Browse Source

fix possible sql injection in public/forgotpass

Andrew Dolgov 2 years ago
parent
commit
2352c320c2
1 changed files with 2 additions and 2 deletions
  1. 2 2
      classes/handler/public.php

+ 2 - 2
classes/handler/public.php

@@ -688,7 +688,7 @@ class Handler_Public extends Handler {
 		@$method = $_POST['method'];
 
 		if ($hash) {
-			$login = $_REQUEST["login"];
+			$login = $this->dbh->escape_string($_REQUEST["login"]);
 
 			if ($login) {
 				$result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users
@@ -1018,4 +1018,4 @@ class Handler_Public extends Handler {
 		}
 	}
 }
-?>
+?>