Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-05-01 11:49:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes escape string by using custom function #18

Browse Source
This commit is contained in:
Stefan Brannfjell 2014-02-06 22:51:05 +01:00
parent 29a7de9751
commit 801e0bcbef
4 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin_news.php
View File

@ -59,7 +59,7 @@ if (empty($_POST) === false) {
// Insert news // Insert news
if ($action === 'i') { if ($action === 'i') {
echo '<font color="green"><b>News created successfully!</b></font>'; echo '<font color="green"><b>News created successfully!</b></font>';
list($charid, $title, $text) = array((int)$_POST['selected_char'], mysql_real_escape_string($_POST['title']), mysql_real_escape_string($_POST['text'])); list($charid, $title, $text) = array((int)$_POST['selected_char'], mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
$date = time(); $date = time();
mysql_insert("INSERT INTO `znote_news` (`title`, `text`, `date`, `pid`) VALUES ('$title', '$text', '$date', '$charid');"); mysql_insert("INSERT INTO `znote_news` (`title`, `text`, `date`, `pid`) VALUES ('$title', '$text', '$date', '$charid');");
// Reload the cache. // Reload the cache.
@ -71,7 +71,7 @@ if (empty($_POST) === false) {
// Save // Save
if ($action === 's') { if ($action === 's') {
echo '<font color="green"><b>News successfully updated!</b></font>'; echo '<font color="green"><b>News successfully updated!</b></font>';
list($title, $text) = array(mysql_real_escape_string($_POST['title']), mysql_real_escape_string($_POST['text'])); list($title, $text) = array(mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
mysql_update("UPDATE `znote_news` SET `title`='$title',`text`='$text' WHERE `id`='$id';") or die("FUCK!"); mysql_update("UPDATE `znote_news` SET `title`='$title',`text`='$text' WHERE `id`='$id';") or die("FUCK!");
$cache = new Cache('engine/cache/news'); $cache = new Cache('engine/cache/news');
$news = fetchAllNews(); $news = fetchAllNews();

2
engine/database/connect.php
View File

@ -199,7 +199,7 @@ if ($connect->connect_errno) {
die("Failed to connect to MySQL: (" . $connect->connect_errno . ") " . $connect->connect_error . $install); die("Failed to connect to MySQL: (" . $connect->connect_errno . ") " . $connect->connect_error . $install);
} }
function mysql_real_escape_string($escapestr) { function mysql_znote_escape_string($escapestr) {
global $connect; global $connect;
return mysqli_real_escape_string($connect, $escapestr); return mysqli_real_escape_string($connect, $escapestr);
} }

4
engine/function/general.php
View File

@ -401,11 +401,11 @@ function is_admin($user_data) {
} }
function array_sanitize(&$item) { function array_sanitize(&$item) {
$item = htmlentities(strip_tags(mysql_real_escape_string($item))); $item = htmlentities(strip_tags(mysql_znote_escape_string($item)));
} }
function sanitize($data) { function sanitize($data) {
return htmlentities(strip_tags(mysql_real_escape_string($data))); return htmlentities(strip_tags(mysql_znote_escape_string($data)));
} }
function output_errors($errors) { function output_errors($errors) {

2
paygol_ipn.php
View File

@ -29,7 +29,7 @@
// FUNCTIONS // FUNCTIONS
function sanitize($data)/* Security reasons */ { function sanitize($data)/* Security reasons */ {
return htmlentities(strip_tags(mysql_real_escape_string($data))); return htmlentities(strip_tags(mysql_znote_escape_string($data)));
} }
function user_data($user_id)/* account data */ { function user_data($user_id)/* account data */ {
$data = array(); $data = array();