Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-30 11:19:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix security hole

Browse Source
This commit is contained in:
Daniel Björkholm 2014-05-29 09:41:35 +02:00
parent 7fe609abdb
commit be39af6235
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
guilds.php
View File

@ -490,9 +490,7 @@ if ($highest_access >= 2) {
$wars = mysql_select_multi("SELECT `id`, `guild1`, `guild2`, `status` FROM `guild_wars` WHERE (`guild1` = '$gid' OR `guild1` = '$targetGuild') AND (`guild2` = '$gid' OR `guild2` = '$targetGuild') AND `status` IN (0, 1);"); $wars = mysql_select_multi("SELECT `id`, `guild1`, `guild2`, `status` FROM `guild_wars` WHERE (`guild1` = '$gid' OR `guild1` = '$targetGuild') AND (`guild2` = '$gid' OR `guild2` = '$targetGuild') AND `status` IN (0, 1);");
if ($status == false && $wars == false) { if ($status == false && $wars == false) {
guild_war_invitation($gid, $targetGuild); guild_war_invitation($gid, $targetGuild);
$limit = $_POST['limit']; $limit = (empty($_POST['limit'])) ? 100 : (int)$_POST['limit'];
if (empty($limit))
$limit = 100;
mysql_insert("INSERT INTO `znote_guild_wars` (`limit`) VALUES ('$limit');"); mysql_insert("INSERT INTO `znote_guild_wars` (`limit`) VALUES ('$limit');");
header('Location: guilds.php?name='. $_GET['name']); header('Location: guilds.php?name='. $_GET['name']);
exit(); exit();