addslashes() on messages from users before inserting into db.

moodle · Sep 9, 2004 · a10b3ad · a10b3ad
1 parent 06dc71e
commit a10b3ad
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/mod/chat/chatd.php b/mod/chat/chatd.php
@@ -408,9 +408,16 @@ function dispatch_sidekick($handle, $type, $sessionid, $customdata) {
                     break;
                 }
 
+                // A slight hack to prevent malformed SQL inserts
+                $origmsg = $msg->message;
+                $msg->message = addslashes($msg->message);
+
                 // Commit to DB
                 insert_record('chat_messages', $msg);
 
+                // Undo the hack
+                $msg->message = $origmsg;
+
                 // OK, now push it out to all users
                 $this->message_broadcast($msg, $this->sets_info[$sessionid]['user']);