claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tighten up security on add notes

Browse Source
This commit is contained in:
Tony Lambregts
2005-01-14 05:29:45 +00:00
committed by WineHQ
parent 6b806b79e1
commit 16bb7584e5
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
admin/addAppNote.php
View File

@@ -31,11 +31,12 @@ if(!is_numeric($_REQUEST['appId']))
if($_REQUEST['sub'] == "Submit") if($_REQUEST['sub'] == "Submit")
{ {
$query = "INSERT into appNotes VALUES (null, '". $aInsert = compile_insert_string(array( 'noteTitle' =>$_REQUEST['noteTitle'],
addslashes($_REQUEST['noteTitle'])."', '". 'NoteDesc' => $_REQUEST['noteDesc'],
addslashes($_REQUEST['noteDesc'])."', ". 'appId' => $_REQUEST['appId'],
"{$_REQUEST['appId']}, {$_REQUEST['versionId']})"; 'versionId' => $_REQUEST['versionId'] ));
if (query_appdb($query))
if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"))
{ {
// successful // successful
$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -53,7 +54,7 @@ if($_REQUEST['sub'] == "Submit")
$ms .= "\n"; $ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER; $ms .= STANDARD_NOTIFY_FOOTER;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms); mail( "", "[AppDB] ".$fullAppName ,$ms, "Bcc: ".stripslashes( $email));
} else } else
{ {