plugged sql attack via reset password proc

* it disable reset functionality
author: Eugeniy Mikhailov <evgmik@gmail.com> 2012-12-12 23:07:21 -0500
committer: Eugeniy Mikhailov <evgmik@gmail.com> 2012-12-12 23:07:21 -0500
commit: ef21e1260748745bef11033fcfcc7b9f99731b4a (patch)
tree: 51f776d9f310e6fb6afb0a38cb4881edaa5b8995 /GradeBook_lib.tcl
parent: a6b673042f66ac33c0913d1780e3e3221139dfa7 (diff)
download: GradeBook-ef21e1260748745bef11033fcfcc7b9f99731b4a.tar.gz
GradeBook-ef21e1260748745bef11033fcfcc7b9f99731b4a.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/GradeBook_lib.tcl b/GradeBook_lib.tcl
index 3b5edfb..4813786 100755
--- a/GradeBook_lib.tcl
+++ b/GradeBook_lib.tcl
@@ -1030,6 +1030,8 @@ proc askToLogin {} {
 }
 
 proc ResetForgottenPassword { permission_list user } {
+	return
+	# FIXME work on SelectColValue4User to fix sql attack vector
 	global script_name user_requested
 
 	if { [SelectColValue4User UserName $user_requested] eq "" } {
@@ -1038,7 +1040,9 @@ proc ResetForgottenPassword { permission_list user } {
 		return
 	}
 
+
 	#reset password procedure goes here
+	# FIXME sanitize email
 	set newpassword [GenPassword]
 	Set_New_Password_Non_Web $user_requested $newpassword
 	SendNewPassword2User $user_requested $newpassword
author	Eugeniy Mikhailov <evgmik@gmail.com>	2012-12-12 23:07:21 -0500
committer	Eugeniy Mikhailov <evgmik@gmail.com>	2012-12-12 23:07:21 -0500
commit	ef21e1260748745bef11033fcfcc7b9f99731b4a (patch)
tree	51f776d9f310e6fb6afb0a38cb4881edaa5b8995 /GradeBook_lib.tcl
parent	a6b673042f66ac33c0913d1780e3e3221139dfa7 (diff)
download	GradeBook-ef21e1260748745bef11033fcfcc7b9f99731b4a.tar.gz GradeBook-ef21e1260748745bef11033fcfcc7b9f99731b4a.zip