diff --git a/doc/history.htm b/doc/history.htm
index 224d64b..63faf2f 100644
--- a/doc/history.htm
+++ b/doc/history.htm
@@ -16,6 +16,10 @@
[Doc Home]
+ 2005-12-12
+
Fixed a security bug in user login validation.
+
+
2005-12-05
"Message must contain" filter enhanced. Filtering for multiple words (seperated by spaces) is supported now.
diff --git a/submit.php b/submit.php
index c75a21d..42c562b 100644
--- a/submit.php
+++ b/submit.php
@@ -27,7 +27,20 @@ See AUTHORS to learn who helped make it become a reality.
*/#### #### #### #### #### #### #### #### #### ####
+// Check for speical ysql characters
+function invalid_chars( $string )
+{
+ $bad_list = array("'",'"',"%");
+ foreach( $bad_list as $needle )
+ {
+ if( strpos( $string, $needle ) !== FALSE )
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
// global _DBNAME, _DBUSERID, _DBPWD, _DBSERVER, $session_time;
include 'include.php';
@@ -35,8 +48,7 @@ See AUTHORS to learn who helped make it become a reality.
if( !isset($_POST['save_cookies']))
$_POST['save_cookies'] = 0;
-
- if( stristr($_POST['pass'], "'") || stristr($_POST['pass'], '"') || stristr($_POST['usr'], "'") || stristr($_POST['usr'], '"'))
+ if( invalid_chars( $_POST['usr'] ) || invalid_chars( $_POST['pass'] ) )
{
WriteHead('phpLogCon :: ' , _MSGAccDen, '', '', _MSGAccDen, 0);
print '
..:: ' . _MSGNamInvChr . ' ::..
';
@@ -96,4 +108,4 @@ See AUTHORS to learn who helped make it become a reality.
}
}
-?>
\ No newline at end of file
+?>