[Fusionforge-commits] r7744 - branches/Branch_4_5/gforge/www/include
Roland Mas
lolando at libremir.placard.fr.eu.org
Sun Jun 7 14:35:28 CEST 2009
Author: lolando
Date: 2009-06-07 14:35:28 +0200 (Sun, 07 Jun 2009)
New Revision: 7744
Modified:
branches/Branch_4_5/gforge/www/include/logger.php
Log:
Backported from 4.8: use db_query_params() instead of db_query() to prevent SQL injection problems
Modified: branches/Branch_4_5/gforge/www/include/logger.php
===================================================================
--- branches/Branch_4_5/gforge/www/include/logger.php 2009-06-07 12:26:40 UTC (rev 7743)
+++ branches/Branch_4_5/gforge/www/include/logger.php 2009-06-07 12:35:28 UTC (rev 7744)
@@ -66,11 +66,11 @@
$sql = "INSERT INTO activity_log "
. "(day,hour,group_id,browser,ver,platform,time,page,type) "
- . "VALUES (" . date('Ymd', mktime()) . ",'" . date('H', mktime())
- . "','$log_group','" . browser_get_agent() . "','" . browser_get_version()
- . "','" . browser_get_platform() . "','" . time() . "','$PHP_SELF','0');";
+ . "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9);";
-$res_logger = db_query ( $sql );
+$res_logger = db_query_params ($sql, array(date('Ymd'), date('H'),
+ $log_group, browser_get_agent(), browser_get_version(), browser_get_platform(),
+ time(), getStringFromServer('PHP_SELF'), '0'));
//
// temp hack
More information about the Fusionforge-commits
mailing list