ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use dbEscapeString on username retrieved from jwt to prevent SQL injection

pull/3669/merge
Isaac Connor 2023-02-20 12:10:49 -05:00
parent 119e4e6756
commit decf3e307b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/zm_user.cpp
View File

@ -176,7 +176,7 @@ User *zmLoadTokenUser(const std::string &jwt_token_str, bool use_remote_addr) {
Debug(1, "Inside zmLoadTokenUser, formed key=%s", key.c_str());
std::pair<std::string, unsigned int> ans = verifyToken(jwt_token_str, key);
std::string username = ans.first;
std::string username = zmDbEscapeString(ans.first);
unsigned int iat = ans.second;
Debug(1, "retrieved user '%s' from token", username.c_str());