Fix really simple injection that enabled one to login. Oops.

aquatix · Apr 1, 2014 · 348c185 · 348c185
1 parent b970319
commit 348c185
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/modules/blog_methods.php b/modules/blog_methods.php
@@ -37,6 +37,11 @@
  */
 function login( $skel, $user, $pass )
 {
+    /* Lets first escape this to prevent injection
+     * @TODO: use mysqli or PDO prepared statements instead */
+    $user = mysql_real_escape_string($user);
+    $pass = mysql_real_escape_string($pass);
+
 	/* verify user/pass combo with db */
 	$query = 'SELECT smplog_user.pass, smplog_user.id FROM smplog_user WHERE smplog_user.username="' . $user . '";';
 	$result = mysql_query( $query, $skel['dbLink'] );

diff --git a/root.php b/root.php
@@ -26,8 +26,8 @@
 /* Enable error reporting */
 //error_reporting( E_ERROR | E_WARNING | E_PARSE | E_NOTICE );
 
-$skel['lastmodified'] = '2013-03-31';
-$skel['page_version'] = '0.8.01';
+$skel['lastmodified'] = '2014-04-01';
+$skel['page_version'] = '0.8.02';
 $skel['dateofcreation'] = '2003-12-22';
 
 $section_name = 'root';
@@ -515,9 +515,9 @@
 	//$page_body .= "Pass<br/><input type=\"password\" name=\"pass\" size=\"16\" maxlength=\"16\" /><br/>\n";
 	//$page_body .= "<br/>\n";
 	$page_body .= "<h3>User</h3>\n";
-	$page_body .= "<p><input type=\"text\" name=\"user\" size=\"16\" maxlength=\"16\" /></p>\n";
+	$page_body .= "<p><input type=\"text\" name=\"user\" size=\"16\" /></p>\n";
 	$page_body .= "<h3>Pass</h3>\n";
-	$page_body .= "<p><input type=\"password\" name=\"pass\" size=\"16\" maxlength=\"16\" /><p>\n";
+	$page_body .= "<p><input type=\"password\" name=\"pass\" size=\"16\" /><p>\n";
 	$page_body .= "<input name=\"loginbtn\" value=\"Login\" type=\"submit\" />\n";
 	$page_body .= "</form>\n";
 	$page_body .= "</div>\n";