[Fusionforge-commits] r8851 - trunk/gforge/www/news/admin

Franck VILLAUME nerville at libremir.placard.fr.eu.org
Tue Feb 23 11:25:52 CET 2010


Author: nerville
Date: 2010-02-23 11:25:51 +0100 (Tue, 23 Feb 2010)
New Revision: 8851

Modified:
   trunk/gforge/www/news/admin/index.php
Log:
fix quotes in details

Modified: trunk/gforge/www/news/admin/index.php
===================================================================
--- trunk/gforge/www/news/admin/index.php	2010-02-23 10:19:42 UTC (rev 8850)
+++ trunk/gforge/www/news/admin/index.php	2010-02-23 10:25:51 UTC (rev 8851)
@@ -81,7 +81,7 @@
 			$sanitizer = new TextSanitizer();
 			$details = $sanitizer->SanitizeHtml($details);
 			$result = db_query_params("UPDATE news_bytes SET is_approved=$1, summary=$2, 
-details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), $details, $id, $group_id));
+details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), addslashes($details), $id, $group_id));
 
 			if (!$result || db_affected_rows($result) < 1) {
 				$feedback .= _('Error On Update:');
@@ -200,7 +200,7 @@
 				$sanitizer = new TextSanitizer();
 				$details = $sanitizer->SanitizeHtml($details);
 				$result=db_query_params("UPDATE news_bytes SET is_approved='1', post_date=$1, 
-summary=$2, details=$3 WHERE id=$4", array(time(), htmlspecialchars($summary), $details, $id));
+summary=$2, details=$3 WHERE id=$4", array(time(), htmlspecialchars($summary), addslashes($details), $id));
 				if (!$result || db_affected_rows($result) < 1) {
 					$feedback .= _('Error On Update:');
 				} else {




More information about the Fusionforge-commits mailing list