From 191827827e2329c3ac36ceccf89189f0f13b20c6 Mon Sep 17 00:00:00 2001
From: Jason Cleeland <jcleeland@users.sourceforge.net>
Date: Sun, 16 Mar 2003 08:40:33 +0000
Subject: [PATCH] Fixed links to statistics script so that they aren't a
 register_globals issue ($sql post variable)

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/trunk/unstable@42 b72ed6b6-b9f8-46b5-92b4-906544132732
---
 admin/export.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/admin/export.php b/admin/export.php
index 82be95cb203..e4c4b92af22 100644
--- a/admin/export.php
+++ b/admin/export.php
@@ -48,7 +48,7 @@
 	echo "\t<tr>\n";
 	echo "\t\t<td align='center'>\n";
 	echo "\t\t\t$setfont<b>Export Data";
-	if ($sql) {echo " from Statistics Filter";}
+	if ($_POST['sql']) {echo " from Statistics Filter";}
 	echo "</b>\n";
 	echo "\t\t</td>\n";
 	echo "\t</tr>\n";
@@ -82,7 +82,7 @@
 	echo "\t\t</td>\n";
 	echo "\t</tr>\n";
 	echo "\t<input type='hidden' name='sid' value='$sid'>\n";
-	if ($sql) {echo "\t<input type='hidden' name='sql' value=\"".stripcslashes($sql)."\">\n";}
+	if ($_POST['sql']) {echo "\t<input type='hidden' name='sql' value=\"".stripcslashes($_POST['sql'])."\">\n";}
 	echo "\t</form>\n";
 	echo "\t<tr>\n";
 	echo "\t\t<td align=\"center\">\n";
@@ -184,9 +184,9 @@
 		$legitqs[] = $lw[0];
 		}
 	$surveytable = "survey_{$sid}";
-	if ($sql)
+	if ($_POST['sql'])
 		{
-		$dquery = "SELECT * FROM $surveytable WHERE ".stripcslashes($sql)." ORDER BY id";
+		$dquery = "SELECT * FROM $surveytable WHERE ".stripcslashes($_POST['sql'])." ORDER BY id";
 		}
 	else
 		{