diff options
author | thomascube <thomas@roundcube.net> | 2005-11-01 00:01:40 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2005-11-01 00:01:40 +0000 |
commit | dba5f7c44a92c8e6986fa9395536347508145f60 (patch) | |
tree | e90c57be4dd31c14e6bc6b03d85ea5a9ad51ecd2 /program/steps/settings/save_identity.inc | |
parent | 9db57c57feeb113d370e52480c63b6cd00d292b2 (diff) |
Prevent from identities XSS
Diffstat (limited to 'program/steps/settings/save_identity.inc')
-rw-r--r-- | program/steps/settings/save_identity.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index 680833d7c..ea186ec12 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -33,7 +33,7 @@ if ($_POST['_iid']) if (!isset($_POST[$fname])) continue; - $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes($_POST[$fname])); + $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes(strip_tags($_POST[$fname]))); } if (sizeof($a_write_sql)) @@ -87,7 +87,7 @@ else continue; $a_insert_cols[] = $DB->quoteIdentifier($col); - $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname])); + $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname]))); } if (sizeof($a_insert_cols)) |