summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2013-08-24 15:30:48 +0200
committerMichael Tänzer <neo@nhng.de>2013-08-24 15:30:48 +0200
commit35a1e4c80c870b6f956903d61b1999ecf67d6d51 (patch)
treead5ff80954476b66c032d505d9c7c52d620b86dc /includes
parent33bd853d0e7034f1ad0755dd717655b650ba541f (diff)
downloadcacert-devel-35a1e4c80c870b6f956903d61b1999ecf67d6d51.tar.gz
cacert-devel-35a1e4c80c870b6f956903d61b1999ecf67d6d51.tar.xz
cacert-devel-35a1e4c80c870b6f956903d61b1999ecf67d6d51.zip
bug 1137: mysql_real_escape() fields in user_agreements although they usually are not
user provided, just to be sure Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'includes')
-rw-r--r--includes/notary.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index b8cdb1b..2b7ccb6 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -635,7 +635,7 @@
function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
// write a new record to the table user_agreement
$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
- ",`document`='".$document."',`date`=NOW(), `active`=".intval($active).",`method`='".$method."',`comment`='".$comment."'" ;
+ ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
$res = mysql_query($query);
}