Update account.login.php

paintballrefjosh / MaNGOSWebV4

This is a continuation of the MaNGOSWebV3 project.

GNU General Public License v3.0

32 stars 48 forks source link

Closed ConradBunton closed 6 years ago

ConradBunton commented 6 years ago

Fix SQL hack vulnerability

ryanschulze commented 6 years ago

Since the code doesn't use prepared statements, I'd suggest using $login instead of $_POST['login'] in the SQL on line 26 as well.

Edit: ignore: I only saw the initial PR, not the update

paintballrefjosh commented 6 years ago

@ryanschulze Good catch. And yes I noticed it too when I updated the pull request as well.