From: Daniel Hromada Date: Thu, 9 Dec 2010 00:41:06 +0000 (+0100) Subject: configure_content node_content sql injection vulnerability fixed X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=c2adde9035e536b618dba395236f15fda385a9d4;p=mirrors%2FKyberia-bloodline.git configure_content node_content sql injection vulnerability fixed --- diff --git a/wwwroot/inc/eventz/configure_content.inc b/wwwroot/inc/eventz/configure_content.inc index 0d089a9..f726b64 100644 --- a/wwwroot/inc/eventz/configure_content.inc +++ b/wwwroot/inc/eventz/configure_content.inc @@ -33,9 +33,10 @@ function configure_content() { node_descendant_count,lastdescendant_created,template_id, NOW() from nodes where node_id = '$node_id'"; $db->query($qtiamat); - $qu = "update nodes set node_content = '$node_content' where node_id = '$node_id'"; + + $qu = "update nodes set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'"; $result = $db->update($qu); - $qu2 = "update node_content set node_content = '$node_content' where node_id = '$node_id'"; + $qu2 = "update node_content set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'"; $result = $db->update($qu2); return true;