diff options
author | thomascube <thomas@roundcube.net> | 2005-10-31 23:47:03 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2005-10-31 23:47:03 +0000 |
commit | 9db57c57feeb113d370e52480c63b6cd00d292b2 (patch) | |
tree | 058b79e0f7644acea9201b2e871f8c1f83408646 /program/steps/addressbook | |
parent | 7cc38e0bebb30f12b1c643ea96a038453be185e1 (diff) |
Prevent from address book XSS
Diffstat (limited to 'program/steps/addressbook')
-rw-r--r-- | program/steps/addressbook/save.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index 814f50a34..3e2cfae8f 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -34,7 +34,7 @@ if ($_POST['_cid']) if (!isset($_POST[$fname])) continue; - $a_write_sql[] = sprintf("%s='%s'", $col, addslashes($_POST[$fname])); + $a_write_sql[] = sprintf("%s='%s'", $col, addslashes(strip_tags($_POST[$fname]))); } if (sizeof($a_write_sql)) @@ -103,7 +103,7 @@ else continue; $a_insert_cols[] = $col; - $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname])); + $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname]))); } if (sizeof($a_insert_cols)) |