Skip to content
This repository
Browse code

BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()…

…->addslashes() or PHP's deprecated addslashes() for database escaping
  • Loading branch information...
commit 07dc3e9186d5ccac9aa69889f54cc89e44217d37 1 parent 8089e04
Ingo Schommer authored September 15, 2011

Showing 1 changed file with 3 additions and 3 deletions. Show diff stats Hide diff stats

  1. 6  code/AssetAdmin.php
6  code/AssetAdmin.php
@@ -315,7 +315,7 @@ function getEditForm($id) {
315 315
 	public function movemarked($urlParams, $form) {
316 316
 		if($_REQUEST['DestFolderID'] && (is_numeric($_REQUEST['DestFolderID']) || ($_REQUEST['DestFolderID']) == 'root')) {
317 317
 			$destFolderID = ($_REQUEST['DestFolderID'] == 'root') ? 0 : $_REQUEST['DestFolderID'];
318  
-			$fileList = "'" . ereg_replace(' *, *',"','",trim(addslashes($_REQUEST['FileIDs']))) . "'";
  318
+			$fileList = "'" . ereg_replace(' *, *',"','",trim(Convert::raw2sql($_REQUEST['FileIDs']))) . "'";
319 319
 			$numFiles = 0;
320 320
 	
321 321
 			if($fileList != "''") {
@@ -350,7 +350,7 @@ public function movemarked($urlParams, $form) {
350 350
 	 * Called and returns in same way as 'save' function
351 351
 	 */
352 352
 	public function deletemarked($urlParams, $form) {
353  
-		$fileList = "'" . ereg_replace(' *, *',"','",trim(addslashes($_REQUEST['FileIDs']))) . "'";
  353
+		$fileList = "'" . ereg_replace(' *, *',"','",trim(Convert::raw2sql($_REQUEST['FileIDs']))) . "'";
354 354
 		$numFiles = 0;
355 355
 		$folderID = 0;
356 356
 		$deleteList = '';
@@ -560,7 +560,7 @@ public function deletefolder($data, $ofmr) {
560 560
 		}
561 561
 
562 562
 		if(isset($brokenPageList)) {
563  
-		  $message .= '  '._t('AssetAdmin.NOWBROKEN', 'The following pages now have broken links:').'<ul>'.addslashes($brokenPageList).'</ul>'.
  563
+		  $message .= '  '._t('AssetAdmin.NOWBROKEN', 'The following pages now have broken links:').'<ul>'.Convert::raw2xml($brokenPageList).'</ul>'.
564 564
 		    _t('AssetAdmin.NOWBROKEN2', 'Their owners have been emailed and they will fix up those pages.');
565 565
 		}
566 566
 

0 notes on commit 07dc3e9

Please sign in to comment.
Something went wrong with that request. Please try again.