fix possible sql injection in public/forgotpass

2025-12-08 22:41:00 +01:00 · 2017-11-20 08:48:18 +03:00 · 2017-11-20 08:48:18 +03:00 · 2352c320c2
commit 2352c320c2
parent 9d930af9e1
1 changed files with 2 additions and 2 deletions
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@ -688,7 +688,7 @@ class Handler_Public extends Handler {
 		@$method = $_POST['method'];
 		if ($hash) {
-			$login = $_REQUEST["login"];
+			$login = $this->dbh->escape_string($_REQUEST["login"]);
 			if ($login) {
 				$result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users