Revision 1868
Added by Dietmar almost 12 years ago
| CopyTheme.php | ||
|---|---|---|
| 97 | 97 |
private function _SanitizeNewName($sName) |
| 98 | 98 |
{
|
| 99 | 99 |
$sName = (trim($sName) == '' ? 'MyNewTheme' : $sName); |
| 100 |
$sName = mysql_real_escape_string($sName);
|
|
| 100 |
$sName = $this->_oDb->escapeString($sName);
|
|
| 101 | 101 |
$iCount = ''; |
| 102 | 102 |
do {
|
| 103 | 103 |
$sSearch = $sName.($iCount ? ' '.$iCount : ''); |
| ... | ... | |
| 260 | 260 |
. '`function`=\'theme\', ' |
| 261 | 261 |
. '`directory`=\''.$aVariables['directory'].'\', ' |
| 262 | 262 |
. '`name`=\''.$aVariables['name'].'\', ' |
| 263 |
. '`description`=\''.mysql_real_escape_string($aVariables['description']).'\', '
|
|
| 263 |
. '`description`=\''.$this->_oDb->escapeString($aVariables['description']).'\', '
|
|
| 264 | 264 |
. '`version`=\''.$aVariables['version'].'\', ' |
| 265 | 265 |
. '`platform`=\''.$aVariables['platform'].'\', ' |
| 266 |
. '`author`=\''.mysql_real_escape_string($aVariables['author']).'\', '
|
|
| 267 |
. '`license`=\''.mysql_real_escape_string($aVariables['license']).'\'';
|
|
| 266 |
. '`author`=\''.$this->_oDb->escapeString($aVariables['author']).'\', '
|
|
| 267 |
. '`license`=\''.$this->_oDb->escapeString($aVariables['license']).'\'';
|
|
| 268 | 268 |
if(!$this->_oDb->query($sql)) {
|
| 269 | 269 |
|
| 270 | 270 |
$sMsg = $this->_aLang['GENERIC_NOT_UPGRADED'].' ['.$this->_sNewThemeDir.'/info.php]'; |
Also available in: Unified diff
! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()