Revision: 1327
http://mrbs.svn.sourceforge.net/mrbs/?rev=1327&view=rev
Author: cimorrison
Date: 2010-04-15 15:09:13 +0000 (Thu, 15 Apr 2010)
Log Message:
-----------
Added missing SQL escaping
Modified Paths:
--------------
mrbs/trunk/web/auth_db.inc
Modified: mrbs/trunk/web/auth_db.inc
===================================================================
--- mrbs/trunk/web/auth_db.inc 2010-04-15 13:59:43 UTC (rev 1326)
+++ mrbs/trunk/web/auth_db.inc 2010-04-15 15:09:13 UTC (rev 1327)
@@ -65,7 +65,7 @@
return 0;
}
- return max (0, sql_query1("SELECT level FROM $tbl_users WHERE name='$user'
LIMIT 1"));
+ return max (0, sql_query1("SELECT level FROM $tbl_users WHERE name='" .
addslashes($user) . "' LIMIT 1"));
// The max is used to cover the case when there's an SQL Query error (ie
-1), probably because
// the database hasn't yet been upgraded and there's no 'level' column. In
that case we want
// to return 0 (ie the user has no rights)
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
