22 Feb
2006
22 Feb
'06
10:24 p.m.
User: anarcat Branch: HEAD Date: Wed, 22 Feb 2006 21:24:10 +0000 Modified files: /modules/mysql_auth mysql_auth.module Log message: use the %s parameter to inject the salt, protecting us against SQL injection along the way... i don't know why I thought db_query() would escape the comma, but it seems it doesn't because I tested this and works with the ENCRYPT + salt method Links: http://cvs.drupal.org/diff.php?path=contributions/modules/mysql_auth/mysql_a...