joe at ThrowingDice.com
Sun May 4 12:15:02 EDT 2008
At 11:25 AM 5/4/2008, Dirk Haun wrote:
>Apart from the slight misnomer (it's not the block's ID, bid, but
>something derived from the block's title), here are some issues I ran into:
Why not just take it from the block name?
Whoa. I was going to say it gets passed through COM_applyFilter. But
it doesn't. It doesn't even go through COM_stripslashes. It goes
straight from $_POST['name'] to $name to "....,'$name',...." in DB_save.
In theory block_name should be unique and after a call to
COM_sanitizeID it should be fine. But you might want to check that
other problem too.
Throwing Dice Games
More information about the geeklog-devel