webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-08-07 17:42:53 +03:00
Code Activity

fix sql injection in pacrypt() when mysql_crypt is in use; see previous commits etc esp in the 2.3 branch

Browse Source 
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1327 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
David Goodwin
2012-01-10 23:03:38 +00:00
parent 1a9104cab4
commit cb640c87c1
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
functions.inc.php
View File

@@ -1099,6 +1099,7 @@ function pacrypt ($pw, $pw_db="") {
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
// this is apparently useful for pam_mysql etc.
elseif ($CONF['encrypt'] == 'mysql_encrypt') {
$pw = escape_string($pw);
if ($pw_db!="") {
$salt=substr($pw_db,0,2);
$res=db_query("SELECT ENCRYPT('".$pw."','".$salt."');");