diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-09-01 21:12:42 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-09-01 21:13:03 -0700 |
| commit | 064038a24fe10c63328a3b9f679a8a7fd80f6b0e (patch) | |
| tree | af235a6f1d46be3b0dcebdba63808c1838b9d981 /installer/installer.php | |
| parent | d5cd6a92e7f9b88b76cfa5e4b8104a701e58c9f0 (diff) | |
Escape backslashes (\) in the $salt in create_admin() as they will
interfere with our hand rolled UPDATE statement. Big thanks to
paulepanter.
Diffstat (limited to 'installer/installer.php')
| -rw-r--r-- | installer/installer.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/installer/installer.php b/installer/installer.php index 7173a7ee..7fed25c7 100644 --- a/installer/installer.php +++ b/installer/installer.php @@ -127,7 +127,8 @@ class installer { $salt .= chr($char); } $password = substr(md5(time() * rand()), 0, 6); - $hashed_password = $salt . md5($salt . $password); + // Escape backslash in preparation for our UPDATE statement. + $hashed_password = str_replace("\\", "\\\\", $salt . md5($salt . $password)); $sql = self::prepend_prefix($config["prefix"], "UPDATE {users} SET `password` = '$hashed_password' WHERE `id` = 2"); if (mysql_query($sql)) { |