[geeklog-cvs] geeklog: addslashes can't hurt ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon Dec 22 05:51:37 EST 2008
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/95c24df5898d
changeset: 6575:95c24df5898d
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 21 10:06:37 2008 +0100
description:
addslashes can't hurt ...
diffstat:
5 files changed, 5 insertions(+), 5 deletions(-)
plugins/calendar/functions.inc | 2 +-
plugins/links/functions.inc | 2 +-
plugins/polls/functions.inc | 2 +-
plugins/staticpages/functions.inc | 2 +-
system/lib-story.php | 2 +-
diffs (60 lines):
diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/calendar/functions.inc
--- a/plugins/calendar/functions.inc Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/calendar/functions.inc Sun Dec 21 10:06:37 2008 +0100
@@ -1865,7 +1865,7 @@
$where = '';
$permOp = 'WHERE';
} else {
- $where = " WHERE eid = '$eid'";
+ $where = " WHERE eid = '" . addslashes($eid) . "'";
$permOp = 'AND';
}
if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/links/functions.inc
--- a/plugins/links/functions.inc Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/links/functions.inc Sun Dec 21 10:06:37 2008 +0100
@@ -1499,7 +1499,7 @@
$where = '';
$permOp = 'WHERE';
} else {
- $where = " WHERE lid = '$lid'";
+ $where = " WHERE lid = '" . addslashes($lid) . "'";
$permOp = 'AND';
}
if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/polls/functions.inc
--- a/plugins/polls/functions.inc Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/polls/functions.inc Sun Dec 21 10:06:37 2008 +0100
@@ -1174,7 +1174,7 @@
$where = '';
$permOp = 'WHERE';
} else {
- $where = " WHERE pid = '$pid'";
+ $where = " WHERE pid = '" . addslashes($pid) . "'";
$permOp = 'AND';
}
if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d plugins/staticpages/functions.inc
--- a/plugins/staticpages/functions.inc Sun Dec 21 10:00:36 2008 +0100
+++ b/plugins/staticpages/functions.inc Sun Dec 21 10:06:37 2008 +0100
@@ -1278,7 +1278,7 @@
$where = '';
$permOp = 'WHERE';
} else {
- $where = " WHERE sp_id = '$sp_id'";
+ $where = " WHERE sp_id = '" . addslashes($sp_id) . "'";
$permOp = 'AND';
}
if ($uid > 0) {
diff -r cc8e9fd9ef90 -r 95c24df5898d system/lib-story.php
--- a/system/lib-story.php Sun Dec 21 10:00:36 2008 +0100
+++ b/system/lib-story.php Sun Dec 21 10:06:37 2008 +0100
@@ -751,7 +751,7 @@
if ($sid == '*') {
$where = ' WHERE';
} else {
- $where = " WHERE (sid = '$sid') AND";
+ $where = " WHERE (sid = '" . addslashes($sid) . "') AND";
}
$where .= ' (draft_flag = 0) AND (date <= NOW())';
if ($uid > 0) {
More information about the geeklog-cvs
mailing list