Skip to content
Snippets Groups Projects
Commit 48bf7db7 authored by Dries Buytaert's avatar Dries Buytaert
Browse files

- Bugfix: removed redundant check_input()s such that quotes are handled 

  properly.  You couldn't use a username or passwords that had quotes.
parent 2719ebde
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Hide whitespace changes
Inline Side-by-side
modules/user.module
+ 6
6
View file @ 48bf7db7
...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") { ...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") {
*/ */
if (!$user) { if (!$user) {
$name = check_input($edit["name"]); $name = $edit["name"];
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
$user = user_load(array("name" => $name, "pass" => $pass, "status" => 1)); $user = user_load(array("name" => $name, "pass" => $pass, "status" => 1));
} }
...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") { ...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") {
*/ */
if ($server = strrchr($edit["name"], "@")) { if ($server = strrchr($edit["name"], "@")) {
$name = check_input(substr($edit["name"], 0, strlen($edit["name"]) - strlen($server))); $name = substr($edit["name"], 0, strlen($edit["name"]) - strlen($server));
$server = check_input(substr($server, 1)); $server = substr($server, 1);
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
} }
/* /*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful: ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/ */
......
modules/user/user.module
+ 6
6
View file @ 48bf7db7
...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") { ...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") {
*/ */
if (!$user) { if (!$user) {
$name = check_input($edit["name"]); $name = $edit["name"];
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
$user = user_load(array("name" => $name, "pass" => $pass, "status" => 1)); $user = user_load(array("name" => $name, "pass" => $pass, "status" => 1));
} }
...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") { ...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") {
*/ */
if ($server = strrchr($edit["name"], "@")) { if ($server = strrchr($edit["name"], "@")) {
$name = check_input(substr($edit["name"], 0, strlen($edit["name"]) - strlen($server))); $name = substr($edit["name"], 0, strlen($edit["name"]) - strlen($server));
$server = check_input(substr($server, 1)); $server = substr($server, 1);
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
} }
/* /*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful: ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/ */
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment