Security: capitalization of mods username is significant

This commit is contained in:
8chan Admin 2014-02-13 01:04:32 +00:00 committed by czaks
parent d310abc95c
commit 93f748e6a8

View File

@ -76,7 +76,7 @@ function generate_salt() {
function login($username, $password) { function login($username, $password) {
global $mod, $config; global $mod, $config;
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE `username` = :username"); $query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");
$query->bindValue(':username', $username); $query->bindValue(':username', $username);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));