[Fusionforge-commits] r8850 - branches/Branch_4_8/gforge/www/news/admin
Franck VILLAUME
nerville at libremir.placard.fr.eu.org
Tue Feb 23 11:19:42 CET 2010
Author: nerville
Date: 2010-02-23 11:19:42 +0100 (Tue, 23 Feb 2010)
New Revision: 8850
Modified:
branches/Branch_4_8/gforge/www/news/admin/index.php
Log:
fix details with quotes
Modified: branches/Branch_4_8/gforge/www/news/admin/index.php
===================================================================
--- branches/Branch_4_8/gforge/www/news/admin/index.php 2010-02-23 08:01:10 UTC (rev 8849)
+++ branches/Branch_4_8/gforge/www/news/admin/index.php 2010-02-23 10:19:42 UTC (rev 8850)
@@ -80,7 +80,7 @@
$sanitizer = new TextSanitizer();
$details = $sanitizer->SanitizeHtml($details);
$sql="UPDATE news_bytes SET is_approved='$status', summary='".htmlspecialchars($summary)."', ".
- "details='".$details."' WHERE id='$id' AND group_id='$group_id'";
+ "details='".addslashes($details)."' WHERE id='$id' AND group_id='$group_id'";
$result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
@@ -199,7 +199,7 @@
$sanitizer = new TextSanitizer();
$details = $sanitizer->SanitizeHtml($details);
$sql="UPDATE news_bytes SET is_approved='1', post_date='".time()."', ".
- "summary='".htmlspecialchars($summary)."', details='".$details."' WHERE id='$id'";
+ "summary='".htmlspecialchars($summary)."', details='".addslashes($details)."' WHERE id='$id'";
$result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('Error On Update:');
More information about the Fusionforge-commits
mailing list