From c2adde9035e536b618dba395236f15fda385a9d4 Mon Sep 17 00:00:00 2001 From: Daniel Hromada Date: Thu, 9 Dec 2010 01:41:06 +0100 Subject: [PATCH] configure_content node_content sql injection vulnerability fixed --- wwwroot/inc/eventz/configure_content.inc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/wwwroot/inc/eventz/configure_content.inc b/wwwroot/inc/eventz/configure_content.inc index 0d089a9..f726b64 100644 --- a/wwwroot/inc/eventz/configure_content.inc +++ b/wwwroot/inc/eventz/configure_content.inc @@ -33,9 +33,10 @@ function configure_content() { node_descendant_count,lastdescendant_created,template_id, NOW() from nodes where node_id = '$node_id'"; $db->query($qtiamat); - $qu = "update nodes set node_content = '$node_content' where node_id = '$node_id'"; + + $qu = "update nodes set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'"; $result = $db->update($qu); - $qu2 = "update node_content set node_content = '$node_content' where node_id = '$node_id'"; + $qu2 = "update node_content set node_content = '".mysql_real_espace_string($node_content)."' where node_id = '$node_id'"; $result = $db->update($qu2); return true; -- 2.30.2