From dad8768685efbdac799e53000fc5dfae32ab8e4b Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Thu, 12 Oct 2006 18:40:41 +0000
Subject: [PATCH] r1248: Fixing a SQL injection on login.php

---
 docs/changes.txt | 4 ++++
 login.php        | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/changes.txt b/docs/changes.txt
index 724a60c..16c75fb 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -1,3 +1,7 @@
+1.1.2
+===============================
+- Fixed a SQL injection on login.php (http://www.bluestatic.org/bugs/showreport.php?bugid=36)
+
 1.1.1
 ===============================
 - Registration email functions do not work because they are not ISSO2/Mail compatible [register.php]
diff --git a/login.php b/login.php
index d7abdda..583988f 100755
--- a/login.php
+++ b/login.php
@@ -2,7 +2,7 @@
 /*=====================================================================*\
 || ###################################################################
 || # Bugdar [#]version[#]
-|| # Copyright ©2002-[#]year[#] Blue Static
+|| # Copyright 2002-[#]year[#] Blue Static
 || #
 || # This program is free software; you can redistribute it and/or modify
 || # it under the terms of the GNU General Public License as published by
@@ -62,7 +62,7 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
 		$url = 'index.php';
 	}
 	
-	$userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "'");
+	$userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->input_escape('email') . "'");
 	if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password'])
 	{
 		if (!$bugsys->userinfo['userid'])
-- 
2.22.5