From 554bd796dc7aed67b6810e2ae3f30ba66bf263e3 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Fri, 3 Jun 2011 11:24:22 +0200
Subject: includes/sys_auth: Add sql_escape, just to be safe

---
 includes/sys_auth.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'includes/sys_auth.php')

diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 68e336b0..009be2d8 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -19,7 +19,10 @@ function load_auth() {
 		if (count($user) > 0) {
 			// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
 			list ($user) = $user;
-			sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;");
+			sql_query("UPDATE `User` SET "
+				. "`lastLogIn` = '" . time() . "'"
+				. " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
+			);
 		} else
 			unset ($_SESSION['uid']);
 	}
@@ -52,4 +55,4 @@ function PassCrypt($passwort) {
 			return md5($passwort);
 	}
 }
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.3-54-g00ecf