lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: compatibility with pgsql, replace all addslashes in particular files

Browse Source
This commit is contained in:
Regis Houssin 2011-02-24 18:43:45 +00:00
parent 669fef0014
commit a4d45d7837
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/adherents/fiche.php
View File

@ -250,9 +250,9 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe
{
if (preg_match("/^options_/",$key))
{
//escape values from POST, at least with addslashes, to avoid obvious SQL injections
//escape values from POST, at least with $db->escape, to avoid obvious SQL injections
//(array_options is directly input in the DB in adherent.class.php::update())
$adh->array_options[$key]=addslashes($_POST[$key]);
$adh->array_options[$key]=$db->escape($_POST[$key]);
}
}
@ -380,9 +380,9 @@ if ($_POST["action"] == 'add' && $user->rights->adherent->creer)
{
if (preg_match("/^options_/",$key))
{
//escape values from POST, at least with addslashes, to avoid obvious SQL injections
//escape values from POST, at least with $db->escape, to avoid obvious SQL injections
//(array_options is directly input in the DB in adherent.class.php::update())
$adh->array_options[$key]=addslashes($_POST[$key]);
$adh->array_options[$key]=$db->escape($_POST[$key]);
}
}