functions.inc.php:

- pacrypt(): escape_string() $salt for mysql_encrypt to be on the safe side git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1333 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago · fac93bf28b
parent bf0892aa9c
commit fac93bf28b
1 changed files with 1 additions and 1 deletions
--- a/functions.inc.php
+++ b/functions.inc.php
@ -1191,7 +1191,7 @@ function pacrypt ($pw, $pw_db="")
    {
        $pw = escape_string($pw);
        if ($pw_db!="") {
-            $salt=substr($pw_db,0,2);
+            $salt=escape_string(substr($pw_db,0,2));
            $res=db_query("SELECT ENCRYPT('".$pw."','".$salt."');");
        } else {
            $res=db_query("SELECT ENCRYPT('".$pw."');");