diff options
| author | Eugeniy Mikhailov <evgmik@gmail.com> | 2012-12-12 23:07:21 -0500 |
|---|---|---|
| committer | Eugeniy Mikhailov <evgmik@gmail.com> | 2012-12-12 23:07:21 -0500 |
| commit | ef21e1260748745bef11033fcfcc7b9f99731b4a (patch) | |
| tree | 51f776d9f310e6fb6afb0a38cb4881edaa5b8995 | |
| parent | a6b673042f66ac33c0913d1780e3e3221139dfa7 (diff) | |
| download | GradeBook-ef21e1260748745bef11033fcfcc7b9f99731b4a.tar.gz GradeBook-ef21e1260748745bef11033fcfcc7b9f99731b4a.zip | |
plugged sql attack via reset password proc
* it disable reset functionality
| -rwxr-xr-x | GradeBook_lib.tcl | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/GradeBook_lib.tcl b/GradeBook_lib.tcl index 3b5edfb..4813786 100755 --- a/GradeBook_lib.tcl +++ b/GradeBook_lib.tcl @@ -1030,6 +1030,8 @@ proc askToLogin {} { } proc ResetForgottenPassword { permission_list user } { + return + # FIXME work on SelectColValue4User to fix sql attack vector global script_name user_requested if { [SelectColValue4User UserName $user_requested] eq "" } { @@ -1038,7 +1040,9 @@ proc ResetForgottenPassword { permission_list user } { return } + #reset password procedure goes here + # FIXME sanitize email set newpassword [GenPassword] Set_New_Password_Non_Web $user_requested $newpassword SendNewPassword2User $user_requested $newpassword |