r1248: Fixing a SQL injection on login.php

diff --git a/docs/changes.txt b/docs/changes.txt
index 724a60cb0d7052e41f14dff17f44c51cf17d14e4..16c75fbda8abd619c5bcff6b328b0aa4095be7b2 100644 (file)
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -1,3 +1,7 @@
+1.1.2
+===============================
+- Fixed a SQL injection on login.php (http://www.bluestatic.org/bugs/showreport.php?bugid=36)
+
 1.1.1
 ===============================
 - Registration email functions do not work because they are not ISSO2/Mail compatible [register.php]

diff --git a/login.php b/login.php
index d7abdda08e3d5fe7b3861991b694641f26d5a852..583988fca3e99b479c4fff8f1931e145fecafdbf 100755 (executable)
--- a/login.php
+++ b/login.php
@@ -2,7 +2,7 @@
 /*=====================================================================*\
 || ###################################################################
 || # Bugdar [#]version[#]
-|| # Copyright ©2002-[#]year[#] Blue Static
+|| # Copyright 2002-[#]year[#] Blue Static
 || #
 || # This program is free software; you can redistribute it and/or modify
 || # it under the terms of the GNU General Public License as published by
@@ -62,7 +62,7 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
                $url = 'index.php';
        }
        
-       $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "'");
+       $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->input_escape('email') . "'");
        if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password'])
        {
                if (!$bugsys->userinfo['userid'])