maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

don't db->escape the password for makeCryptPassword as its result is being db->escaped anyway; refs #852

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-04-14 11:56:01 +02:00
parent 1c0937f29b
commit 271e4a660b
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
customer_email.php
View File

@@ -458,7 +458,7 @@ elseif($page == 'accounts')
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
}
$cryptPassword = makeCryptPassword($db->escape($password),1);
$cryptPassword = makeCryptPassword($password, 1);
$email_user=substr($email_full,0,strrpos($email_full,"@"));
$email_domain=substr($email_full,strrpos($email_full,"@")+1);
@@ -607,7 +607,7 @@ elseif($page == 'accounts')
$password = validatePassword($password);
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
$cryptPassword = makeCryptPassword($db->escape($password),1);
$cryptPassword = makeCryptPassword($password,1);
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
}