-11-22 10:43:24 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-11-22 10:43:24 +0400 |
commit | 92decf4f2ddb0c822e8d333ae66f4014f0bee253 (patch) | |
tree | 153bf30ddf3b57e9a2dfec0413ed640c8193016d /modules | |
parent | b9d55377248bde2bd0b11a4323215e3d69711fb7 (diff) |
properly escape login and password in login_sequence() (refs #392)
Diffstat (limited to 'modules')
-rw-r--r-- | modules/pref-prefs.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index 838c722c3..2ab79db01 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -21,9 +21,9 @@ if ($subop == "change-password") { - $old_pw = $_POST["old_password"]; - $new_pw = $_POST["new_password"]; - $con_pw = $_POST["confirm_password"]; + $old_pw = db_escape_string($_POST["old_password"]); + $new_pw = db_escape_string($_POST["new_password"]); + $con_pw = db_escape_string($_POST["confirm_password"]); if ($old_pw == "") { print "ERROR: ".__("Old password cannot be blank."); |