Adding Database::escape_string() security fix

main/auth/profile.php

@@ -409,13 +409,13 @@ function upload_user_production($user_id)
  */
 function check_user_password($password)
 {
-    global $_user;
     $user_id = api_get_user_id();
     if ($user_id != strval(intval($user_id)) || empty($password)) {
         return false;
     }
     $table_user = Database :: get_main_table(TABLE_MAIN_USER);
     $password = api_get_encrypted_password($password);
+    $password = Database::escape_string($password);
     $sql_password = "SELECT * FROM $table_user WHERE user_id='".$user_id."' AND password='".$password."'";
     $result = Database::query($sql_password);