fix another vulberability <script>alert('test')</script> now not working anymore

2026-06-28 00:24:23 +00:00 · 2013-10-05 12:26:35 +03:00
parent edac24eb28
commit 8ceb2c7f41
1 changed files with 2 additions and 2 deletions
@@ -396,7 +396,7 @@ class Message {
 		if($permission[opt7]==1){
 		if ($userally != 0) {
 		while ($allmembers = mysql_fetch_array($allmembersQ)) {
-		$database->sendMessage($allmembers[id],$session->uid,addslashes($topic),addslashes($text),0,$alliance,$player,$coor,$report);
+		$database->sendMessage($allmembers[id],$session->uid,htmlspecialchars(addslashes($topic)),htmlspecialchars(addslashes($text)),0,$alliance,$player,$coor,$report);
 		}
 			}
 			}
@@ -479,7 +479,7 @@ class Message {
 		}
 		}
 		}
-		$database->sendMessage($user, $session->uid, addslashes($topic), addslashes($text), 0, $alliance, $player, $coor, $report);
+		$database->sendMessage($user, $session->uid, htmlspecialchars(addslashes($topic)), htmlspecialchars(addslashes($text)), 0, $alliance, $player, $coor, $report);
 		}
 	}