From: Daniel Hromada <hromi@Aphrodité.(none)>
Date: Thu, 9 Dec 2010 00:41:06 +0000 (+0100)
Subject: configure_content node_content sql injection vulnerability fixed
X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=c2adde9035e536b618dba395236f15fda385a9d4;p=mirrors%2FKyberia-bloodline.git

configure_content node_content sql injection vulnerability fixed
---

diff --git a/wwwroot/inc/eventz/configure_content.inc b/wwwroot/inc/eventz/configure_content.inc
index 0d089a9..f726b64 100644
--- a/wwwroot/inc/eventz/configure_content.inc
+++ b/wwwroot/inc/eventz/configure_content.inc
@@ -33,9 +33,10 @@ function configure_content() {
             node_descendant_count,lastdescendant_created,template_id, NOW()
             from nodes where node_id = '$node_id'";
     $db->query($qtiamat);
-    $qu = "update nodes set node_content = '$node_content' where node_id = '$node_id'";
+
+    $qu = "update nodes set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'";
     $result = $db->update($qu);
-    $qu2 = "update node_content set node_content = '$node_content' where node_id = '$node_id'";
+    $qu2 = "update node_content set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'";
     $result = $db->update($qu2);
 
     return true;