Fixed issue #07851: SQL injection in "user_name" form field (Thanks f…

…romanmu)
LimeSurvey · May 20, 2013 · c735bdb · c735bdb
1 parent 218f6f8
commit c735bdb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/admin/useraction.php b/application/controllers/admin/useraction.php
@@ -95,7 +95,7 @@ function adduser()
         if (empty($new_user)) {
             $aViewUrls['message'] = array('title' => $clang->gT("Failed to add user"), 'message' => $clang->gT("A username was not supplied or the username is invalid."), 'class'=> 'warningheader');
         }
-        elseif (User::model()->find("users_name='$new_user'")) {
+        elseif (User::model()->find("users_name=:users_name",array(':users_name'=>$new_user))) {
             $aViewUrls['message'] = array('title' => $clang->gT("Failed to add user"), 'message' => $clang->gT("The username already exists."), 'class'=> 'warningheader');
         }
         elseif ($valid_email)