#12752 fixed sql injection

2024-01-19 09:21:57 +01:00 · 2024-01-19 09:21:57 +01:00 · ae9b786dd5
parent 5ade3a9e82
commit ae9b786dd5
1 changed files with 4 additions and 1 deletions
--- a/pandora_console/extensions/grafana/index.php
+++ b/pandora_console/extensions/grafana/index.php
@ -23,7 +23,10 @@ if ($headers['X-DS-Authorization']) {

        list($user, $password) = explode(':', base64_decode($headers['X-DS-Authorization']));

-        // Check user login
+        // Prevent sql injection.
+        $user = mysqli_real_escape_string($config['dbconnection'], $user);
+
+        // Check user login.
        $user_in_db = process_user_login($user, $password, true);

    if ($user_in_db !== false) {