[geeklog-devel] [geeklog-cvs] Geeklog-1.x/public_html/links index.php
Joe Mucchiello
joe at ThrowingDice.com
Mon Dec 31 11:57:04 EST 2007
At 05:41 AM 12/31/2007, Dirk Haun wrote:
> $cid = $_LI_CONF['root'];
> $display = '';
>! if (isset($_GET['category'])) {
>! $cid = strip_tags (COM_stripslashes ($_GET['category']));
>! } elseif (isset($_POST['category'])) {
>! $cid = strip_tags (COM_stripslashes ($_POST['category']));
>
>--- 261,266 ----
> } else {
> // Get current category name
>! $currentcategory = DB_getItem($_TABLES['linkcategories'],
>'category',
>! "cid='{$cid}'");
You probably need an addslashes here. If you're calling strip_tags,
that means "Jim's Links" is a valid $cid.
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list