diff options
Diffstat (limited to 'LedgerSMB')
-rwxr-xr-x | LedgerSMB/Session.pm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/LedgerSMB/Session.pm b/LedgerSMB/Session.pm index d287d199..902e67c4 100755 --- a/LedgerSMB/Session.pm +++ b/LedgerSMB/Session.pm @@ -53,7 +53,7 @@ sub session_check { my ($sessionLogin) = $checkQuery->fetchrow_array; my $login = $form->{login}; - $login =~ s/[^a-zA-Z0-9@.-]//g; + $login =~ s/[^a-zA-Z0-9@_.-]//g; if($sessionLogin eq $login){ $updateAge->execute($sessionid) || $form->dberror('Updating session age: '); @@ -94,7 +94,7 @@ sub session_create { # this is assuming that $form->{login} is safe, which might be a bad assumption # so, I'm going to remove some chars, which might make previously valid logins invalid my $login = $form->{login}; - $login =~ s/[^a-zA-Z0-9@.-]//g; + $login =~ s/[^a-zA-Z0-9@._-]//g; #delete any existing stale sessions with this login if they exist if (!$myconfig{timeout}){ |