mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-02 18:44:21 +00:00
fix: security patching due to mysql injection vulnerabilities everywhere
This commit is contained in:
@@ -208,6 +208,7 @@ class Message {
|
||||
|
||||
private function removeMessage($post) {
|
||||
global $database,$session;
|
||||
$post = $database->escape($post);
|
||||
for($i = 1; $i <= 10; $i++) {
|
||||
if(isset($post['n' . $i])) {
|
||||
$message1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "mdata where id = ".$post['n' . $i]."");
|
||||
|
||||
Reference in New Issue
Block a user