diff options
author | William Desportes <williamdes@wdes.fr> | 2020-01-01 15:54:59 +0300 |
---|---|---|
committer | William Desportes <williamdes@wdes.fr> | 2020-01-01 15:55:06 +0300 |
commit | c86acbf3ed49f69cf38b31879886dd5eb86b6983 (patch) | |
tree | 606a069f7dfb48163116d5901af8484a080d92fe /libraries | |
parent | 9f82b71f69c2db357e21ca419a9de0c78fb6a8a0 (diff) |
Fix sql injection in user exists request
Signed-off-by: William Desportes <williamdes@wdes.fr>
Diffstat (limited to 'libraries')
-rw-r--r-- | libraries/classes/Server/Privileges.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php index c731bdcc93..0e3e4a9fa3 100644 --- a/libraries/classes/Server/Privileges.php +++ b/libraries/classes/Server/Privileges.php @@ -3067,7 +3067,7 @@ class Privileges if (isset($_GET['validate_username'])) { $sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '" - . $_GET['username'] . "';"; + . $GLOBALS['dbi']->escapeString($_GET['username']) . "';"; $res = $GLOBALS['dbi']->query($sql_query); $row = $GLOBALS['dbi']->fetchRow($res); if (empty($row)) { |