r3795 dismiss escaping, the input will be used in a prepared query
authorDenis Ovsienko <infrastation@yandex.ru>
Thu, 10 Jun 2010 13:48:46 +0000 (13:48 +0000)
committerDenis Ovsienko <infrastation@yandex.ru>
Thu, 10 Jun 2010 13:48:46 +0000 (13:48 +0000)
upgrade.php

index 33b940a..2eecaa1 100644 (file)
@@ -851,7 +851,7 @@ switch ($user_auth_src)
                        !strlen ($_SERVER['PHP_AUTH_USER']) or
                        !isset ($_SERVER['PHP_AUTH_PW']) or
                        !strlen ($_SERVER['PHP_AUTH_PW']) or
-                       !authenticate_admin (escapeString ($_SERVER['PHP_AUTH_USER']), escapeString ($_SERVER['PHP_AUTH_PW']))
+                       !authenticate_admin ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
                )
                {
                        header ('WWW-Authenticate: Basic realm="RackTables upgrade"');