[Aikiframework.admins] [Bug 871885] Re: SQL injection in reset password key

Bassel Safadi Mon, 09 Jan 2012 05:16:05 -0800

yes Jakub that fixes it also all $_POST and $_GET get escaped in input
class


** Changed in: aikiframework
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Aiki
Framework Admins, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/871885

Title:
  SQL injection in reset password key

Status in Aiki Framework:
  Fix Released

Bug description:
  in membership.php file in function NewPassword there is

  $update = $db->query("update aiki_users set password = '$password'
  where randkey = '".$_POST['key']."'");

  Is this function in use?

To manage notifications about this bug go to:
https://bugs.launchpad.net/aikiframework/+bug/871885/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~aikiframework.admins
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~aikiframework.admins
More help   : https://help.launchpad.net/ListHelp

[Aikiframework.admins] [Bug 871885] Re: SQL injection in reset password key

Reply via email to