summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominique Martinet <asmadeus@codewreck.org>2013-05-01 10:02:33 +0200
committerDominique Martinet <asmadeus@codewreck.org>2015-11-08 14:27:59 +0100
commit80733675c8979de9ee5efe3d93170003e9845169 (patch)
tree649ff23b1bd19c595faa45eaafab1395ac5a4a4d
parent216e6d6ee1d7127f673e4ace99a5a6c6f1edc33d (diff)
More escaping fixes
-rw-r--r--admin/addevent.php3
-rw-r--r--admin/addraid.php8
2 files changed, 7 insertions, 4 deletions
diff --git a/admin/addevent.php b/admin/addevent.php
index 3e56688..5a3ae4e 100644
--- a/admin/addevent.php
+++ b/admin/addevent.php
@@ -111,6 +111,9 @@ class Add_Event extends EQdkp_Admin
//
$clean_event_name = stripslashes($_POST['event_name']);
+ while (strpos($clean_event_name, '\\') !== false) {
+ $clean_event_name = stripslashes($clean_event_name);;
+ }
$query = $db->build_query('INSERT', array(
'event_name' => ($clean_event_name),
diff --git a/admin/addraid.php b/admin/addraid.php
index 4c7276b..eae9108 100644
--- a/admin/addraid.php
+++ b/admin/addraid.php
@@ -146,12 +146,12 @@ class Add_Raid extends EQdkp_Admin
// Get the raid value
//
$raid_value = $this->get_raid_value($raid_name);
-
+
//
// Insert the raid
//
$query = $db->build_query('INSERT', array(
- 'raid_name' => $raid_name,
+ 'raid_name' => stripslashes($raid_name),
'raid_date' => $this->time,
'raid_note' => $_POST['raid_note'],
'raid_value' => $raid_value,
@@ -275,7 +275,7 @@ class Add_Raid extends EQdkp_Admin
'raid_date' => $this->time,
'raid_note' => $_POST['raid_note'],
'raid_value' => $raid_value,
- 'raid_name' => $_POST['raid_name'],
+ 'raid_name' => stripslashes($_POST['raid_name']),
'raid_updated_by' => $this->admin_user)
);
$db->query('UPDATE ' . RAIDS_TABLE . ' SET ' . $query . " WHERE raid_id='" . $this->url_id . "'");
@@ -1244,7 +1244,7 @@ class Add_Raid extends EQdkp_Admin
// Form values
'RAID_ATTENDEES' => str_replace(',', "\n", $this->raid['raid_attendees']),
'RAID_VALUE' => $raid_value,
- 'RAID_NOTE' => htmlspecialchars($this->raid['raid_note']),
+ 'RAID_NOTE' => stripslashes(htmlspecialchars($this->raid['raid_note'])),
'MO' => date('m', $this->time),
'D' => date('d', $this->time),
'Y' => date('Y', $this->time),