fix: escape realname

This commit is contained in:
Baoshuo Ren 2022-09-18 18:51:20 +08:00
parent 09d4fa0515
commit 5253b23848
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A

View File

@ -38,7 +38,7 @@
$register_form->handle = function() {
$new_username = $_POST['new_username'];
$new_password = $_POST['new_password'];
$new_realname = $_POST['new_realname'];
$new_realname = DB::escape($_POST['new_realname']);
$new_password = hash_hmac('md5', $new_password, getPasswordClientSalt());
$new_password = getPasswordToStore($new_password, $new_username);
$svn_pw = uojRandString(10);
@ -99,7 +99,7 @@
);
$change_realname_form->handle = function() {
$r_username = $_POST['r_username'];
$r_realname = $_POST['r_realname'];
$r_realname = DB::escape($_POST['r_realname']);
DB::query("update user_info set realname = '$r_realname' where username = '$r_username'");
};