Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin note - $db->escape #1179

Closed
Quy opened this issue Apr 5, 2015 · 1 comment
Closed

Admin note - $db->escape #1179

Quy opened this issue Apr 5, 2015 · 1 comment
Assignees
@Studio384
Labels
bug
Milestone
Luna 1.0 Aero

Comments

@Quy
Copy link
Contributor

Quy commented Apr 5, 2015

$db->query('UPDATE '.$db->prefix.'config SET conf_value=\''.luna_htmlspecialchars($_POST['form']['admin_note']).'\' WHERE conf_name=\'o_admin_note\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
@Studio384 Studio384 added the bug label Apr 5, 2015
@Studio384 Studio384 modified the milestone: Luna 1.0 Aero Apr 5, 2015
@Studio384 Studio384 self-assigned this Apr 5, 2015
@Studio384 Studio384 mentioned this issue Apr 5, 2015
Closed
@Quy
Copy link
Contributor Author

Quy commented Apr 5, 2015

To clarify, this needs to be fixed:
luna_htmlspecialchars($_POST['form']['admin_note'])

Studio384 pushed a commit that referenced this issue Apr 5, 2015
#1179 Fix escape
6516cf0
@Studio384 Studio384 mentioned this issue Apr 5, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Studio384 Studio384

Labels
bug
Projects
None yet
Milestone
Luna 1.0 Aero
Development

No branches or pull requests
2 participants
@Quy @Studio384