X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=db07ff35968b8cbb59178f0ba959cbe33d2f0bd1;hp=22b09b64e0cdc2bd530582d019e21d3e5773de18;hb=7c15ca79161bf475e958810a5b585bce869a2af9;hpb=47a45ea9324de396816a9af2d4d12ae8a0d248a7 diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 22b09b64e0..db07ff3596 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -249,8 +249,8 @@ function doAdminAction () { // Default admin action is the overview page $what = 'overview'; } else { - // Compile out some chars - $what = compileCode($what, false, false, false); + // Secure it + $what = secureString($what); } // Get action value @@ -567,9 +567,6 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement // Shall we process this id? It muss not be empty, of course if (($skip === false) && (!empty($id)) && (!isset($GLOBALS['skip_config'][$id]))) { - // Save this entry - $val = compileCode($val); - // Translate the value? (comma to dot!) if ((is_array($translateComma)) && (in_array($id, $translateComma))) { // Then do it here... :) @@ -1156,9 +1153,6 @@ function sendAdminPasswordResetLink ($email) { // Init output $OUT = ''; - // Compile out security characters (must be for looking up!) - $email = compileCode($email); - // Look up administator login $result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); @@ -1197,12 +1191,9 @@ function adminResetValidateHashLogin ($hash, $login) { // By default nothing validates... ;) $valid = false; - // Compile the login for lookup - $login = compileCode($login); - // Then try to find that user $result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", - array($login), __FUNCTION__, __LINE__); + array($login), __FUNCTION__, __LINE__); // Is an account here? if (SQL_NUMROWS($result) == 1) { @@ -1210,7 +1201,7 @@ function adminResetValidateHashLogin ($hash, $login) { $content = SQL_FETCHARRAY($result); // Generate hash again - $hashFromData = generateHash(getConfig('URL').':'.$content['id'].':'.$login.':'.$content['password'], substr($content['password'], 10)); + $hashFromData = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10)); // Does both match? $valid = ($hash == $hashFromData);