fix possible sql injection in public/forgotpass

master
Andrew Dolgov 7 years ago
parent 9d930af9e1
commit 2352c320c2

@ -688,7 +688,7 @@ class Handler_Public extends Handler {
@$method = $_POST['method']; @$method = $_POST['method'];
if ($hash) { if ($hash) {
$login = $_REQUEST["login"]; $login = $this->dbh->escape_string($_REQUEST["login"]);
if ($login) { if ($login) {
$result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users $result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users

Loading…
Cancel
Save