Changeset 6703
- Timestamp:
- Jul 24, 2010, 6:06:10 PM (14 years ago)
- Location:
- extensions/lmt
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/lmt/lmt_aip.class.inc.php
r6701 r6703 564 564 if($_POST["text1"]!="") 565 565 { 566 $sql="INSERT INTO ".$this->tables["licence_author"]." VALUES('', '". addslashes($_POST["text1"])."', '".addslashes($_POST["text2"])."')";566 $sql="INSERT INTO ".$this->tables["licence_author"]." VALUES('', '". htmlspecialchars($_POST["text1"], ENT_QUOTES)."', '".htmlspecialchars($_POST["text2"], ENT_QUOTES)."')"; 567 567 $result=pwg_query($sql); 568 568 if($result) … … 590 590 { 591 591 $sql="UPDATE ".$this->tables["licence_author"]." 592 SET text1 = '". addslashes($_POST["text1"])."',593 text2 = '". addslashes($_POST["text2"])."'592 SET text1 = '". htmlspecialchars($_POST["text1"], ENT_QUOTES)."', 593 text2 = '".htmlspecialchars($_POST["text2"], ENT_QUOTES)."' 594 594 WHERE id = '".$_POST["id"]."'"; 595 595 $result=pwg_query($sql); -
extensions/lmt/main.inc.php
r6701 r6703 60 60 | | | * mantis : feature 1690 61 61 | | | . Improve performances in admin page 62 | | | 63 | | | 64 | | | 62 | | | * mantis : bug 1699 63 | | | . slashes should be stripped when displaying author 64 | | | names 65 65 | | | 66 66 | | |
Note: See TracChangeset
for help on using the changeset viewer.