diff options
author | Dominique Martinet <asmadeus@codewreck.org> | 2013-05-01 10:02:33 +0200 |
---|---|---|
committer | Dominique Martinet <asmadeus@codewreck.org> | 2015-11-08 14:27:59 +0100 |
commit | 80733675c8979de9ee5efe3d93170003e9845169 (patch) | |
tree | 649ff23b1bd19c595faa45eaafab1395ac5a4a4d | |
parent | 216e6d6ee1d7127f673e4ace99a5a6c6f1edc33d (diff) |
More escaping fixes
-rw-r--r-- | admin/addevent.php | 3 | ||||
-rw-r--r-- | admin/addraid.php | 8 |
2 files changed, 7 insertions, 4 deletions
diff --git a/admin/addevent.php b/admin/addevent.php index 3e56688..5a3ae4e 100644 --- a/admin/addevent.php +++ b/admin/addevent.php @@ -111,6 +111,9 @@ class Add_Event extends EQdkp_Admin //
$clean_event_name = stripslashes($_POST['event_name']);
+ while (strpos($clean_event_name, '\\') !== false) {
+ $clean_event_name = stripslashes($clean_event_name);;
+ }
$query = $db->build_query('INSERT', array(
'event_name' => ($clean_event_name),
diff --git a/admin/addraid.php b/admin/addraid.php index 4c7276b..eae9108 100644 --- a/admin/addraid.php +++ b/admin/addraid.php @@ -146,12 +146,12 @@ class Add_Raid extends EQdkp_Admin // Get the raid value
//
$raid_value = $this->get_raid_value($raid_name);
-
+
//
// Insert the raid
//
$query = $db->build_query('INSERT', array(
- 'raid_name' => $raid_name,
+ 'raid_name' => stripslashes($raid_name),
'raid_date' => $this->time,
'raid_note' => $_POST['raid_note'],
'raid_value' => $raid_value,
@@ -275,7 +275,7 @@ class Add_Raid extends EQdkp_Admin 'raid_date' => $this->time,
'raid_note' => $_POST['raid_note'],
'raid_value' => $raid_value,
- 'raid_name' => $_POST['raid_name'],
+ 'raid_name' => stripslashes($_POST['raid_name']),
'raid_updated_by' => $this->admin_user)
);
$db->query('UPDATE ' . RAIDS_TABLE . ' SET ' . $query . " WHERE raid_id='" . $this->url_id . "'");
@@ -1244,7 +1244,7 @@ class Add_Raid extends EQdkp_Admin // Form values
'RAID_ATTENDEES' => str_replace(',', "\n", $this->raid['raid_attendees']),
'RAID_VALUE' => $raid_value,
- 'RAID_NOTE' => htmlspecialchars($this->raid['raid_note']),
+ 'RAID_NOTE' => stripslashes(htmlspecialchars($this->raid['raid_note'])),
'MO' => date('m', $this->time),
'D' => date('d', $this->time),
'Y' => date('Y', $this->time),
|