mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-04-08 18:55:09 +02:00
#12798 fixed unauth sql injection in grafana
This commit is contained in:
parent
f084893889
commit
137488ee8c
@ -23,6 +23,9 @@ if ($headers['Authorization']) {
|
||||
|
||||
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
|
||||
|
||||
// Prevent sql injection.
|
||||
$user = mysqli_real_escape_string($config['dbconnection'], $user);
|
||||
|
||||
// Check user login
|
||||
$user_in_db = process_user_login($user, $password, true);
|
||||
|
||||
|
@ -24,6 +24,9 @@ if ($headers['Authorization']) {
|
||||
|
||||
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
|
||||
|
||||
// Prevent sql injection.
|
||||
$user = mysqli_real_escape_string($config['dbconnection'], $user);
|
||||
|
||||
// Check user login
|
||||
$user_in_db = process_user_login($user, $password, true);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user