From fac93bf28bc4aba3b00aec5dc99075a67cb10df5 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Sun, 15 Jan 2012 11:22:31 +0000
Subject: [PATCH] functions.inc.php: - pacrypt(): escape_string() $salt for
 mysql_encrypt to be on the safe side

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1333 a1433add-5e2c-0410-b055-b7f2511e0802
---
 functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions.inc.php b/functions.inc.php
index f76a7c8f..cbf819ad 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -1191,7 +1191,7 @@ function pacrypt ($pw, $pw_db="")
     {
         $pw = escape_string($pw);
         if ($pw_db!="") {
-            $salt=substr($pw_db,0,2);
+            $salt=escape_string(substr($pw_db,0,2));
             $res=db_query("SELECT ENCRYPT('".$pw."','".$salt."');");
         } else {
             $res=db_query("SELECT ENCRYPT('".$pw."');");