From 8500be3f1ba7bcab6b8523507e74a132df58d925 Mon Sep 17 00:00:00 2001 From: tbrehm <t.brehm@ispconfig.org> Date: Thu, 18 Sep 2008 06:25:41 -0400 Subject: [PATCH] - Changed addslashes to mysql_real_escape_string in several files. - Updated Debian installation instructions. --- interface/web/client/client_edit.php | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php index 11b20a7..23e445f 100644 --- a/interface/web/client/client_edit.php +++ b/interface/web/client/client_edit.php @@ -57,20 +57,20 @@ function onAfterInsert() { global $app; // Create the group for the client - $sql = "INSERT INTO sys_group (name,description,client_id) VALUES ('".addslashes($this->dataRecord["username"])."','',".$this->id.")"; + $sql = "INSERT INTO sys_group (name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")"; $app->db->query($sql); $groupid = $app->db->insertID(); $groups = $groupid; - $username = addslashes($this->dataRecord["username"]); - $password = addslashes($this->dataRecord["password"]); + $username = mysql_real_escape_string($this->dataRecord["username"]); + $password = mysql_real_escape_string($this->dataRecord["password"]); $modules = ISPC_INTERFACE_MODULES_ENABLED; if($this->dataRecord["limit_client"] > 0) $modules .= ',client'; $startmodule = 'mail'; - $usertheme = addslashes($this->dataRecord["usertheme"]); + $usertheme = mysql_real_escape_string($this->dataRecord["usertheme"]); $type = 'user'; $active = 1; - $language = addslashes($this->dataRecord["language"]); + $language = mysql_real_escape_string($this->dataRecord["language"]); // Create the controlpaneluser for the client $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) @@ -97,7 +97,7 @@ // username changed if(isset($app->tform->diffrec['username'])) { - $username = addslashes($this->dataRecord["username"]); + $username = mysql_real_escape_string($this->dataRecord["username"]); $client_id = $this->id; $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id"; $app->db->query($sql); @@ -107,7 +107,7 @@ // password changed if(isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') { - $password = addslashes($this->dataRecord["password"]); + $password = mysql_real_escape_string($this->dataRecord["password"]); $client_id = $this->id; $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id"; $app->db->query($sql); @@ -117,7 +117,7 @@ if(isset($this->dataRecord["limit_client"])) { $modules = ISPC_INTERFACE_MODULES_ENABLED; if($this->dataRecord["limit_client"] > 0) $modules .= ',client'; - $modules = addslashes($modules); + $modules = mysql_real_escape_string($modules); $client_id = $this->id; $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id"; $app->db->query($sql); -- Gitblit v1.9.1