+1.1.2
+===============================
+- Fixed a SQL injection on login.php (http://www.bluestatic.org/bugs/showreport.php?bugid=36)
+
1.1.1
===============================
- Registration email functions do not work because they are not ISSO2/Mail compatible [register.php]
/*=====================================================================*\
|| ###################################################################
|| # Bugdar [#]version[#]
-|| # Copyright ©2002-[#]year[#] Blue Static
+|| # Copyright 2002-[#]year[#] Blue Static
|| #
|| # This program is free software; you can redistribute it and/or modify
|| # it under the terms of the GNU General Public License as published by
$url = 'index.php';
}
- $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "'");
+ $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->input_escape('email') . "'");
if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password'])
{
if (!$bugsys->userinfo['userid'])