From 756b8360e90c4884f1bd6d7e84656c24b450eee7 Mon Sep 17 00:00:00 2001
From: Falko Timme <ft@falkotimme.com>
Date: Fri, 28 Nov 2014 06:15:29 -0500
Subject: [PATCH] Merge branch 'master' of git.ispconfig.org:ispconfig/ispconfig3

---
 interface/web/login/password_reset.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index f2e4e95..5eac46a 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -54,7 +54,7 @@
 	$username = $app->db->quote($_POST['username']);
 	$email = $app->db->quote($_POST['email']);
 
-	$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = '$username' AND client.email = '$email' AND client.client_id = sys_user.client_id");
+	$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
 
 	if($client['lost_password_function'] == 0) {
 		$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']);

--
Gitblit v1.9.1