From 93aed26a006c48589f0f81e47c6eaa74c67c268a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 5 Jun 2014 15:18:02 -0400 Subject: [PATCH] escape username and password inside zm_user by rogerroger288 --- src/zm_user.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 1ab27a1a1..36d6dcb5d 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -100,14 +100,18 @@ bool User::canAccess( int monitor_id ) User *zmLoadUser( const char *username, const char *password ) { char sql[ZM_SQL_SML_BUFSIZ] = ""; + char safer_username[200]; + char safer_password[200]; + mysql_real_escape_string(&dbconn, safer_username, username, sizeof safer_username); + mysql_real_escape_string(&dbconn, safer_password, password, sizeof safer_password); if ( password ) { - snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password ); + snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", safer_username, safer_password ); } else { - snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Enabled = 1", username ); + snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Enabled = 1", safer_username ); } if ( mysql_query( &dbconn, sql ) )