Fixed Issue #04869: Field file upload does not work when more than on…

…e. (Thanks to fcabralpacheco for reporting the bug) Fixed Issue #04904: SQL Injection possible in admin/browse.php (Thanks to starmonkey for reporting the bug) git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey@9784 b72ed6b6-b9f8-46b5-92b4-906544132732
LimeSurvey · Feb 12, 2011 · 60ca469 · 60ca469
1 parent 2ab3ad7
commit 60ca469
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/admin/browse.php b/admin/browse.php
@@ -516,7 +516,7 @@
                 $query .= ", $question ";
             $count++;
         }
-        $query .= " FROM $surveytable WHERE id={$_POST['downloadfile']}";
+        $query .= " FROM $surveytable WHERE id={".mysql_real_escape_string($_POST['downloadfile'])."}";
         $filearray = db_execute_assoc($query) or safe_die("Could not download response<br />$query<br />".$connect->ErrorMsg());
         while ($metadata = $filearray->FetchRow())
         {
@@ -596,7 +596,6 @@
                     ob_clean();
                     flush();
                     readfile($file);
-                    unlink($file);
                     exit;
                 }
                 break;