Skip to content

Commit

Permalink
Added escapes for quotes in strings
Browse files Browse the repository at this point in the history
FPLinks, FAQ and Donate threw errors when a single quote was used in the
fields.  Added escape function to prevent the issue.
  • Loading branch information
paintballrefjosh committed Sep 18, 2017
1 parent a6b564e commit 1d6c60e
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 10 deletions.
4 changes: 2 additions & 2 deletions core/core.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@

class Core
{
public $version = '4.1.2';
public $version_date = '2017-04-02, 15:41';
public $version = '4.1.3';
public $version_date = '2017-09-18, 10:21';
public $db_version = '4.1.0';
private $conf;

Expand Down
4 changes: 2 additions & 2 deletions inc/admin/script_files/admin.donate.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ function editPkg()
{
global $DB, $lang;
$DB->query("UPDATE `mw_donate_packages` SET
`desc`='".$_POST['desc']."',
`desc`='".$DB->real_escape_string($_POST['desc'])."',
`cost`='".$_POST['cost']."',
`points`='".$_POST['points']."'
WHERE `id`='".$_GET['id']."'
Expand All @@ -43,7 +43,7 @@ function addPkg()
`cost`,
`points`)
VALUES(
'".$_POST['desc']."',
'".$DB->real_escape_string($_POST['desc'])."',
'".$_POST['cost']."',
'".$_POST['points']."'
)
Expand Down
8 changes: 4 additions & 4 deletions inc/admin/script_files/admin.faq.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ function editFaq()
{
global $DB, $Core, $lang;
$DB->query("UPDATE `mw_faq` SET
`question`='".$_POST['question']."',
`answer`='".$_POST['answer']."'
`question`='".$DB->real_escape_string($_POST['question'])."',
`answer`='".$DB->real_escape_string($_POST['answer'])."'
WHERE `id`='".$_GET['id']."'
");

Expand All @@ -45,8 +45,8 @@ function addFaq()
`question`,
`answer`)
VALUES(
'".$_POST['question']."',
'".$_POST['answer']."'
'".$DB->real_escape_string($_POST['question'])."',
'".$DB->real_escape_string($_POST['answer'])."'
)
");

Expand Down
4 changes: 2 additions & 2 deletions inc/admin/script_files/admin.fplinks.php
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ function editLink()
global $DB, $Core, $lang;
$DB->query("UPDATE `mw_menu_items` SET
`menu_id`='".$_POST['menu_id']."',
`link_title`='".$_POST['link_title']."',
`link_title`='".$DB->real_escape_string($_POST['link_title'])."',
`link`='".$_POST['link']."',
`guest_only`='".$_POST['guest_only']."',
`account_level`='".$_POST['account_level']."'
Expand Down Expand Up @@ -70,7 +70,7 @@ function addLink()
`account_level`)
VALUES(
'".$_POST['menu_id']."',
'".$_POST['link_title']."',
'".$DB->real_escape_string($_POST['link_title'])."',
'".$_POST['link']."',
'".$_POST['guest_only']."',
'".$_POST['account_level']."')
Expand Down
1 change: 1 addition & 0 deletions update/update_list.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
4.1.3,4.1.0
4.1.2,4.1.0
4.1.1,4.1.0
4.1.0,4.1.0
Expand Down

0 comments on commit 1d6c60e

Please sign in to comment.