From 92decf4f2ddb0c822e8d333ae66f4014f0bee253 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Tue, 22 Nov 2011 10:43:24 +0400
Subject: properly escape login and password in login_sequence() (refs #392)

---
 modules/pref-prefs.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/pref-prefs.php')

diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php
index 838c722c3..2ab79db01 100644
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -21,9 +21,9 @@
 
 		if ($subop == "change-password") {
 
-			$old_pw = $_POST["old_password"];
-			$new_pw = $_POST["new_password"];
-			$con_pw = $_POST["confirm_password"];
+			$old_pw = db_escape_string($_POST["old_password"]);
+			$new_pw = db_escape_string($_POST["new_password"]);
+			$con_pw = db_escape_string($_POST["confirm_password"]);
 
 			if ($old_pw == "") {
 				print "ERROR: ".__("Old password cannot be blank.");
-- 
cgit v1.2.3