Project

General

Profile

« Previous | Next » 

Revision 1868

Added by Dietmar over 11 years ago

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

View differences:

save.php
45 45 
	$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU';
46 46 
    $content = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $content);
47 47 
	// searching in $text will be much easier this way
48 
    $content = mysql_real_escape_string ($content);
48 
    $content = WbDatabase::getInstance()->escapeString ($content);
49 49 
	$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0);
50 50 
	$sql  = 'UPDATE `'.TABLE_PREFIX.'mod_wysiwyg` ';
51 51 
	$sql .= 'SET `content`=\''.$content.'\', `text`=\''.$text.'\' ';

Also available in: Unified diff