From 29c974a320078c3169cade013235b6ad1a26302e Mon Sep 17 00:00:00 2001
From: nveid <nveid@ispconfig3>
Date: Wed, 07 Dec 2011 03:53:55 -0500
Subject: [PATCH] Updated some escape string methods outside of db_mysql_inc.php to use the standardize app->db->quote method already established.
---
interface/lib/classes/searchform.inc.php | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php
index 9c0c0dd..035b744 100644
--- a/interface/lib/classes/searchform.inc.php
+++ b/interface/lib/classes/searchform.inc.php
@@ -244,7 +244,7 @@
$list_name = $this->listDef['name'];
$settings = $_SESSION['search'][$list_name];
unset($settings['page']);
- $data = mysql_real_escape_string(serialize($settings));
+ $data = $app->db->quote(serialize($settings));
$userid = $_SESSION['s']['user']['userid'];
$groupid = $_SESSION['s']['user']['default_group'];
@@ -301,6 +301,7 @@
public function encode($record)
{
+ global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field) {
$key = $field['field'];
@@ -309,7 +310,7 @@
case 'VARCHAR':
case 'TEXT':
if(!is_array($record[$key])) {
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
} else {
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
}
@@ -327,7 +328,7 @@
break;
case 'DOUBLE':
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
@@ -340,4 +341,4 @@
}
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1