Revision 1868
Added by Dietmar almost 12 years ago
CopyTheme.php | ||
---|---|---|
97 | 97 |
private function _SanitizeNewName($sName) |
98 | 98 |
{ |
99 | 99 |
$sName = (trim($sName) == '' ? 'MyNewTheme' : $sName); |
100 |
$sName = mysql_real_escape_string($sName);
|
|
100 |
$sName = $this->_oDb->escapeString($sName);
|
|
101 | 101 |
$iCount = ''; |
102 | 102 |
do { |
103 | 103 |
$sSearch = $sName.($iCount ? ' '.$iCount : ''); |
... | ... | |
260 | 260 |
. '`function`=\'theme\', ' |
261 | 261 |
. '`directory`=\''.$aVariables['directory'].'\', ' |
262 | 262 |
. '`name`=\''.$aVariables['name'].'\', ' |
263 |
. '`description`=\''.mysql_real_escape_string($aVariables['description']).'\', '
|
|
263 |
. '`description`=\''.$this->_oDb->escapeString($aVariables['description']).'\', '
|
|
264 | 264 |
. '`version`=\''.$aVariables['version'].'\', ' |
265 | 265 |
. '`platform`=\''.$aVariables['platform'].'\', ' |
266 |
. '`author`=\''.mysql_real_escape_string($aVariables['author']).'\', '
|
|
267 |
. '`license`=\''.mysql_real_escape_string($aVariables['license']).'\'';
|
|
266 |
. '`author`=\''.$this->_oDb->escapeString($aVariables['author']).'\', '
|
|
267 |
. '`license`=\''.$this->_oDb->escapeString($aVariables['license']).'\'';
|
|
268 | 268 |
if(!$this->_oDb->query($sql)) { |
269 | 269 |
|
270 | 270 |
$sMsg = $this->_aLang['GENERIC_NOT_UPGRADED'].' ['.$this->_sNewThemeDir.'/info.php]'; |
Also available in: Unified diff
! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()