Skip to content
This repository has been archived by the owner on Jan 1, 2018. It is now read-only.

Commit

Permalink
- sql injection
Browse files Browse the repository at this point in the history 
Fixed possible sql injection issue
  • Loading branch information
@LucasKovacs
LucasKovacs committed Jan 28, 2016
1 parent b1f700f commit 4d18375
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/2.10.9/upload/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,12 @@
switch ( ( isset ( $_GET['page'] ) ) )
{
case'lostpassword':
function sendnewpassword($mail)
function sendnewpassword($_mail)
{
global $lang;

$mail = mysql_real_escape_string($_mail);

$ExistMail = doquery("SELECT `email` FROM {{table}} WHERE `email` = '". $mail ."' LIMIT 1;", 'users', TRUE);

if (empty($ExistMail['email']))
Expand Down

0 comments on commit 4d18375

Please sign in to comment.