mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Fix SQL injection reported by Dr. Neal Krawetz

Browse Source
This commit is contained in:
Garvin Hicking
2007-06-17 10:45:24 +00:00
parent 7747c8203d
commit 9e6bf834f0
2 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/functions_comments.inc.php
View File

@ -313,7 +313,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
function serendipity_printCommentsByAuthor() {
global $serendipity;
$type = $serendipity['GET']['commentMode'];
$type = serendipity_db_escape_string($serendipity['GET']['commentMode']);
if ($type == 'comments' || empty($type)) {
$type = 'NORMAL';
@ -441,10 +441,10 @@ function serendipity_deleteComment($id, $entry_id, $type='comments') {
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}comments SET parent_id = " . (int)$sql['parent_id'] . " WHERE parent_id = " . $id);
}
$addData = array('cid' => $id, 'entry_id' => $entry_id);
serendipity_plugin_api::hook_event('backend_deletecomment', $sql, $addData);
return true;
} else {
return false;