I add $db->escape to key
** Changed in: aikiframework
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Aiki
Framework Admins, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/871885
Title:
SQL injection in reset password key
Status in Aiki Framework:
Fix Committed
Bug description:
in membership.php file in function NewPassword there is
$update = $db->query("update aiki_users set password = '$password'
where randkey = '".$_POST['key']."'");
Is this function in use?
To manage notifications about this bug go to:
https://bugs.launchpad.net/aikiframework/+bug/871885/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~aikiframework.admins
Post to : [email protected]
Unsubscribe : https://launchpad.net/~aikiframework.admins
More help : https://help.launchpad.net/ListHelp
