fix: security patching due to mysql injection vulnerabilities everywhere

This commit is contained in:
Martin Ambrus
2017-10-17 12:21:41 +02:00
parent 74cccb2a74
commit 1654ce498f
10 changed files with 694 additions and 12 deletions
+1 -1
View File
@@ -84,7 +84,7 @@ class Session {
global $database, $generator, $logging;
$this->logged_in = true;
$_SESSION['sessid'] = $generator->generateRandID();
$_SESSION['username'] = $user;
$_SESSION['username'] = $database->escape($user);
$_SESSION['checker'] = $generator->generateRandStr(3);
$_SESSION['mchecker'] = $generator->generateRandStr(5);
$_SESSION['qst'] = $database->getUserField($_SESSION['username'], "quest", 1);