Skip to content

Commit

Permalink
Update trigger_ratethread.php to prevent SQL Injection
Browse files Browse the repository at this point in the history
  • Loading branch information
Danny Cheok committed Sep 8, 2014
1 parent fe85100 commit f11a136
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions Upload/plugins/gimmie/trigger_ratethread.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@
if ($vbulletin->options['gimmie_enable_global'] == 1 && $vbulletin->options['gimmie_trigger_perthreadratingreceived'] == 1)
{

$threadsql = $vbulletin->db->query_read("SELECT * FROM " . TABLE_PREFIX . "thread WHERE `threadid` = '" . $_POST['t'] . "'");
$threadsql = $vbulletin->db->query_read("SELECT * FROM " . TABLE_PREFIX . "thread WHERE `threadid` = " . $vbulletin->db->escape_string($_POST['t']));
$thread = $vbulletin->db->fetch_array($threadsql);

$usersql = $vbulletin->db->query_read("SELECT `userid`, `username`, `email` FROM " . TABLE_PREFIX . "user WHERE `username` = '" . $thread['postusername'] . "'");
$usersql = $vbulletin->db->query_read("SELECT `userid`, `username`, `email` FROM " . TABLE_PREFIX . "user WHERE `username` = " . $vbulletin->db->escape_string($thread['postusername']));

$user = $vbulletin->db->fetch_array($usersql);

Expand All @@ -61,4 +61,4 @@
}
}

?>
?>

0 comments on commit f11a136

Please sign in to comment.