fix: security patching due to mysql injection vulnerabilities everywhere

This commit is contained in:
Martin Ambrus
2017-10-17 12:21:41 +02:00
parent 74cccb2a74
commit 1654ce498f
10 changed files with 694 additions and 12 deletions
+1
View File
@@ -208,6 +208,7 @@ class Message {
private function removeMessage($post) {
global $database,$session;
$post = $database->escape($post);
for($i = 1; $i <= 10; $i++) {
if(isset($post['n' . $i])) {
$message1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "mdata where id = ".$post['n' . $i]."");