AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-15 10:14:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

SQL Escape tech username. The username is added to most log entries meaning that a simple apostrophe in the name breaks all logging for the user

Browse Source
This commit is contained in:
Marcus Hill
2023-01-02 14:54:49 +00:00
parent 5460825ece
commit 72fd102e57
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
check_login.php
View File

@@ -32,7 +32,7 @@ $session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id"); $sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$session_name = $row['user_name']; $session_name = mysqli_real_escape_string($mysqli, $row['user_name']);
$session_email = $row['user_email']; $session_email = $row['user_email'];
$session_avatar = $row['user_avatar']; $session_avatar = $row['user_avatar'];
$session_token = $row['user_token']; $session_token = $row['user_token'];