the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2024-09-20 15:45:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added escaping of special characters

Browse source
This commit is contained in:
hifihedgehog 2019-07-26 09:33:31 -04:00 committed by GitHub
parent 4b00ef72d4
commit a6e70256ea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
View file

@ -99,16 +99,16 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha
try
{
$sEmail = $oAccount->Email();
$sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail);
$sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail);
$sEmail = mysqli_real_escape_string($db, $oAccount->Email());
$sEmailUser = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail));
$sEmailDomain = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetDomainFromEmail($sEmail));
$password_check_query = "SELECT * FROM e_users WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
$result = mysqli_query($db, $password_check_query);
$password_check = mysqli_fetch_assoc($result);
if (password_verify($sPrevPassword, substr($password_check['password'], 7))) {
$hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT);
$hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT))
$password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
mysqli_query($db, $password_update_query);
$bResult = true;