ahtoagah wrote:
I tested pwg_db_real_escape_string() and it seems to work fine.
So using your examples above, I just use pwg_db_real_escape_string instead of the addslashes calls?
Offline
ahtoagah wrote:
I don't use Quick Edit, but I looked into some of its files and found that piwigo/plugins/AdminTools/include/events.inc.php has a similar statement on line 315.
Thanks. I found a few other places in events.inc.php to fix as well.
Offline
Just to be clear .. this is also not fixed in the 13 release?
Offline
matthys wrote:
Just to be clear .. this is also not fixed in the 13 release?
Correct. I had to re-apply the changes after I upgraded to 13.0.
Offline
Hello,
I confirm that this is not fixed in PWG 13.
Offline
Hmmmm, also not fixed in 13.1.0...
Today, after upgrading to 13.1.0, I got: an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Oultremont de Wégimont....
After updating the code manually it worked fine again.
Pity it was not solved in the fix release :-(
Last edited by matthys (2022-10-28 11:26:57)
Offline
Looks like this has been fixed in 13.2.0. Thank you!
[Github] Piwigo commit 96a4e21a
Last edited by windracer (2022-11-17 23:47:18)
Offline
windracer wrote:
Looks like this has been fixed in 13.2.0. Thank you!
[Github] Piwigo commit 96a4e21a
This does indeed seem to be fixed; however I got caught out by the auto upgrade process, and I was still getting problems with the Batch Manager unit update screen. The changes suggested earlier in this thread to file batch_manager_unit.php need to be manually reverted, or the modified file manually overwritten by a new copy, as that file hasn't changed for several versions.
Offline