Home Explore Help
Sign In
richard
/
sorbetcms
Watch 1
Star 0
Fork 1
Code Issues 0 Pull Requests 0 Commits 290 Releases 0 Wiki
Browse Source

Fix XSS security hole on comments

pecesama 17 years ago
parent
f861ea764c
commit
b19b0f5d72
1 changed files with 5 additions and 1 deletions
Split View Show Diff Stats
  1. 5 1
      classes/mysql_connection.class.php

+ 5 - 1
classes/mysql_connection.class.php View File 

@@ -101,7 +101,9 @@ class Conexion_Mysql {
101 101
102 102 
 	  foreach ($datos as $llave=>$valor) {
103 103
104 
-		 $cols .= "$llave,";
104 
+		 $cols .= "$llave,";
105 
+
106 
+		 $valor = htmlspecialchars($valor,ENT_QUOTES);
105 107
106 108 
 		 $tipo_col = $this->obtenerTipoCampo($tabla, $llave);  // obtiene el tipo de campo
107 109 
 		 if (!$tipo_col) return false;  // error!

@@ -154,6 +156,8 @@ class Conexion_Mysql {
154 156 
 		foreach ($datos as $llave=>$valor) {
155 157 
 			$sql .= " $llave=";
156 158
159 
+			$valor = htmlspecialchars($valor,ENT_QUOTES);
160 
+
157 161 
 			$tipo_col = $this->obtenerTipoCampo($tabla, $llave);  // obtiene el tipo de campo
158 162 
 			if (!$tipo_col) return false;  // error!
159 163