authenticate_user: properly escape input

2025-12-14 14:55:56 +00:00 · 2009-05-12 00:33:40 +04:00
parent f574fec6a6
commit 2d969845f9
1 changed files with 1 additions and 0 deletions
--- a/functions.php
+++ b/functions.php
@@ -1741,6 +1741,7 @@
 			$pwd_hash1 = encrypt_password($password);
 			$pwd_hash2 = encrypt_password($password, $login);
 			$login = db_escape_string($login);
 			if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
 					&& $_SERVER["REMOTE_USER"] && $login != "admin") {