Remember Bobby Tables: Sanitize your SQL inputs.

git-svn-id: https://vassalengine.svn.sourceforge.net/svnroot/vassalengine/site-src/trunk@6841 67b53d14-2c14-4ace-a08f-0dab2b34000c
author: uckelman <uckelman@nomic.net> 2010-05-09 21:59:47 +0000
committer: uckelman <uckelman@nomic.net> 2010-05-09 21:59:47 +0000
commit: 51dd620bf958dc79dd5947f7cd642f3693799f4b (patch)
tree: 25ad719a3e19dda13b020cfb18ed80ea90e800a5 /src
parent: 7295cd958e1119dd78f120ba0d794e2af69560ee (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/PhpBB3.php b/src/PhpBB3.php
index 6fd785f..72700ce 100644
--- a/src/PhpBB3.php
+++ b/src/PhpBB3.php
@@ -265,9 +265,9 @@ class PhpBB3 {
            ') VALUES (' .
              $userId . ', ' .
              '1, ' .
-             $realFilename . ', ' .
-             $comment . ', ' .
-             $mimetype . ', ' .
+             $db->sql_escape($realFilename) . ', ' .
+             $db->sql_escape($comment) . ', ' .
+             $db->sql_escape($mimetype) . ', ' .
              strlen($data) . ', ' .
              time() .
            ')';
author	uckelman <uckelman@nomic.net>	2010-05-09 21:59:47 +0000
committer	uckelman <uckelman@nomic.net>	2010-05-09 21:59:47 +0000
commit	51dd620bf958dc79dd5947f7cd642f3693799f4b (patch)
tree	25ad719a3e19dda13b020cfb18ed80ea90e800a5 /src
parent	7295cd958e1119dd78f120ba0d794e2af69560ee (diff)