summaryrefslogtreecommitdiff
path: root/www/api
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2013-06-11 22:33:34 +0200
committerBenny Baumann <BenBE@geshi.org>2013-06-11 22:33:34 +0200
commit216271b2501cba5ac2724c56588fa62c725d1d69 (patch)
tree92ac053ba899c2195f411eff5bd8d01cb869c337 /www/api
parent0913b852c9e7a335cc2700f6f7d573565218c9dc (diff)
parentf0318d79dbc69e444fee4c085cdb3ee152318e1c (diff)
downloadcacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.gz
cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.xz
cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.zip
Merge branch 'bug-1162' into testserver-stable
Conflicts: www/wot.php
Diffstat (limited to 'www/api')
-rw-r--r--www/api/cemails.php4
-rw-r--r--www/api/edu.php2
2 files changed, 3 insertions, 3 deletions
diff --git a/www/api/cemails.php b/www/api/cemails.php
index 0d067ea..bdb3363 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -15,8 +15,8 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $username = mysql_escape_string($_REQUEST['username']);
- $password = mysql_escape_string($_REQUEST['password']);
+ $username = mysql_real_escape_string($_REQUEST['username']);
+ $password = mysql_real_escape_string($_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
$res = mysql_query($query);
diff --git a/www/api/edu.php b/www/api/edu.php
index 27b7b1b..80a4e79 100644
--- a/www/api/edu.php
+++ b/www/api/edu.php
@@ -20,7 +20,7 @@
if ($ipadress=='72.36.220.19' && $_SERVER['HTTPS']=="on")
{
- $serial=mysql_escape_string($_REQUEST["serial"]);
+ $serial=mysql_real_escape_string($_REQUEST["serial"]);
$root=intval($_REQUEST["root"]);
$sql="select memid from emailcerts where serial='$serial' and rootcert='$root'";