makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed a situation where we weren't escaping sql special chars.

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1041 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
natec 2001-09-15 22:11:20 +00:00
parent d80238fe57
commit fe252a54fd
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/posting.php
View file

@ -85,6 +85,7 @@ else
$topic_id = "";
}
//
// Was cancel pressed? If so then redirect to the appropriate
// page, no point in continuing with any further checks
@ -629,7 +630,7 @@ if( ( $submit || $confirm ) && !$error )
if( $mode == "newtopic" )
{
$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote)
VALUES ('$subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";
VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";
if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) )
{