[Fusionforge-commits] FusionForge branch master updated. 6.0.4-619-gf15e41d

Fri, 01 Jul 2016 04:40:47 -0700 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  f15e41d79db5c516ac37f3ac497f48fb3af28f7a (commit)
      from  b240e65c542eb05f372f4767021ca728f0358af8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=f15e41d79db5c516ac37f3ac497f48fb3af28f7a

commit f15e41d79db5c516ac37f3ac497f48fb3af28f7a
Author: Franck Villaume <[email protected]>
Date:   Fri Jul 1 13:40:21 2016 +0200

    db_query function is forbidden. Please use db_query_params

diff --git a/src/common/include/User.class.php 
b/src/common/include/User.class.php
index 73cc8e9..cabae71 100644
--- a/src/common/include/User.class.php
+++ b/src/common/include/User.class.php
@@ -1773,10 +1773,8 @@ Email: %3$s
                }
 
                $serializedData = serialize($data);
-               $sql = "UPDATE users
-                               SET uneditable='".$serializedData."'
-                               WHERE user_id='".$this->getID()."'";
-               $res = db_query($sql);
+               $sql = 'UPDATE users SET uneditable = $1 WHERE user_id = $2';
+               $res = db_query_params($sql, array($serializedData, 
$this->getID()));
                if (!$res || db_affected_rows($res) < 1) {
                        $this->setError('Error: Cannot Update list of 
uneditable fields: '.db_error());
                        return false;
@@ -1798,10 +1796,8 @@ Email: %3$s
                }
 
                $serializedData = serialize($data);
-               $sql = "UPDATE users
-                               SET hidden='".$serializedData."'
-                               WHERE user_id='".$this->getID()."'";
-               $res = db_query($sql);
+               $sql = 'UPDATE users SET hidden = $1 WHERE user_id = $2';
+               $res = db_query_params($sql, array($serializedData, 
$this->getID()));
                if (!$res || db_affected_rows($res) < 1) {
                        $this->setError('Error: Cannot Update list of hidden 
fields: '.db_error());
                        return false;

-----------------------------------------------------------------------

Summary of changes:
 src/common/include/User.class.php | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
FusionForge

_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits

Reply via email to