tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5322-SQL-Injection-leads-to-Login-Bypass' into 'develop' 

Fixed injection sql in chart_generator

See merge request artica/pandorafms!3024
This commit is contained in:
Daniel Rodriguez 2020-01-24 10:52:02 +01:00
parent ea3a317a1b 9f9cc9beda
commit 6a35ffa01b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/include/lib/User.php
View File

@ -70,7 +70,7 @@ class User
$this->sessions[$data['phpsessionid']] = 1;
$info = \db_get_row_filter(
'tsessions_php',
['id_session' => $data['phpsessionid']]
['id_session' => io_safe_input($data['phpsessionid'])]
);
if ($info !== false) {