diff options
Diffstat (limited to 'LedgerSMB')
| -rw-r--r-- | LedgerSMB/IR.pm | 2 | ||||
| -rwxr-xr-x | LedgerSMB/Session/DB.pm | 9 |
2 files changed, 6 insertions, 5 deletions
diff --git a/LedgerSMB/IR.pm b/LedgerSMB/IR.pm index e2de66a3..eec7985c 100644 --- a/LedgerSMB/IR.pm +++ b/LedgerSMB/IR.pm @@ -404,7 +404,7 @@ sub post_invoice { VALUES (?, ?, ?, ?, ?, ?)|; - $sth = $dbh->prepare($query); + my $sth = $dbh->prepare($query); $sth->execute( $ref->{trans_id}, $ref->{inventory_accno_id}, $linetotal, $ref->{transdate}, diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm index 849b4ddf..f94f107f 100755 --- a/LedgerSMB/Session/DB.pm +++ b/LedgerSMB/Session/DB.pm @@ -83,7 +83,8 @@ sub session_check { my ( $sessionLogin, $sessionTransaction ) = $checkQuery->fetchrow_array; my $login = $form->{login}; - $login =~ s/[^a-zA-Z0-9._+@'-]//g; + + $login =~ s/[^a-zA-Z0-9._+\@'-]//g; if ( ( $sessionLogin eq $login ) and ( $sessionTransaction eq $transactionID ) ) @@ -169,7 +170,7 @@ sub session_create { # this is assuming that $form->{login} is safe, which might be a bad assumption # so, I'm going to remove some chars, which might make previously valid logins invalid my $login = $form->{login}; - $login =~ s/[^a-zA-Z0-9._+@'-]//g; + $login =~ s/[^a-zA-Z0-9._+\@'-]//g; #delete any existing stale sessions with this login if they exist if ( !$myconfig{timeout} ) { @@ -210,7 +211,7 @@ sub session_destroy { my ($form) = @_; my $login = $form->{login}; - $login =~ s/[^a-zA-Z0-9._+@'-]//g; + $login =~ s/[^a-zA-Z0-9._+\@'-]//g; # use the central database handle my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; @@ -235,7 +236,7 @@ sub password_check { my ( $form, $username, $password ) = @_; - $username =~ s/[^a-zA-Z0-9._+@'-]//g; + $username =~ s/[^a-zA-Z0-9._+\@'-]//g; # use the central database handle my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; |