Changeset 586 for trunk/includes


Ignore:
Timestamp:
Oct 7, 2013, 11:52:11 PM (12 years ago)
Author:
chronos
Message:
  • Fixed: SQL injection protection was not applied because of new dynamic URL handling.
  • Fixed: HTML entities encodin for search input string.
Location:
trunk/includes
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/includes/Page.php

    r577 r586  
    2020 
    2121  function GetOutput()
    22   {
     22  {     
    2323        $Output = $this->Show();
    2424        return($Output);

  • trunk/includes/Version.php

    r585 r586  
    11<?php
    22
    3 $Revision = 585; // Subversion revision
     3$Revision = 586; // Subversion revision
    44$DatabaseRevision = 585; // Database structure revision
    5 $ReleaseTime = '2013-09-13';
     5$ReleaseTime = '2013-10-07';

  • trunk/includes/global.php

    r581 r586  
    633633        else $_SERVER['QUERY_STRING'] = '';
    634634        parse_str($_SERVER['QUERY_STRING'], $_GET);
     635  // SQL injection hack protection
     636  foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($_GET[$Index]);
    635637        return($PathItems);
    636638}
Note: See TracChangeset for help on using the changeset viewer.