summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-04-30 23:47:33 +0200
committerMichael Tänzer <neo@nhng.de>2014-05-01 02:11:07 +0200
commit554493552e248fcd15d5523a5904ca38eda44680 (patch)
treebd3ff6a7aa6422ac9186e721f6170969c2e9e326
parentcff85b0ea8cdd4d7249d23206339a85d06e24419 (diff)
downloadcacert-devel-554493552e248fcd15d5523a5904ca38eda44680.tar.gz
cacert-devel-554493552e248fcd15d5523a5904ca38eda44680.tar.xz
cacert-devel-554493552e248fcd15d5523a5904ca38eda44680.zip
bug 1138: Avoid double escaping.
These session variables should be local variables as they aren't needed anywhere else Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/account.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/account.php b/includes/account.php
index b9ee7d1..9f5946f 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -1325,8 +1325,8 @@ function buildSubjectFromSession() {
}
//!!!Should be rewritten
- $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
- $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
+ $_SESSION['_config']['user']['otphash'] = trim(stripslashes(strip_tags($_REQUEST['otphash'])));
+ $_SESSION['_config']['user']['otppin'] = trim(stripslashes(strip_tags($_REQUEST['otppin'])));
if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
{
$query = "update `users` set `otphash`='".mysql_real_escape_string($_SESSION['_config']['user']['otphash'])."',