[Fusionforge-commits] r7470 - branches/Branch_4_8/gforge/common/include

Julien HEYMAN jheyman at libremir.placard.fr.eu.org
Wed Apr 22 10:09:26 CEST 2009


Author: jheyman
Date: 2009-04-22 10:09:26 +0200 (Wed, 22 Apr 2009)
New Revision: 7470

Modified:
   branches/Branch_4_8/gforge/common/include/database-pgsql.php
Log:
Make stripslashes in db_qery_params if magic_quote

db_query_params call pg_query_params, but this function used params
which never escaping. But with magic_quote enable, params are already
escaping. So, we escape escaping params.

Modified: branches/Branch_4_8/gforge/common/include/database-pgsql.php
===================================================================
--- branches/Branch_4_8/gforge/common/include/database-pgsql.php	2009-04-21 21:50:07 UTC (rev 7469)
+++ branches/Branch_4_8/gforge/common/include/database-pgsql.php	2009-04-22 08:09:26 UTC (rev 7470)
@@ -147,6 +147,9 @@
 	global $QUERY_COUNT;
 	$QUERY_COUNT++;
 
+	if (get_magic_quotes_gpc() == true) {
+		$params = array_map('stripslashes',$params);
+	}
 	if (!$limit || !is_numeric($limit) || $limit < 0) {
 		$limit=0;
 	}




More information about the Fusionforge-commits mailing list