From 35a1e4c80c870b6f956903d61b1999ecf67d6d51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Sat, 24 Aug 2013 15:30:48 +0200
Subject: bug 1137: mysql_real_escape() fields in user_agreements although they
 usually are not user provided, just to be sure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 includes/notary.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'includes')

diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index b8cdb1b..2b7ccb6 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -635,7 +635,7 @@
 	function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
 	// write a new record to the table user_agreement
 		$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
-			",`document`='".$document."',`date`=NOW(), `active`=".intval($active).",`method`='".$method."',`comment`='".$comment."'" ;
+			",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
 		$res = mysql_query($query);
 	}
 
-- 
cgit v1.2.1