Author: benj
Date: Tue May 31 11:56:24 2016
New Revision: 1697
URL: http://svn.gna.org/viewcvs/gdtc?rev=1697&view=rev
Log:
SQL injection
Modified:
trunk/gdtc/include/mail.php
Modified: trunk/gdtc/include/mail.php
URL:
http://svn.gna.org/viewcvs/gdtc/trunk/gdtc/include/mail.php?rev=1697&r1=1696&r2=1697&view=diff
==============================================================================
--- trunk/gdtc/include/mail.php (original)
+++ trunk/gdtc/include/mail.php Tue May 31 11:56:24 2016
@@ -404,11 +404,11 @@
log_message ( sprintf ( "SELECT * " .
" FROM mail_template " .
" WHERE name = '%s';",
- $name ) );
+ addslashes ( $name ) ) );
return simple_unique_query ( sprintf ( "SELECT * " .
" FROM mail_template " .
" WHERE name = '%s';",
- $name ) );
+ addslashes ( $name ) ) );
}
_______________________________________________
Gdtc-commits mailing list
[email protected]
https://mail.gna.org/listinfo/gdtc-commits
