claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tighten up security on add notes

Browse Source
This commit is contained in:
Tony Lambregts
2005-01-14 05:29:45 +00:00
committed by WineHQ
parent 6b806b79e1
commit 16bb7584e5
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
admin/addAppNote.php
View File

@@ -31,11 +31,12 @@ if(!is_numeric($_REQUEST['appId']))
if($_REQUEST['sub'] == "Submit")
{
$query = "INSERT into appNotes VALUES (null, '".
addslashes($_REQUEST['noteTitle'])."', '".
addslashes($_REQUEST['noteDesc'])."', ".
"{$_REQUEST['appId']}, {$_REQUEST['versionId']})";
if (query_appdb($query))
$aInsert = compile_insert_string(array( 'noteTitle' =>$_REQUEST['noteTitle'],
'NoteDesc' => $_REQUEST['noteDesc'],
'appId' => $_REQUEST['appId'],
'versionId' => $_REQUEST['versionId'] ));
if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"))
{
// successful
$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -53,7 +54,7 @@ if($_REQUEST['sub'] == "Submit")
$ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
mail( "", "[AppDB] ".$fullAppName ,$ms, "Bcc: ".stripslashes( $email));
} else
{