authenticate_user: properly escape input

author: Andrew Dolgov <fox@bah.org.ru> 2009-05-12 00:33:40 +0400
committer: Andrew Dolgov <fox@bah.org.ru> 2009-05-12 00:33:40 +0400
commit: 2d969845f99be50bae8b39b48f77c180ca0a6e25 (patch)
tree: 0aee650a62f4534056e51979e460d410b3520a76
parent: f574fec6a6cd32f8c1582399cb4796974327df96 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/functions.php b/functions.php
index d9e1869a3..a1c8315f7 100644
--- a/functions.php
+++ b/functions.php
@@ -1741,6 +1741,7 @@
 
 			$pwd_hash1 = encrypt_password($password);
 			$pwd_hash2 = encrypt_password($password, $login);
+			$login = db_escape_string($login);
 
 			if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
 					&& $_SERVER["REMOTE_USER"] && $login != "admin") {
author	Andrew Dolgov <fox@bah.org.ru>	2009-05-12 00:33:40 +0400
committer	Andrew Dolgov <fox@bah.org.ru>	2009-05-12 00:33:40 +0400
commit	2d969845f99be50bae8b39b48f77c180ca0a6e25 (patch)
tree	0aee650a62f4534056e51979e460d410b3520a76
parent	f574fec6a6cd32f8c1582399cb4796974327df96 (diff)