From 2352c320c2ed34ec7df1ad22f0c55a1b26489815 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 20 Nov 2017 08:48:18 +0300 Subject: [PATCH] fix possible sql injection in public/forgotpass --- classes/handler/public.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/classes/handler/public.php b/classes/handler/public.php index d3c854ae4..ec41ddb87 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -688,7 +688,7 @@ class Handler_Public extends Handler { @$method = $_POST['method']; if ($hash) { - $login = $_REQUEST["login"]; + $login = $this->dbh->escape_string($_REQUEST["login"]); if ($login) { $result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users @@ -1018,4 +1018,4 @@ class Handler_Public extends Handler { } } } -?> \ No newline at end of file +?>