Prevent from identities XSS
| | |
| | | - Set default user language from config 'locale_string' |
| | | - Added sorting patch for message list |
| | | - Make default sort col/order configurable |
| | | - Fixed XSS in address book and identities |
| | | |
| | |
| | | if (!isset($_POST[$fname])) |
| | | continue; |
| | | |
| | | $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes($_POST[$fname])); |
| | | $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes(strip_tags($_POST[$fname]))); |
| | | } |
| | | |
| | | if (sizeof($a_write_sql)) |
| | |
| | | continue; |
| | | |
| | | $a_insert_cols[] = $DB->quoteIdentifier($col); |
| | | $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname])); |
| | | $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname]))); |
| | | } |
| | | |
| | | if (sizeof($a_insert_cols)) |