blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

pref_users: do not escape password to prevent special character

Browse source 
mishandling; remove inconsistent trimming of passwords
This commit is contained in:
Andrew Dolgov 2013-03-27 13:45:10 +04:00
parent be574731fc
commit c72069b098
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
classes/pref/users.php
View file

@ -203,7 +203,7 @@ class Pref_Users extends Handler_Protected {
$uid = db_escape_string($this->link, $_REQUEST["id"]); $uid = db_escape_string($this->link, $_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"]; $access_level = (int) $_REQUEST["access_level"];
$email = db_escape_string($this->link, trim($_REQUEST["email"])); $email = db_escape_string($this->link, trim($_REQUEST["email"]));
$password = db_escape_string($this->link, trim($_REQUEST["password"])); $password = $_REQUEST["password"];
if ($password) { if ($password) {
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);