tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sanitize sql inputs

This commit is contained in:
alejandro.campos@artica.es 2022-01-12 14:11:10 +01:00
parent 4899d68ec2
commit c93a758111
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/include/functions_api.php
View File

@ -16559,7 +16559,11 @@ function api_get_user_info($thrash1, $thrash2, $other, $returnType)
$other = json_decode(base64_decode($other['data']), true);
$sql = 'select * from tusuario where id_user = "'.$other[0]['id_user'].'" and password = "'.$other[0]['password'].'"';
$sql = sprintf(
'SELECT * FROM tusuario WHERE id_user = "%s" and password = "%s"',
mysql_escape_string_sql($other[0]['id_user']),
mysql_escape_string_sql($other[0]['password'])
);
$user_info = db_get_all_rows_sql($sql);