properly escape login and password in login_sequence() (refs #392)
This commit is contained in:
Andrew Dolgov
parent
b9d5537724
commit
92decf4f2d
|
|
@ -2110,8 +2110,8 @@
|
||||||
|
|
||||||
# try to authenticate user if called from login form
|
# try to authenticate user if called from login form
|
||||||
if ($login_action == "do_login") {
|
if ($login_action == "do_login") {
|
||||||
$login = $_POST["login"];
|
$login = db_escape_string($_POST["login"]);
|
||||||
$password = $_POST["password"];
|
$password = db_escape_string($_POST["password"]);
|
||||||
$remember_me = $_POST["remember_me"];
|
$remember_me = $_POST["remember_me"];
|
||||||
|
|
||||||
if (authenticate_user($link, $login, $password)) {
|
if (authenticate_user($link, $login, $password)) {
|
||||||
|
|
|
||||||
|
|
@ -21,9 +21,9 @@
|
||||||
|
|
||||||
if ($subop == "change-password") {
|
if ($subop == "change-password") {
|
||||||
|
|
||||||
$old_pw = $_POST["old_password"];
|
$old_pw = db_escape_string($_POST["old_password"]);
|
||||||
$new_pw = $_POST["new_password"];
|
$new_pw = db_escape_string($_POST["new_password"]);
|
||||||
$con_pw = $_POST["confirm_password"];
|
$con_pw = db_escape_string($_POST["confirm_password"]);
|
||||||
|
|
||||||
if ($old_pw == "") {
|
if ($old_pw == "") {
|
||||||
print "ERROR: ".__("Old password cannot be blank.");
|
print "ERROR: ".__("Old password cannot be blank.");
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue