[geeklog-cvs] geeklog: CR and LF are now removed from the submitted password w...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Feb 6 14:14:28 EST 2010
changeset 7699:f7799009105c
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/f7799009105c
user: Dirk Haun <dirk at haun-online.de>
date: Sat Feb 06 19:53:52 2010 +0100
description:
CR and LF are now removed from the submitted password when a user logs in (for bug #0000799)
diffstat:
public_html/docs/history | 2 ++
system/lib-security.php | 2 ++
2 files changed, 4 insertions(+), 0 deletions(-)
diffs (24 lines):
diff -r 55674b7f2a42 -r f7799009105c public_html/docs/history
--- a/public_html/docs/history Sat Feb 06 18:12:38 2010 +0100
+++ b/public_html/docs/history Sat Feb 06 19:53:52 2010 +0100
@@ -3,6 +3,8 @@
Apr ??, 2010 (1.6.2)
------------
+- CR and LF are now removed from the submitted password when a user logs in
+ (for bug #0000799) [Dirk]
- Changed the label for the $_CONF['disable_autolinks'] config option to read
"Disable Autotags" and updated the documentation (bug #0000912) [Dirk]
- Changed the 'gravatar_rating' config option to a dropdown since it only
diff -r 55674b7f2a42 -r f7799009105c system/lib-security.php
--- a/system/lib-security.php Sat Feb 06 18:12:38 2010 +0100
+++ b/system/lib-security.php Sat Feb 06 19:53:52 2010 +0100
@@ -705,6 +705,8 @@
{
global $_CONF, $_TABLES, $LANG01;
+ $password = str_replace(array("\015", "\012"), '', $password);
+
$result = DB_query("SELECT status, passwd, email, uid FROM {$_TABLES['users']} WHERE username='$username' AND ((remoteservice is null) or (remoteservice = ''))");
$tmp = DB_error();
$nrows = DB_numRows($result);
More information about the geeklog-cvs
mailing list