[Fusionforge-commits] r7744 - branches/Branch_4_5/gforge/www/include

Roland Mas lolando at libremir.placard.fr.eu.org
Sun Jun 7 14:35:28 CEST 2009


Author: lolando
Date: 2009-06-07 14:35:28 +0200 (Sun, 07 Jun 2009)
New Revision: 7744

Modified:
   branches/Branch_4_5/gforge/www/include/logger.php
Log:
Backported from 4.8: use db_query_params() instead of db_query() to prevent SQL injection problems

Modified: branches/Branch_4_5/gforge/www/include/logger.php
===================================================================
--- branches/Branch_4_5/gforge/www/include/logger.php	2009-06-07 12:26:40 UTC (rev 7743)
+++ branches/Branch_4_5/gforge/www/include/logger.php	2009-06-07 12:35:28 UTC (rev 7744)
@@ -66,11 +66,11 @@
 
 $sql =	"INSERT INTO activity_log "
 	. "(day,hour,group_id,browser,ver,platform,time,page,type) "
-	. "VALUES (" . date('Ymd', mktime()) . ",'" . date('H', mktime())
-	. "','$log_group','" . browser_get_agent() . "','" . browser_get_version() 
-	. "','" . browser_get_platform() . "','" . time() . "','$PHP_SELF','0');";
+	. "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9);";
 
-$res_logger = db_query ( $sql );
+$res_logger = db_query_params ($sql, array(date('Ymd'), date('H'),
+	$log_group, browser_get_agent(), browser_get_version(), browser_get_platform(),
+	time(), getStringFromServer('PHP_SELF'), '0'));
 
 //
 //	temp hack




More information about the Fusionforge-commits mailing list