Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()…

…->addslashes() or PHP's deprecated addslashes() for database escaping
  • Loading branch information...
commit 07dc3e9186d5ccac9aa69889f54cc89e44217d37 1 parent 8089e04
@chillu chillu authored
Showing with 3 additions and 3 deletions.
  1. +3 −3 code/AssetAdmin.php
View
6 code/AssetAdmin.php
@@ -315,7 +315,7 @@ function getEditForm($id) {
public function movemarked($urlParams, $form) {
if($_REQUEST['DestFolderID'] && (is_numeric($_REQUEST['DestFolderID']) || ($_REQUEST['DestFolderID']) == 'root')) {
$destFolderID = ($_REQUEST['DestFolderID'] == 'root') ? 0 : $_REQUEST['DestFolderID'];
- $fileList = "'" . ereg_replace(' *, *',"','",trim(addslashes($_REQUEST['FileIDs']))) . "'";
+ $fileList = "'" . ereg_replace(' *, *',"','",trim(Convert::raw2sql($_REQUEST['FileIDs']))) . "'";
$numFiles = 0;
if($fileList != "''") {
@@ -350,7 +350,7 @@ public function movemarked($urlParams, $form) {
* Called and returns in same way as 'save' function
*/
public function deletemarked($urlParams, $form) {
- $fileList = "'" . ereg_replace(' *, *',"','",trim(addslashes($_REQUEST['FileIDs']))) . "'";
+ $fileList = "'" . ereg_replace(' *, *',"','",trim(Convert::raw2sql($_REQUEST['FileIDs']))) . "'";
$numFiles = 0;
$folderID = 0;
$deleteList = '';
@@ -560,7 +560,7 @@ public function deletefolder($data, $ofmr) {
}
if(isset($brokenPageList)) {
- $message .= ' '._t('AssetAdmin.NOWBROKEN', 'The following pages now have broken links:').'<ul>'.addslashes($brokenPageList).'</ul>'.
+ $message .= ' '._t('AssetAdmin.NOWBROKEN', 'The following pages now have broken links:').'<ul>'.Convert::raw2xml($brokenPageList).'</ul>'.
_t('AssetAdmin.NOWBROKEN2', 'Their owners have been emailed and they will fix up those pages.');
}
Please sign in to comment.
Something went wrong with that request. Please try again.