From 036b9e65c9e0a73373ee513b644825df2edf14d7 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 16 Sep 2006 21:46:26 +0200
Subject: [PATCH] cleanID on passforgot action #861

darcs-hash:20060916194626-7ad00-2eeb07a509c95359a9bd1b164db4af7279b7f330.gz
---
 inc/auth/plain.class.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/auth/plain.class.php b/inc/auth/plain.class.php
index d3df1c0dd..87b423b16 100644
--- a/inc/auth/plain.class.php
+++ b/inc/auth/plain.class.php
@@ -17,6 +17,10 @@ if(isset($_REQUEST['u']))
   $_REQUEST['u'] = cleanID($_REQUEST['u']);
 if(isset($_REQUEST['acl_user']))
   $_REQUEST['acl_user'] = cleanID($_REQUEST['acl_user']);
+// the same goes for password reset requests
+if(isset($_POST['login'])){
+  $_POST['login'] = cleanID($_POST['login']);
+}
 
 class auth_plain extends auth_basic {
 
-- 
GitLab