chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improved filtering of user_id and login before using them in db

Browse Source
skala
Yannick Warnier 15 years ago
parent 567407e9be
commit 5c4db40533
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/local.inc.php

4
main/inc/local.inc.php
Unescape View File

@ -223,7 +223,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
$user_table = Database::get_main_table(TABLE_MAIN_USER); $user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date $sql = "SELECT user_id, username, password, auth_source, active, expiration_date
FROM $user_table FROM $user_table
WHERE username = '".trim(addslashes($login))."'"; WHERE username = '".Database::escape_string($login)."'";
$result = Database::query($sql); $result = Database::query($sql);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
@ -277,7 +277,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
//Check if user is an admin //Check if user is an admin
$sql = "SELECT user_id FROM $admin_table $sql = "SELECT user_id FROM $admin_table
WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; WHERE user_id = '".intval($uData['user_id'])."' LIMIT 1";
$result = Database::query($sql); $result = Database::query($sql);
$my_user_is_admin = false; $my_user_is_admin = false;

Write Preview
Loading…
Cancel
Save