From 62e25488daa4f857f717d2687e820091ffaa8a13 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Fri, 19 Dec 2014 12:21:38 -0500
Subject: [PATCH] Merge remote-tracking branch 'ispc/master' into new-layout-3.1

---
 interface/web/login/password_reset.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index f2e4e95..5eac46a 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -54,7 +54,7 @@
 	$username = $app->db->quote($_POST['username']);
 	$email = $app->db->quote($_POST['email']);
 
-	$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = '$username' AND client.email = '$email' AND client.client_id = sys_user.client_id");
+	$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
 
 	if($client['lost_password_function'] == 0) {
 		$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']);

--
Gitblit v1.9.1