[Fusionforge-commits] r7470 - branches/Branch_4_8/gforge/common/include
Julien HEYMAN
jheyman at libremir.placard.fr.eu.org
Wed Apr 22 10:09:26 CEST 2009
Author: jheyman
Date: 2009-04-22 10:09:26 +0200 (Wed, 22 Apr 2009)
New Revision: 7470
Modified:
branches/Branch_4_8/gforge/common/include/database-pgsql.php
Log:
Make stripslashes in db_qery_params if magic_quote
db_query_params call pg_query_params, but this function used params
which never escaping. But with magic_quote enable, params are already
escaping. So, we escape escaping params.
Modified: branches/Branch_4_8/gforge/common/include/database-pgsql.php
===================================================================
--- branches/Branch_4_8/gforge/common/include/database-pgsql.php 2009-04-21 21:50:07 UTC (rev 7469)
+++ branches/Branch_4_8/gforge/common/include/database-pgsql.php 2009-04-22 08:09:26 UTC (rev 7470)
@@ -147,6 +147,9 @@
global $QUERY_COUNT;
$QUERY_COUNT++;
+ if (get_magic_quotes_gpc() == true) {
+ $params = array_map('stripslashes',$params);
+ }
if (!$limit || !is_numeric($limit) || $limit < 0) {
$limit=0;
}
More information about the Fusionforge-commits
mailing list