Ignore:
Timestamp:
Oct 7, 2013, 11:52:11 PM (11 years ago)
Author:
chronos
Message:
  • Fixed: SQL injection protection was not applied because of new dynamic URL handling.
  • Fixed: HTML entities encodin for search input string.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/includes/global.php

    r581 r586  
    633633        else $_SERVER['QUERY_STRING'] = '';
    634634        parse_str($_SERVER['QUERY_STRING'], $_GET);
     635  // SQL injection hack protection
     636  foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($_GET[$Index]);
    635637        return($PathItems);
    636638}
Note: See TracChangeset for help on using the changeset viewer.