Skip to content

Commit

Permalink
Escape user token during API authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
@cedric-anne @trasher
cedric-anne authored and trasher committed Nov 3, 2022
1 parent 8505fbf commit 7cbb2d5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/Api/API.php
View file
Expand Up @@ -282,7 +282,7 @@ protected function initSession($params = [])

$noAuto = true;
if (isset($params['user_token']) && !empty($params['user_token'])) {
$_REQUEST['user_token'] = $params['user_token'];
$_REQUEST['user_token'] = Sanitizer::dbEscape($params['user_token']);
$noAuto = false;
} else if (!$CFG_GLPI['enable_api_login_credentials']) {
$this->returnError(
Expand Down

0 comments on commit 7cbb2d5

Please sign in to comment.