Commit 48bf7db7 authored by Dries's avatar Dries

- Bugfix: removed redundant check_input()s such that quotes are handled

  properly.  You couldn't use a username or passwords that had quotes.
parent 2719ebde
...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") { ...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") {
*/ */
if (!$user) { if (!$user) {
$name = check_input($edit["name"]); $name = $edit["name"];
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
$user = user_load(array("name" => $name, "pass" => $pass, "status" => 1)); $user = user_load(array("name" => $name, "pass" => $pass, "status" => 1));
} }
...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") { ...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") {
*/ */
if ($server = strrchr($edit["name"], "@")) { if ($server = strrchr($edit["name"], "@")) {
$name = check_input(substr($edit["name"], 0, strlen($edit["name"]) - strlen($server))); $name = substr($edit["name"], 0, strlen($edit["name"]) - strlen($server));
$server = check_input(substr($server, 1)); $server = substr($server, 1);
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
} }
/* /*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful: ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/ */
......
...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") { ...@@ -533,8 +533,8 @@ function user_login($edit = array(), $msg = "") {
*/ */
if (!$user) { if (!$user) {
$name = check_input($edit["name"]); $name = $edit["name"];
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
$user = user_load(array("name" => $name, "pass" => $pass, "status" => 1)); $user = user_load(array("name" => $name, "pass" => $pass, "status" => 1));
} }
...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") { ...@@ -543,11 +543,11 @@ function user_login($edit = array(), $msg = "") {
*/ */
if ($server = strrchr($edit["name"], "@")) { if ($server = strrchr($edit["name"], "@")) {
$name = check_input(substr($edit["name"], 0, strlen($edit["name"]) - strlen($server))); $name = substr($edit["name"], 0, strlen($edit["name"]) - strlen($server));
$server = check_input(substr($server, 1)); $server = substr($server, 1);
$pass = check_input($edit["pass"]); $pass = $edit["pass"];
} }
/* /*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful: ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/ */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment