fix: security patching due to mysql injection vulnerabilities everywhere

2026-06-28 00:24:23 +00:00 · 2017-10-17 12:21:41 +02:00
parent 74cccb2a74
commit 1654ce498f
10 changed files with 694 additions and 12 deletions
@@ -354,6 +354,7 @@ if (!isset($SAJAX_INCLUDED)) {

 		//$data = explode("|",$data);
 		if (is_array($data)){$msg = htmlspecialchars($data[1]);}else{$msg = htmlspecialchars($data);};
+		$msg = $database->escape($msg);
 //		$msg=htmlspecialchars($msg);
 		$name = addslashes($session->username);