diff options
| author | Brett Profitt <brett.profitt@gmail.com> | 2012-04-18 20:22:54 -0700 |
|---|---|---|
| committer | Brett Profitt <brett.profitt@gmail.com> | 2012-04-18 20:22:54 -0700 |
| commit | 8aad9f081b9fd83f8cd8358547234fbdcdaf9611 (patch) | |
| tree | 98ec37f919182a4c0c582752614443ea4d648ca1 /actions/login.php | |
| parent | f2a80038cddec5ed86b3dd9edb31cf07e3376de8 (diff) | |
| download | elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.gz elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.bz2 | |
Fixes #1301. Not filtering passwords.
Diffstat (limited to 'actions/login.php')
| -rw-r--r-- | actions/login.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/actions/login.php b/actions/login.php index 256e78acb..ea7fb3508 100644 --- a/actions/login.php +++ b/actions/login.php @@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { } $username = get_input('username'); -$password = get_input("password"); -$persistent = get_input("persistent", FALSE); -$result = FALSE; +$password = get_input('password', null, false); +$persistent = get_input("persistent", false); +$result = false; if (empty($username) || empty($password)) { register_error(elgg_echo('login:empty')); @@ -28,7 +28,7 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } |