diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-04-10 20:23:27 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-04-10 20:23:27 +0200 |
| commit | 9442ad15096c779cfc655f81f4decfb8e436a8b2 (patch) | |
| tree | 9812f681f77075aff37b878d013d36a96c4b9f98 /inc/auth | |
| parent | 797ebc997b25173518c4f650b61af5f4dfee416f (diff) | |
| download | rpg-9442ad15096c779cfc655f81f4decfb8e436a8b2.tar.gz rpg-9442ad15096c779cfc655f81f4decfb8e436a8b2.tar.bz2 | |
escape UID in Postgres auth backend FS#1660
Ignore-this: 86a837e91f1f0cdcdcbdea0525901f2
darcs-hash:20090410182327-7ad00-95db727afb77ce34d9b7c2f3d0e99a28fbdfbbd4.gz
Diffstat (limited to 'inc/auth')
| -rw-r--r-- | inc/auth/pgsql.class.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/auth/pgsql.class.php b/inc/auth/pgsql.class.php index 010b0f6d5..a6da56af5 100644 --- a/inc/auth/pgsql.class.php +++ b/inc/auth/pgsql.class.php @@ -196,7 +196,7 @@ class auth_pgsql extends auth_mysql { $sql = $this->cnf['addUserGroup']; if(strpos($sql,'%{uid}') !== false){ $uid = $this->_getUserID($user); - $sql = str_replace('%{uid}', $uid, $sql); + $sql = str_replace('%{uid}', addslashes($uid), $sql); } $sql = str_replace('%{user}', addslashes($user),$sql); $sql = str_replace('%{gid}', addslashes($gid),$sql); |