Skip to content

Commit

Permalink
Merge remote-tracking branch 'security/fix/293-sql-injection' into QA…
Browse files Browse the repository at this point in the history 
…_4_9
  • Loading branch information
@ibennetch
ibennetch committed Jan 7, 2020
2 parents 156231d + c86acbf commit ce10567
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libraries/classes/Server/Privileges.php
View file
Expand Up @@ -3067,7 +3067,7 @@ public static function getExtraDataForAjaxBehavior(

if (isset($_GET['validate_username'])) {
$sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
. $_GET['username'] . "';";
. $GLOBALS['dbi']->escapeString($_GET['username']) . "';";
$res = $GLOBALS['dbi']->query($sql_query);
$row = $GLOBALS['dbi']->fetchRow($res);
if (empty($row)) {
Expand Down

0 comments on commit ce10567

Please sign in to comment.