Merge branch 'ent-12798-unauth-sql-injection' into 'develop'
Ent 12798 Unauth SQL Injection See merge request artica/pandorafms!6897
This commit is contained in:
commit
8feab8ab45
|
@ -23,6 +23,9 @@ if ($headers['Authorization']) {
|
|||
|
||||
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
|
||||
|
||||
// Prevent sql injection.
|
||||
$user = mysqli_real_escape_string($config['dbconnection'], $user);
|
||||
|
||||
// Check user login
|
||||
$user_in_db = process_user_login($user, $password, true);
|
||||
|
||||
|
|
|
@ -24,6 +24,9 @@ if ($headers['Authorization']) {
|
|||
|
||||
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
|
||||
|
||||
// Prevent sql injection.
|
||||
$user = mysqli_real_escape_string($config['dbconnection'], $user);
|
||||
|
||||
// Check user login
|
||||
$user_in_db = process_user_login($user, $password, true);
|
||||
|
||||
|
|
Loading…
Reference in New Issue