From 3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff Mon Sep 17 00:00:00 2001
From: root
Date: Sun, 20 Apr 2014 18:55:24 +0200
Subject: Fixed XSS vulnerability.

---
 www/functions/func_password.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'www/functions/func_password.php')

diff --git a/www/functions/func_password.php b/www/functions/func_password.php
index 3ee496b..e515111 100644
--- a/www/functions/func_password.php
+++ b/www/functions/func_password.php
@@ -4,7 +4,7 @@ function change_password($db, $first_password, $second_password){
 	if($_SESSION["login"]){
 		$username = user_id($db, $_SESSION["username"]);
 	} else {
-		$username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+		$username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
 		$username_ar = $username_db->fetchArray(SQLITE3_NUM);
 		$username = $username_ar[0];
 	}
@@ -30,7 +30,7 @@ function change_password($db, $first_password, $second_password){
 }
 
 function recover_password($db){
-	$test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+	$test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
 	$test_email_ar = $test_email_db->fetchArray(SQLITE3_NUM);
 
 	if($test_email_ar[0] == 1){
@@ -63,7 +63,7 @@ function recover_password($db){
 }
 
 function validate_password($db, $username, $password){
-	$res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString($username)."'");
+	$res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString(htmlentities($username))."'");
 	$res_ar = $res_db->fetchArray(SQLITE3_NUM);
 
 	$pepper = file_get_contents("../database/pepper.txt");
-- 
cgit v1.2.3