/web/intercept.php |
---|
447,7 → 447,7 |
include_once("/etc/freeradius-web/config.php"); |
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php"); |
$user_url=$_GET['userurl']; |
$user_uid=da_sql_escape_string($_GET['uid']); |
$user_uid=$_GET['uid']; |
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid'"; |
$link = @da_sql_pconnect($config); // on affiche pas les erreurs |
if ($link){ |
/CHANGELOG |
---|
1,10 → 1,5 |
# $Id$ |
************ ALCASAR CHANGELOG *********** |
-----------------------3.1.1---------------- |
BUGS |
- Fix SQL injection on public part |
-----------------------3.1------------------- |
NEWS |