Changeset 48 for branches/portal_by_daris

Timestamp:

02/15/09 10:31:31 (3 years ago)

Author:

daris

Message:

portal: fixed sql injetion in admin pages

Files:

• branches/portal_by_daris/admin/pages.php (modified) (1 diff)

branches/portal_by_daris/admin/pages.php

@@ -188 +188 @@
                 $query = array(
                         'UPDATE'        => 'pages',
-                        'SET'           => 'title=\''.$forum_db->escape($page_title).'\', content=\''.$page_content.'\'',
+                        'SET'           => 'title=\''.$forum_db->escape($page_title).'\', content=\''.$forum_db->escape($page_content).'\'',
                         'WHERE'         => 'id='.$page_id
                 );