- fixes #5541

Author: Marius Burkard

interface/lib/app.inc.php

@@ -356,8 +356,8 @@ private function get_cookie_domain() {
 			$forwarded_host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : null );
 			if($forwarded_host !== null && $forwarded_host !== $cookie_domain) {
 				// Just check for complete domain name and not auto subdomains
-				$sql = "SELECT domain_id from web_domain where domain = '$forwarded_host'";
-				$recs = $this->db->queryOneRecord($sql);
+				$sql = "SELECT domain_id from web_domain where domain = ?";
+				$recs = $this->db->queryOneRecord($sql, $forwarded_host);
 				if($recs !== null) {
 					$cookie_domain = $forwarded_host;
 				}