From 4044a5fa5265cab619dd47e2000f90dc2e455fbe Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 22 Nov 2011 11:05:12 +0400 Subject: [PATCH] remove pointless escaping of the password (refs #392) --- api/index.php | 4 ++-- functions.php | 2 +- modules/pref-prefs.php | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/api/index.php b/api/index.php index 4a5c1bb3..333eb0dc 100644 --- a/api/index.php +++ b/api/index.php @@ -80,8 +80,8 @@ case "login": $login = db_escape_string($_REQUEST["user"]); - $password = db_escape_string($_REQUEST["password"]); - $password_base64 = db_escape_string(base64_decode($_REQUEST["password"])); + $password = $_REQUEST["password"]; + $password_base64 = base64_decode($_REQUEST["password"]); if (SINGLE_USER_MODE) $login = "admin"; diff --git a/functions.php b/functions.php index 10f8e034..730b20c8 100644 --- a/functions.php +++ b/functions.php @@ -2111,7 +2111,7 @@ # try to authenticate user if called from login form if ($login_action == "do_login") { $login = db_escape_string($_POST["login"]); - $password = db_escape_string($_POST["password"]); + $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; if (authenticate_user($link, $login, $password)) { diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index 2ab79db0..838c722c 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -21,9 +21,9 @@ if ($subop == "change-password") { - $old_pw = db_escape_string($_POST["old_password"]); - $new_pw = db_escape_string($_POST["new_password"]); - $con_pw = db_escape_string($_POST["confirm_password"]); + $old_pw = $_POST["old_password"]; + $new_pw = $_POST["new_password"]; + $con_pw = $_POST["confirm_password"]; if ($old_pw == "") { print "ERROR: ".__("Old password cannot be blank.");