[geeklog-devel] [geeklog-cvs] Geeklog-1.x/public_html/links index.php

Joe Mucchiello joe at ThrowingDice.com
Mon Dec 31 11:57:04 EST 2007

Previous message: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10
Next message: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/plugins/links functions.inc, 1.93, 1.94
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 05:41 AM 12/31/2007, Dirk Haun wrote:

> $cid = $_LI_CONF['root'];

> $display = '';

>! if (isset($_GET['category'])) {

>! $cid = strip_tags (COM_stripslashes ($_GET['category']));

>! } elseif (isset($_POST['category'])) {

>! $cid = strip_tags (COM_stripslashes ($_POST['category']));

>

>--- 261,266 ----

> } else {

> // Get current category name

>! $currentcategory = DB_getItem($_TABLES['linkcategories'],

>'category',

>! "cid='{$cid}'");

You probably need an addslashes here. If you're calling strip_tags,
that means "Jim's Links" is a valid $cid.

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com

Previous message: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10
Next message: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/plugins/links functions.inc, 1.93, 1.94
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list