Skip to content

Commit

Permalink
Potential SQL hackery.
Browse files Browse the repository at this point in the history
  • Loading branch information
@timbuckingham
timbuckingham committed May 28, 2015
1 parent 1000c8e commit a86c22b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions core/admin/modules/developer/modules/designer/form-create.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
$fields = array();
$adds = array();
$module = $_POST["module"];
$table = "`".$_POST["table"]."`";
$table = "`".str_replace("`","",$_POST["table"])."`";

if (!count($_POST["titles"]) || empty($_POST["titles"])) {
$_SESSION["developer"]["designer_errors"]["fields"] = true;
Expand All @@ -21,7 +21,7 @@
);

$x = 2;
$field_name = str_replace("-","_",$cms->urlify($ft));
$field_name = str_replace(array("`","-"),array("","_"),$cms->urlify($ft));
$ofn = $field_name;
while (isset($fields[$field_name]) && !in_array($field_name,$reserved)) {
$field_name = $ofn.$x;
Expand Down

0 comments on commit a86c22b

Please sign in to comment.