harmacist/vichan
1
0
Fork 0
forked from GithubBackups/vichan
Code Pull Requests Activity

Security: capitalization of mods username is significant

Browse Source
This commit is contained in:
8chan Admin 2014-02-13 01:04:32 +00:00
parent bdff0efeaa
commit 5094e208d5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/mod/auth.php
View File

@ -39,7 +39,7 @@ function login($username, $password, $makehash=true) {
$password = sha1($password); $password = sha1($password);
} }
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE `username` = :username"); $query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE BINARY `username` = :username");
$query->bindValue(':username', $username); $query->bindValue(':username', $username);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));