Fixes #1301. Not filtering passwords.

author: Brett Profitt <brett.profitt@gmail.com> 2012-04-18 20:22:54 -0700
committer: Brett Profitt <brett.profitt@gmail.com> 2012-04-18 20:22:54 -0700
commit: 8aad9f081b9fd83f8cd8358547234fbdcdaf9611 (patch)
tree: 98ec37f919182a4c0c582752614443ea4d648ca1 /actions/login.php
parent: f2a80038cddec5ed86b3dd9edb31cf07e3376de8 (diff)
download: elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.gz
elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.bz2
1 files changed, 4 insertions, 4 deletions
diff --git a/actions/login.php b/actions/login.php
index 256e78acb..ea7fb3508 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
 }
 
 $username = get_input('username');
-$password = get_input("password");
-$persistent = get_input("persistent", FALSE);
-$result = FALSE;
+$password = get_input('password', null, false);
+$persistent = get_input("persistent", false);
+$result = false;
 
 if (empty($username) || empty($password)) {
 	register_error(elgg_echo('login:empty'));
@@ -28,7 +28,7 @@ if (empty($username) || empty($password)) {
 }
 
 // check if logging in with email address
-if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
 	$username = $users[0]->username;
 }
author	Brett Profitt <brett.profitt@gmail.com>	2012-04-18 20:22:54 -0700
committer	Brett Profitt <brett.profitt@gmail.com>	2012-04-18 20:22:54 -0700
commit	8aad9f081b9fd83f8cd8358547234fbdcdaf9611 (patch)
tree	98ec37f919182a4c0c582752614443ea4d648ca1 /actions/login.php
parent	f2a80038cddec5ed86b3dd9edb31cf07e3376de8 (diff)
download	elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.gz elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.bz2