Skip to content
Permalink
Browse files Browse the repository at this point in the history
5815 added htmlspecialchars to filter URL var before going to the db.
  • Loading branch information
gregrgay committed Oct 1, 2017
1 parent 40ecae4 commit 9292360
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion mods/_standard/rss_feeds/edit_feed.php
Expand Up @@ -38,7 +38,7 @@
}

if (!$msg->containsErrors()) {
$_GET['url'] = $addslashes($_GET['url']);
$_GET['url'] = htmlspecialchars(strip_tags($_GET['url']), ENT_QUOTES);

$sql = "REPLACE INTO %sfeeds VALUES(%d, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $feed_id, $_GET['url']));
Expand Down

0 comments on commit 9292360

Please sign in to comment.