From: niekt0 <niekt0@kyberia.cz>
Date: Thu, 13 Jan 2011 16:53:50 +0000 (+0100)
Subject: security fix (sqli)
X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=0f3e30ba49a0ecdce3b731dfd2cc6ef7d50d2e9d;p=mirrors%2FKyberia-bloodline.git

security fix (sqli)
---

diff --git a/wwwroot/inc/eventz/reset_password.inc b/wwwroot/inc/eventz/reset_password.inc
index 0f657e4..ade11ee 100644
--- a/wwwroot/inc/eventz/reset_password.inc
+++ b/wwwroot/inc/eventz/reset_password.inc
@@ -1,11 +1,11 @@
 <?php
 function reset_password() {
     global $db,$error;
-    $login = $_POST['login'];
-    $login_type = $_POST['login_type'];
-    $vercode = $_POST['vercode'];
-    $password1 = $_POST['new_password1'];
-    $password2 = $_POST['new_password2'];
+    $login = mysql_real_escape_string($_POST['login']);
+    $login_type = mysql_real_escape_string($_POST['login_type']);
+    $vercode = mysql_real_escape_string($_POST['vercode']);
+    $password1 = mysql_real_escape_string($_POST['new_password1']);
+    $password2 = mysql_real_escape_string($_POST['new_password2']);
 
     if ($login == '') {
         $error="Please enter name or id";
@@ -44,12 +44,13 @@ function reset_password() {
         return false;
     }
 
+    // XXX fix
     $password = md5($password1);
     $q="update users set password='$password' where user_id='$user_id'";
     $db->query($q);
 
-    require(INCLUDE_DIR.'ldap.inc');
-    LDAPuser::change_pass_forced($user_id,$password1);
+//    require(INCLUDE_DIR.'ldap.inc');
+//    LDAPuser::change_pass_forced($user_id,$password1);
 
     $error="Password changed. Now you can login with your new password.";
     return false;