mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-09 14:16:08 +00:00
Fix CVE-2023-36995
This commit is contained in:
@@ -3109,6 +3109,8 @@ class MYSQLi_DB implements IDbConnection {
|
||||
*****************************************/
|
||||
function createAlliance($tag, $name, $uid, $max) {
|
||||
list($tag, $name, $uid, $max) = $this->escape_input($tag, $name, (int) $uid, (int) $max);
|
||||
$tag = $this->RemoveXSS($tag);
|
||||
$name = $this->RemoveXSS($name);
|
||||
|
||||
$q = "INSERT into " . TB_PREFIX . "alidata values (0,'$name','$tag',$uid,0,0,0,'','',$max,0,0,0,0,0,0,0,0,0)";
|
||||
mysqli_query($this->dblink,$q);
|
||||
|
||||
Reference in New Issue
Block a user