diff options
| author | Michael Tänzer <neo@nhng.de> | 2014-04-30 23:47:33 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2014-05-01 02:11:07 +0200 |
| commit | 554493552e248fcd15d5523a5904ca38eda44680 (patch) | |
| tree | bd3ff6a7aa6422ac9186e721f6170969c2e9e326 | |
| parent | cff85b0ea8cdd4d7249d23206339a85d06e24419 (diff) | |
| download | cacert-devel-554493552e248fcd15d5523a5904ca38eda44680.tar.gz cacert-devel-554493552e248fcd15d5523a5904ca38eda44680.tar.xz cacert-devel-554493552e248fcd15d5523a5904ca38eda44680.zip | |
bug 1138: Avoid double escaping.
These session variables should be local variables as they aren't needed
anywhere else
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | includes/account.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/account.php b/includes/account.php index b9ee7d1..9f5946f 100644 --- a/includes/account.php +++ b/includes/account.php @@ -1325,8 +1325,8 @@ function buildSubjectFromSession() { } //!!!Should be rewritten - $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); - $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin'])))); + $_SESSION['_config']['user']['otphash'] = trim(stripslashes(strip_tags($_REQUEST['otphash']))); + $_SESSION['_config']['user']['otppin'] = trim(stripslashes(strip_tags($_REQUEST['otppin']))); if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "") { $query = "update `users` set `otphash`='".mysql_real_escape_string($_SESSION['_config']['user']['otphash'])."', |