From 92decf4f2ddb0c822e8d333ae66f4014f0bee253 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Tue, 22 Nov 2011 10:43:24 +0400
Subject: properly escape login and password in login_sequence() (refs #392)

---
 functions.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index 498750851..10f8e034e 100644
--- a/functions.php
+++ b/functions.php
@@ -2110,8 +2110,8 @@
 
 			# try to authenticate user if called from login form
 			if ($login_action == "do_login") {
-				$login = $_POST["login"];
-				$password = $_POST["password"];
+				$login = db_escape_string($_POST["login"]);
+				$password = db_escape_string($_POST["password"]);
 				$remember_me = $_POST["remember_me"];
 
 				if (authenticate_user($link, $login, $password)) {
-- 
cgit v1.2.3