public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-15 12:05:57 +00:00
Code Issues Releases Wiki Activity

fix possible sql injection in public/forgotpass

Browse Source
This commit is contained in:
Andrew Dolgov
2017-11-20 08:48:18 +03:00
parent 9d930af9e1
commit 2352c320c2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
classes/handler/public.php
View File

@@ -688,7 +688,7 @@ class Handler_Public extends Handler {
@$method = $_POST['method']; @$method = $_POST['method'];
if ($hash) { if ($hash) {
$login = $_REQUEST["login"]; $login = $this->dbh->escape_string($_REQUEST["login"]);
if ($login) { if ($login) {
$result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users $result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users
@@ -1018,4 +1018,4 @@ class Handler_Public extends Handler {
} }
} }
} }
?> ?>