Open datasiph0n opened 9 years ago
file: classes/users.php function: authenticate($username,$password,$remember = false)
Line 108: $useragent = $_SERVER["HTTP_USER_AGENT"]; Line 116: $insert = $db->insert('users_sessions',array('user_id','ip','useragent','time','last_time','hash','remember'), array($fetch['id'],$ip,$useragent,time(),time(),$cookie_hash,$remember));
adding real_escape_string funtion inside $db->insert() would fix that I guess ?
That or you could sanitize it when you declare $useragent @ line 108.
file: classes/users.php function: authenticate($username,$password,$remember = false)
Line 108: $useragent = $_SERVER["HTTP_USER_AGENT"]; Line 116: $insert = $db->insert('users_sessions',array('user_id','ip','useragent','time','last_time','hash','remember'), array($fetch['id'],$ip,$useragent,time(),time(),$cookie_hash,$remember));