Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixing XSS injection via user profile editing -- thanks zhzzhz:
  • Loading branch information
timbuckingham committed Apr 6, 2018
1 parent 2bac58b commit b2eff67
Showing 1 changed file with 3 additions and 6 deletions.
9 changes: 3 additions & 6 deletions core/inc/bigtree/admin.php
Expand Up @@ -8419,12 +8419,9 @@ function updatePendingChange($id,$changes,$mtm_changes = array(),$tags_changes =
function updateProfile($data) {
global $bigtree;

foreach ($data as $key => $val) {
if (substr($key,0,1) != "_" && !is_array($val)) {
$$key = sqlescape($val);
}
}

$name = sqlescape(htmlspecialchars($data["name"]));
$company = sqlescape(htmlspecialchars($data["company"]));
$daily_digest = $data["daily_digest"] ? "on" : "";
$id = sqlescape($this->ID);

if ($data["password"]) {
Expand Down

0 comments on commit b2eff67

Please sign in to comment.