Skip to content

Commit f11a136

Browse files
author
Danny Cheok
committed
Update trigger_ratethread.php to prevent SQL Injection
1 parent fe85100 commit f11a136

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

Diff for: Upload/plugins/gimmie/trigger_ratethread.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,10 @@
3636
if ($vbulletin->options['gimmie_enable_global'] == 1 && $vbulletin->options['gimmie_trigger_perthreadratingreceived'] == 1)
3737
{
3838

39-
$threadsql = $vbulletin->db->query_read("SELECT * FROM " . TABLE_PREFIX . "thread WHERE `threadid` = '" . $_POST['t'] . "'");
39+
$threadsql = $vbulletin->db->query_read("SELECT * FROM " . TABLE_PREFIX . "thread WHERE `threadid` = " . $vbulletin->db->escape_string($_POST['t']));
4040
$thread = $vbulletin->db->fetch_array($threadsql);
4141

42-
$usersql = $vbulletin->db->query_read("SELECT `userid`, `username`, `email` FROM " . TABLE_PREFIX . "user WHERE `username` = '" . $thread['postusername'] . "'");
42+
$usersql = $vbulletin->db->query_read("SELECT `userid`, `username`, `email` FROM " . TABLE_PREFIX . "user WHERE `username` = " . $vbulletin->db->escape_string($thread['postusername']));
4343

4444
$user = $vbulletin->db->fetch_array($usersql);
4545

@@ -61,4 +61,4 @@
6161
}
6262
}
6363

64-
?>
64+
?>

0 commit comments

Comments
 (0)