tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-27 07:44:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5322-SQL-Injection-leads-to-Login-Bypass' into 'develop'

Browse Source 
Fixed injection sql in chart_generator

See merge request artica/pandorafms!3024
This commit is contained in:
Daniel Rodriguez 2020-01-24 10:52:02 +01:00
commit 6a35ffa01b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/include/lib/User.php
View File

@ -70,7 +70,7 @@ class User
$this->sessions[$data['phpsessionid']] = 1; $this->sessions[$data['phpsessionid']] = 1;
$info = \db_get_row_filter( $info = \db_get_row_filter(
'tsessions_php', 'tsessions_php',
['id_session' => $data['phpsessionid']] ['id_session' => io_safe_input($data['phpsessionid'])]
); );
if ($info !== false) { if ($info !== false) {