Sanitize the session_id/logout_id in captive portal.

1 files changed, 1 insertions, 0 deletions

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 8e20ceb..0145962 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -915,6 +915,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
 function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutReason = "LOGOUT") {
 	global $g, $config;
 
+	$sessionid = SQLite3::escapeString($sessionid);
 	$radiusservers = captiveportal_get_radius_servers();
 
 	/* read database */