Revision: 1100
http://mrbs.svn.sourceforge.net/mrbs/?rev=1100&view=rev
Author: cimorrison
Date: 2009-04-22 16:09:51 +0000 (Wed, 22 Apr 2009)
Log Message:
-----------
Added escaping of input when checking that a username is unique.
Modified Paths:
--------------
mrbs/trunk/web/edit_users.php
Modified: mrbs/trunk/web/edit_users.php
===================================================================
--- mrbs/trunk/web/edit_users.php 2009-04-22 15:58:21 UTC (rev 1099)
+++ mrbs/trunk/web/edit_users.php 2009-04-22 16:09:51 UTC (rev 1100)
@@ -460,7 +460,7 @@
// If it's a new user, then to check to see if there are any rows with
that name.
// If it's an update, then check to see if there are any rows with that
name, except
// for that user.
- $query = "SELECT id FROM $tbl_users WHERE name='$new_name'";
+ $query = "SELECT id FROM $tbl_users WHERE name='" . addslashes($new_name)
. "'";
if ($Id >= 0)
{
$query .= " AND id!='$Id'";
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
