diff options
| -rw-r--r-- | inc/auth/plain.class.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/inc/auth/plain.class.php b/inc/auth/plain.class.php index d3df1c0dd..87b423b16 100644 --- a/inc/auth/plain.class.php +++ b/inc/auth/plain.class.php @@ -17,6 +17,10 @@ if(isset($_REQUEST['u'])) $_REQUEST['u'] = cleanID($_REQUEST['u']); if(isset($_REQUEST['acl_user'])) $_REQUEST['acl_user'] = cleanID($_REQUEST['acl_user']); +// the same goes for password reset requests +if(isset($_POST['login'])){ + $_POST['login'] = cleanID($_POST['login']); +} class auth_plain extends auth_basic { |