Author: benj
Date: Tue May 31 11:55:57 2016
New Revision: 1695
URL: http://svn.gna.org/viewcvs/gdtc?rev=1695&view=rev
Log:
SQL injection fixed
Modified:
trunk/gdtc/include/contact.php
Modified: trunk/gdtc/include/contact.php
URL:
http://svn.gna.org/viewcvs/gdtc/trunk/gdtc/include/contact.php?rev=1695&r1=1694&r2=1695&view=diff
==============================================================================
--- trunk/gdtc/include/contact.php (original)
+++ trunk/gdtc/include/contact.php Tue May 31 11:55:57 2016
@@ -33,10 +33,11 @@
function do_add_contact ( $actor_id, $contact_type, $contact_name, $admin_info
)
{
- $result = do_query
- ( sprintf ( "INSERT INTO contact
(actor_id,contact_type,contact_name,admin_info) VALUES ( " .
- "'%s', '%s', '%s', '%s' );",
- $actor_id, $contact_type, $contact_name, $admin_info ) );
+ $result = do_query
+ ( sprintf ( "INSERT INTO contact
(actor_id,contact_type,contact_name,admin_info) VALUES ( " .
+ "'%s', '%s', '%s', '%s' );",
+ addslashes ( $actor_id ), addslashes ( $contact_type ),
addslashes ( $contact_name ),
+ addslashes ( $admin_info ) ) );
}
function commit_contact_add ( $args )
_______________________________________________
Gdtc-commits mailing list
[email protected]
https://mail.gna.org/listinfo/gdtc-commits
