fixed SQL injection as per bug#53\n did not directly merge patch due to abusive login message

2007-02-21 17:41:41 +00:00 · 2007-02-21 17:41:41 +00:00 · d058f9cbb0
parent 2eaa3bff13
commit d058f9cbb0
1 changed files with 3 additions and 3 deletions
--- a/login/index.php
+++ b/login/index.php
@ -13,9 +13,9 @@ function login($args) {
    global $dbhost,$dbuser,$dbpasswd,$dbname;
    global $grid_owner, $gridserver_sendkey, $gridserver_recvkey, $gridserver_url;
    
-    $firstname=$args['first'];
-    $lastname=$args['last'];
-    $passwd=$args['passwd'];
+    $firstname=add_slashes($args['first']);
+    $lastname=add_slashes($args['last']);
+    $passwd=add_slashes($args['passwd']);

    $link = mysql_connect($dbhost,$dbuser,$dbpasswd)
     OR die("Unable to connect to database");