phpBMS

Ticket #22: adminsettings_include_patch.diff

File adminsettings_include_patch.diff, 0.7 KB (added by jceh, 6 years ago)

  • home/johnny/public_html/phpbms/modules/base/include/adminsettings_include.php

     
    4141        global $dblink; 
    4242         
    4343        foreach($settings as $key=>$value){ 
    44                 $querystatement="UPDATE settings set value=\"".$value."\" WHERE name=\"".$key."\""; 
     44                $querystatement="UPDATE settings set value=\"".addslashes($value)."\" WHERE name=\"".$key."\""; 
    4545                $queryresult=mysql_query($querystatement,$dblink); 
    4646                if(!$queryresult) reportError(mysql_error($dblink)." - ".$querystatement);               
    4747        } 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.