thomascube
2005-10-31 9db57c57feeb113d370e52480c63b6cd00d292b2
Prevent from address book XSS


1 files modified
4 ■■■■ changed files
program/steps/addressbook/save.inc 4 ●●●● patch | view | raw | blame | history
program/steps/addressbook/save.inc
@@ -34,7 +34,7 @@
    if (!isset($_POST[$fname]))
      continue;
    
    $a_write_sql[] = sprintf("%s='%s'", $col, addslashes($_POST[$fname]));
    $a_write_sql[] = sprintf("%s='%s'", $col, addslashes(strip_tags($_POST[$fname])));
    }
  if (sizeof($a_write_sql))
@@ -103,7 +103,7 @@
      continue;
    
    $a_insert_cols[] = $col;
    $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
    $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));
    }
    
  if (sizeof($a_insert_cols))