[geeklog-cvs] geeklog: addslashes can't hurt ...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Mon Dec 22 05:51:37 EST 2008 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/95c24df5898d
changeset: 6575:95c24df5898d
user:      Dirk Haun <dirk at haun-online.de>
date:      Sun Dec 21 10:06:37 2008 +0100
description:
addslashes can't hurt ...

diffstat:

5 files changed, 5 insertions(+), 5 deletions(-)
plugins/calendar/functions.inc    |    2 +-
plugins/links/functions.inc       |    2 +-
plugins/polls/functions.inc       |    2 +-
plugins/staticpages/functions.inc |    2 +-
system/lib-story.php              |    2 +-

diffs (60 lines):

diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/calendar/functions.inc
--- a/plugins/calendar/functions.inc	Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/calendar/functions.inc	Sun Dec 21 10:06:37 2008 +0100
@@ -1865,7 +1865,7 @@
         $where = '';
         $permOp = 'WHERE';
     } else {
-        $where = " WHERE eid = '$eid'";
+        $where = " WHERE eid = '" . addslashes($eid) . "'";
         $permOp = 'AND';
     }
     if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/links/functions.inc
--- a/plugins/links/functions.inc	Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/links/functions.inc	Sun Dec 21 10:06:37 2008 +0100
@@ -1499,7 +1499,7 @@
         $where = '';
         $permOp = 'WHERE';
     } else {
-        $where = " WHERE lid = '$lid'";
+        $where = " WHERE lid = '" . addslashes($lid) . "'";
         $permOp = 'AND';
     }
     if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/polls/functions.inc
--- a/plugins/polls/functions.inc	Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/polls/functions.inc	Sun Dec 21 10:06:37 2008 +0100
@@ -1174,7 +1174,7 @@
         $where = '';
         $permOp = 'WHERE';
     } else {
-        $where = " WHERE pid = '$pid'";
+        $where = " WHERE pid = '" . addslashes($pid) . "'";
         $permOp = 'AND';
     }
     if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/staticpages/functions.inc
--- a/plugins/staticpages/functions.inc	Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/staticpages/functions.inc	Sun Dec 21 10:06:37 2008 +0100
@@ -1278,7 +1278,7 @@
         $where = '';
         $permOp = 'WHERE';
     } else {
-        $where = " WHERE sp_id = '$sp_id'";
+        $where = " WHERE sp_id = '" . addslashes($sp_id) . "'";
         $permOp = 'AND';
     }
     if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d system/lib-story.php
--- a/system/lib-story.php	Sun Dec 21 10:00:36 2008 +0100
+++ b/system/lib-story.php	Sun Dec 21 10:06:37 2008 +0100
@@ -751,7 +751,7 @@
     if ($sid == '*') {
         $where = ' WHERE';
     } else {
-        $where = " WHERE (sid = '$sid') AND";
+        $where = " WHERE (sid = '" . addslashes($sid) . "') AND";
     }
     $where .= ' (draft_flag = 0) AND (date <= NOW())';
     if ($uid > 0) {

More information about the geeklog-cvs mailing list