Changeset 114

Timestamp:

11/20/2007 04:27:02 PM (4 years ago)

Author:

guyru

Message:

fixed escaping error

Location:

trunk/www

Files:

• htdocs/feedout.php (modified) (1 diff)
• scripts/db2mail.php (modified) (1 diff)
• scripts/mailer.php (modified) (1 diff)

trunk/www/htdocs/feedout.php

@@ -12 +12 @@
 }
 
-$name=mysql_real_escape_string($_POST['name']);
+$name=$_POST['name'];
 checkOK($name);
-$email=mysql_real_escape_string($_POST['email']);
+$email=$_POST['email'];
 checkOK($email);
-$comments=mysql_real_escape_string($_POST['comments']);
+$comments=$_POST['comments'];
 //the checking of the comments is completly uneeded
 //checkOK($comments);
 
-$to=mysql_real_escape_string("openyahtzee-users@lists.sourceforge.net");
+$to="openyahtzee-users@lists.sourceforge.net";
 
 $message="The following feedback was sent to the list by $name <$email>.\n\n$comments";

trunk/www/scripts/db2mail.php

@@ -11 +11 @@
 $total = 0;
 while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
-  $line['ID'] = stripcslashes ($line['ID']);
-  $line['subject'] = stripcslashe($line['subject']);
-  $line['recipient'] = stripcslashe($line['recipient']);
-  $line['headers'] = stripcslasheb($line['headers']);
+  $line['ID'] = breakapart ($line['ID']);
+  $line['subject'] = breakapart($line['subject']);
+  $line['recipient'] = breakapart($line['recipient']);
+  $line['headers'] = breakapart($line['headers']);
   $line['headers'] .= "Message-DBID: ". $line['ID'] ."\n";
 

trunk/www/scripts/mailer.php

@@ -5 +5 @@
    or die('Could not connect: ' . mysql_error());
   $to = addslashes($to);
-  $subject = addslashes($subject);
-  $message = addslashes($message);
-  $headers = addslashes($headers);  
+  $subject = mysql_real_escape_string($subject);
+  $message = mysql_real_escape_string($message);
+  $headers = mysql_real_escape_string($headers);  
 
   $query = "INSERT INTO o175453_general.mailer(recipient, subject, message, headers) VALUES('$to', '$subject', '$message', '$headers')";