diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-09-16 21:46:26 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-09-16 21:46:26 +0200 |
| commit | 036b9e65c9e0a73373ee513b644825df2edf14d7 (patch) | |
| tree | beed40e82df8d1710ef5721a0acb5f362f4972a9 | |
| parent | 0abe1d3eb69e74428e7e081b67b07457804752ef (diff) | |
| download | rpg-036b9e65c9e0a73373ee513b644825df2edf14d7.tar.gz rpg-036b9e65c9e0a73373ee513b644825df2edf14d7.tar.bz2 | |
cleanID on passforgot action #861
darcs-hash:20060916194626-7ad00-2eeb07a509c95359a9bd1b164db4af7279b7f330.gz
| -rw-r--r-- | inc/auth/plain.class.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/inc/auth/plain.class.php b/inc/auth/plain.class.php index d3df1c0dd..87b423b16 100644 --- a/inc/auth/plain.class.php +++ b/inc/auth/plain.class.php @@ -17,6 +17,10 @@ if(isset($_REQUEST['u'])) $_REQUEST['u'] = cleanID($_REQUEST['u']); if(isset($_REQUEST['acl_user'])) $_REQUEST['acl_user'] = cleanID($_REQUEST['acl_user']); +// the same goes for password reset requests +if(isset($_POST['login'])){ + $_POST['login'] = cleanID($_POST['login']); +} class auth_plain extends auth_basic { |