Changeset 10942


Ignore:
Timestamp:
May 19, 2011, 5:28:40 PM (10 years ago)
Author:
Eric
Message:

use pwg_db_real_escape_string() instead of addslashes()
version 2.20.7 hard coded

Location:
extensions/UserAdvManager/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • extensions/UserAdvManager/trunk/admin/UAM_admin.php

    r10391 r10942  
    186186                $query = '
    187187                UPDATE '.CONFIG_TABLE.'
    188                 SET value="'.addslashes($conf['UserAdvManager']).'"
     188                SET value="'.pwg_db_real_escape_string($conf['UserAdvManager']).'"
    189189                WHERE param="UserAdvManager"
    190190                LIMIT 1
     
    215215          $query = '
    216216      UPDATE '.CONFIG_TABLE.'
    217                         SET value="'.addslashes($conf['UserAdvManager_ConfirmMail']).'"
     217                        SET value="'.pwg_db_real_escape_string($conf['UserAdvManager_ConfirmMail']).'"
    218218                        WHERE param="UserAdvManager_ConfirmMail"
    219219                        LIMIT 1
  • extensions/UserAdvManager/trunk/changelog.txt.php

    r10706 r10942  
    248248-- 2.20.6 : Improve database update process
    249249            Bug 2289 fixed - "Password in clear text in the information email" was working in a reverse logic
     250
     251-- 2.20.7 : Use pwg_db_real_escape_string() instead of addslashes()
    250252*/
    251253?>
  • extensions/UserAdvManager/trunk/include/upgradedb.inc.php

    r10706 r10942  
    180180  $query = '
    181181UPDATE '.CONFIG_TABLE.'
    182   SET value = "'.addslashes(serialize($upgrade_UAM)).'"
     182  SET value = "'.pwg_db_real_escape_string(serialize($upgrade_UAM)).'"
    183183  WHERE param = "nbc_UserAdvManager"
    184184;';
     
    191191    $query = '
    192192UPDATE '.CONFIG_TABLE.'
    193   SET value = "'.addslashes(serialize($data)).'"
     193  SET value = "'.pwg_db_real_escape_string(serialize($data)).'"
    194194  WHERE param = "nbc_UserAdvManager_ConfirmMail"
    195195;';
     
    241241  $query = '
    242242      UPDATE '.CONFIG_TABLE.'
    243                         SET value="'.addslashes($update_conf).'"
     243                        SET value="'.pwg_db_real_escape_string($update_conf).'"
    244244                        WHERE param="UserAdvManager_ConfirmMail"
    245245                        LIMIT 1
     
    297297  $query = '
    298298      UPDATE '.CONFIG_TABLE.'
    299                         SET value="'.addslashes($update_conf).'"
     299                        SET value="'.pwg_db_real_escape_string($update_conf).'"
    300300                        WHERE param="UserAdvManager"
    301301                        LIMIT 1
     
    343343  $query = '
    344344      UPDATE '.CONFIG_TABLE.'
    345                         SET value="'.addslashes($update_conf).'"
     345                        SET value="'.pwg_db_real_escape_string($update_conf).'"
    346346                        WHERE param="UserAdvManager"
    347347                        LIMIT 1
     
    389389  $query = '
    390390UPDATE '.CONFIG_TABLE.'
    391 SET value="'.addslashes($update_conf).'"
     391SET value="'.pwg_db_real_escape_string($update_conf).'"
    392392WHERE param="UserAdvManager"
    393393LIMIT 1
     
    446446  $query = '
    447447UPDATE '.CONFIG_TABLE.'
    448 SET value="'.addslashes($update_conf).'"
     448SET value="'.pwg_db_real_escape_string($update_conf).'"
    449449WHERE param="UserAdvManager"
    450450LIMIT 1
  • extensions/UserAdvManager/trunk/main.inc.php

    r10706 r10942  
    22/*
    33Plugin Name: UserAdvManager
    4 Version: 2.20.6
     4Version: 2.20.7
    55Description: Renforcer la gestion des utilisateurs - Enforce users management
    66Plugin URI: http://piwigo.org/ext/extension_view.php?eid=216
  • extensions/UserAdvManager/trunk/maintain.inc.php

    r10706 r10942  
    3535    $q = '
    3636INSERT INTO '.CONFIG_TABLE.' (param, value, comment)
    37 VALUES ("UserAdvManager","'.addslashes(serialize($default1)).'","UAM parameters")
     37VALUES ("UserAdvManager","'.pwg_db_real_escape_string(serialize($default1)).'","UAM parameters")
    3838  ;';
    3939    pwg_query($q);
     
    6262    $q = '
    6363INSERT INTO '.CONFIG_TABLE.' (param, value, comment)
    64 VALUES ("UserAdvManager_ConfirmMail","'.addslashes(serialize($default2)).'","UAM ConfirmMail parameters")
     64VALUES ("UserAdvManager_ConfirmMail","'.pwg_db_real_escape_string(serialize($default2)).'","UAM ConfirmMail parameters")
    6565  ;';
    6666    pwg_query($q);
Note: See TracChangeset for help on using the changeset viewer.