configure_content node_content sql injection vulnerability fixed

diff --git a/wwwroot/inc/eventz/configure_content.inc b/wwwroot/inc/eventz/configure_content.inc
index 0d089a9640a2b682b8d5b1657fb2c9c4950b5abb..f726b64ae9c19f04550fb4506eee1c99b5d0314a 100644 (file)
--- a/wwwroot/inc/eventz/configure_content.inc
+++ b/wwwroot/inc/eventz/configure_content.inc
@@ -33,9 +33,10 @@ function configure_content() {
             node_descendant_count,lastdescendant_created,template_id, NOW()
             from nodes where node_id = '$node_id'";
     $db->query($qtiamat);
-    $qu = "update nodes set node_content = '$node_content' where node_id = '$node_id'";
+
+    $qu = "update nodes set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'";
     $result = $db->update($qu);
-    $qu2 = "update node_content set node_content = '$node_content' where node_id = '$node_id'";
+    $qu2 = "update node_content set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'";
     $result = $db->update($qu2);
 
     return true;