From dba5f7c44a92c8e6986fa9395536347508145f60 Mon Sep 17 00:00:00 2001 From: thomascube Date: Tue, 1 Nov 2005 00:01:40 +0000 Subject: Prevent from identities XSS --- program/steps/settings/save_identity.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'program/steps') diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index 680833d7c..ea186ec12 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -33,7 +33,7 @@ if ($_POST['_iid']) if (!isset($_POST[$fname])) continue; - $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes($_POST[$fname])); + $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes(strip_tags($_POST[$fname]))); } if (sizeof($a_write_sql)) @@ -87,7 +87,7 @@ else continue; $a_insert_cols[] = $DB->quoteIdentifier($col); - $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname])); + $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname]))); } if (sizeof($a_insert_cols)) -- cgit v1.2.3