Commit: 3b8fa228fc2703fe379ef27edf1b76898db5d3f9 Author: Johannes Schlüter <[email protected]> Thu, 3 Apr 2014 15:52:00 +0200 Parents: 0dc02d4c426cd8a6efb5183f7c66a08b8950e549 Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=3b8fa228fc2703fe379ef27edf1b76898db5d3f9 Log: Improve escaping Changed paths: M forgot.php Diff: diff --git a/forgot.php b/forgot.php index d2e4291..eef660c 100644 --- a/forgot.php +++ b/forgot.php @@ -36,6 +36,8 @@ if ($id && $key) { if ($n1 && $n2) { if ($n1 == $n2) { $sn1 = strip($n1); + $key = mysql_real_escape_string($key); + $id = mysql_real_escape_string($id); $svnpasswd = gen_svn_pass(username_from_forgotten($key, $id), $sn1); $res = @mysql_query("UPDATE users SET forgot=NULL,svnpasswd='$svnpasswd',pchanged=$ts WHERE userid='$id' AND forgot='$key'"); if ($res && mysql_affected_rows()) { -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
